Portal to Privacy: Complying With Regulations

Publishers are frantically preparing for the launch of the California Consumer Privacy Act on Jan. 1, 2020—and trying not to lose sleep over the looming EU ePrivacy Directive updates. But they’re alone in that effort—programmatic intermediaries like 33Across have heard the data privacy call and are ensuring they not only complying with privacy regulations, but also applying consumer preferences in a speedy and efficient fashion.

“If you’re serious about embracing the spirit of GDPR, it ultimately comes down to providing as much control and transparency for the consumer as possible,” comments 33Across CEO Eric Wheeler.

I caught up with Wheeler to understand the motivation behind 33Across’ recently introduced User Data Portal as well as the IAB’s revised Transparency and Consent Framework (TCF), and where publishers may get stymied by CCPA.

GAVIN DUNAWAY: What was the inspiration for building the User Data Portal? Did you feel other programmatic players weren’t doing enough?

ERIC WHEELER: There were really two factors that led us to develop the User Data Portal:

The first was a broader privacy-by-design initiative, which meant that we were looking to eliminate all unnecessary consumer data collection throughout our business. Asking consumers to submit a GDPR request form with their personal data obviously runs contrary to this. Also, holding less data overall means that it’s easier for us to show consumers the data we do have via a simple portal.

The second factor was a general regard for the user experience. Submitting a form or sending an email to a vague alias only to wait 30 days isn’t a great experience, which is the common solution for most ad tech providers today. We wanted to provide a seamless and transparent experience where consumers can see their data and immediately take action with simple click.

GD: How will consumers actually gain access? Where will 33Across highlight this offering?

EW: Today, all users who reside in the European Economic Area (EEA) can access the portal from our European privacy policy page, or directly from the following URL:  https://33across.co.uk/user-data-portal/

GD: The User Data Portal is in alignment the IAB EU’s TCF… and the EU pooh-poohed version 1.0. Why will 2.0 not meet the same fate?

While TCF may not be perfect, unifying the industry around a common framework for transmitting consent will help eliminate interoperability issues and lower the cost of compliance for all participants. TCF 2.0 continues to move the ball forward on this front. We’re also seeing big players like Google commit to TCF compliance by early next year, which provides even more incentive for broader integration across the ad tech ecosystem.

GD: Where do you think CCPA’s opt-out system will cause challenges for publishers and programmatic partners?

EW: CCPA’s approach does present some new challenges for publishers and their programmatic partners. Specifically, the requirement that consumers be able to opt out of the sale of their personal information to third parties.

While this may seem straightforward for those doing more traditional data brokerage, the way both “sale” and “personal information” are defined could create challenges across a broad spectrum of activities—from reporting audience data to ad buyers, to utilizing certain types of machine learning, and even the use of services like fraud detection.

As we’ve seen, CCPA has started a trickle-down effect as other states begin to come forward with their own regulation. In general, compliance will consume a lot of time and resources as all parties will need to ensure that they are operating in accordance with an overlapping thicket of regulations.