A joint venture (JV) between four big European carriers to build cross-network ad-targeting infrastructure — which they claim will rely on “affirmative” consent to target mobile and/or fixed network subscribers with “personalized” ads across participating brands/publishers’ sites — has been given the green light to proceed by the European Commission’s antitrust division in a decision announced Friday.
The Commission concluded the transaction between the carriers to create a JV would raise no competition concerns.
However its press release is careful to note that the competition sign-off does not mean the project will pass muster with the EU’s data protection regulators, writing: “During its investigation, the Commission has been in contact with data protection authorities. Data protection rules are fully applicable, irrespective of the merger clearance.”
The plan is likely to be closely watched from that side as the JV works to launch a commercial ad network targeting European eyeballs — since data protection regulators and privacy campaigners already raised concerns during a testing phase last year.
Germany’s Deutsche Telekom, France’s Orange, Spain’s Telefonica and the UK’s Vodafone are the four horsemen involved in the bid to capitalize on high level changes to the third party tracking cookie status quo to spin up ad revenue by creating cross-operator ad-targeting infrastructure focused on first party data.
They have said the proposed ad-targeting will rely on explicit consent from mobile and Internet subscribers agreeing that their personal data can be used by a particular brand or advertiser to target them with marketing. Hence they are claiming the adtech infrastructure will be “privacy led” and also say it will focus on transparency for consumers in how brands are “communicating” with them — in a bid to contrast the approach with the murky world of third party cookie tracking that’s baked into the mainstream web (but is also, now, in a process of ‘evolution’ toward something adtech giant Google claims will also be “more private“).
Following the Commission’s green light on Friday, the quartet of telcos said in a statement they will form a joint venture for “the implementation of a privacy-by-design digital marketing technology platform in Europe that could benefit consumers, advertisers and publishers alike” — each taking a 25% stake in the JV company. The latter will be based in Belgium and run by “independent management under the oversight of a shareholder-appointed supervisory board”, they added.
Discussing the cross-network ad-targeting proposal with TechCrunch earlier this year, Vodafone — which launched the project and led the testing phase last year — said the plan is for pseudonymized targeting tokens to be linked to a mobile user’s network subscription and shared with participating brands/publishers without revealing any directly identifiable personal data; and without participating advertisers being able to further sync or enrich data to flesh out fuller profiles.
It also specified that the JV will apply contractual limits on advertisers (such as prohibiting special category data from being used for targeting); and conduct regular audits of participants. While it said the system will be engineered so the tokens reset after a period of time to protect against reverse engineering (the initial proposal is for this period to be three months).
The “affirmative opt-in” user consent to the tracking and targeting will be sought via pop-ups as mobile users browse the web, per Vodafone. It also told us in January that the plan is for the JV to retain the final say on the language used in these consent pop-ups — i.e. as another high level check on participants’ behavior.
“The platform has been designed from the outset to be compliant with European data protection policy such as GDPR [General Data Protection Regulation] and the ePrivacy directive,” the four carriers also claimed Friday. “The partners have already initiated a trial in Germany. Other trials are being considered in France and Spain to further develop the platform and it is intended to make it available to any operator within Europe.”
While the telcos’ subscribers look set to be bothered by a fresh wave of consent pop-ups, Vodafone previously told us users will also be able to manage any consents they have given to brands/publishers via a central portal that will also contain an option letting users block the whole system.
Although it remains to be seen whether finding and flicking a centralized ‘off switch’ will actually spare carriers’ customers from being mobbed with yet more pop-ups nagging them to turn it back on as they browse the Internet via the connectivity they’re already paying actual money for.
The quality of the claimed consent and wider issues of legal basis should merit close attention by the EU’s data protection regulators — who’ve already spent years fumbling a response to the privacy incursions of tracking ads. (Which, in turn, has led to complaints and litigations piling up. And, more recently, to regional lawmakers feeling compelled to step in to force reforms on such widespread law-breaking. So the enforcement gap has by no means been a vacuum.)
The plan by European telcos to step into an opportunity gap left by tracking cookies finally reaching the end of the road — at least so far as ‘official’ support in Google’s Chrome browser goes (although it’s important to note the adtech giant is working on its own alternative targeting infrastructure, aka its Privacy Sandbox plan) — is also likely to draw scrutiny from eagle-eyed privacy campaigners.
Such as noyb, a not-for-profit that’s gained a reputation for turning modest resources into major privacy wins over the last few years and has made tracking-ads (and their cynically non-compliant ‘consent’ pop-ups) a big area of focus for action — putting the squeeze on some of the most egregious episodes of adtech data-theft and dark patterns.
Any fresh wave of telco-powered pop-ups would — therefore — present a compelling target for new legal complaints. (A spokeswoman for noyb told us it’s looking at the JV project and has not yet taken any decisions on any actions it may take.)
For now, there’s no launch timeline attached to the telcos’ “technological solution for digital advertising in Europe”, as they bill the tracking ads redux plan.
On Friday, all they said on that front was that the JV will “outline its vision and strategy in due course, including its plans for adopting the trial technology commercially”.
It’s possible more public discussion will emerge at the upcoming GSMA Mobile World Congress (MWC) conference, which kicks off later this month in Barcelona, where reps from all four telcos are scheduled to speak at a number of keynotes and panel discussion sessions. Although they may also opt for a quieter route — via in-person networking and closed door meetings — to further their goal of scaling participation to carriers all over Europe.
Offering a preview of how the four founding telcos might pitch the adtech infrastructure to regional peers, in their statement on Friday they wrote: “The trial platform requires affirmative opt-in consent by the consumer to activate communications from brands via publishers. The only data that is shared is a pseudo-anonymous digital token that cannot be reverse-engineered. Consumers are free to opt in or deny consent with a single click, as well as revoke any other consents given either on the brand’s or publisher’s website, or via a dedicated, easily accessible privacy portal.”
Making a tacit swipe at US adtech giants like Google, they added: “The platform is specifically designed to offer consumers a step change in the control, transparency and protection of their data, which is currently collected, distributed and stored at scale by major, non-European players.”