-
I know this is not what it directly means, but this does make me think of my biggest issue w/ iab / IABEurope's TCF consent transmission standard, the so-called "consent string". Because TCF strings are encoded, normal humans can't confirm their own consent settings easily... IvanaBartoletti/1397521016306421760Permalink On twitter.com
❤️ 10 Favorites
Mood +6 🙂
-
I understand the technical needs it addresses by being encoded, there is a lot of data & it all needs to fit. But I think that's an argument against the complexity of TCF, not a good reason. Average non-technical humans should be able to tell what consent settings are transmittedPermalink On twitter.com
♻️ 1 Retweets
Mood +6 🙂
-
I don't often compliment the IAB, but one of the things that made me like the CCPA "USP" consent string standard they developed was that the data about user consent was saved and transmitted in a clear legible format that any user could see on every network request and confirm.Permalink On twitter.com
❤️ 1 Favorite
Mood +11 🙂
-
I think one of the most disappointing things about the currently in-progress proposal to unify the two standards into GPP/TCF3 is that they would move the CCPA consent string into the encoding process, obscuring it from general users...Permalink On twitter.com
❤️ 1 Favorite
Mood 0
-
I know this is a *very* arbitrary line in the sand, but IAB consent standards are built on a basis that all data is sent downstream & each consumer of the bid stream is expected to decode the consent string and respect whatever setting works for them not consuming available dataPermalink On twitter.com
❤️ 1 Favorite
Mood +6 🙂
-
Because settings are individual, it's very difficult to imagine a regulator or auditor being able to verify that downstream systems are indeed not consuming the data they are being told not to consume. The IAB is developing an accountability standard to make this easier but...Permalink On twitter.com
❤️ 1 Favorite
Mood -1 🙁
-
Past reporting on the consent string has brought forward sources who have been clear that intermediary systems have illegally (and in this case, I *mean* breaking the law) consumed user data against the consent string's expressed user preference...Permalink On twitter.com
❤️ 1 Favorite
Mood +2 🙂
-
The last line of defense for any user is to look at a network request, see their consent preference was correctly transmitted, and then make assumptions on the basis of the ads they are seeing as to if they need to report a violation, but encoding the consent makes this very hardPermalink On twitter.com
♻️ 1 Retweets
❤️ 1 Favorite
Mood +1 🙂
-
Proposed accountability measures don't really address this, it doesn't make it accountable to an average user, just to highly technically adept regulators or auditors... which--I dunno--have really yet to appear? And ad systems have shown the ability to camouflage bad activityPermalink On twitter.com
❤️ 1 Favorite
Mood -1 🙁
-
In reality, the only way to make any accountability in the ad system is to make every ad request accountable to the user to whom it is presented. Change to ad systems behaviors has entirely been driven by specific per-user-built advocacy...Permalink On twitter.com
♻️ 1 Retweets
❤️ 3 Favorites
Mood 0
-
This includes: themarkup monitoring users' Facebook ads; nandoodles work on brand safety; and a host of advocates and reporters who have sat down and looked at what ads were appearing where and were able to identify vendors and name and ask why...On twitter.com
❤️ 2 Favorites
Mood +1 🙂
-
But generally, there are not easy equivalent mechanisms for examining what happens with your consent signals in the EEA. It requires significant lift to decode, tie specific signals and purposes to specific vendors, etc...Permalink On twitter.com
Mood +2 🙂
-
And in the case of both EEA and CA, there is no real way to see who consumes your data while ignoring your consent signal. The encoding on TCF doesn't encode *your data* it just encodes *your consent*. I don't generally think that is the right approach.Permalink On twitter.com
❤️ 1 Favorite
Mood +3 🙂
-
I worry the proposed new consent string standards coming out of the Rearc work at IABTechLab, while well-intentioned, are just taking us further down this wrong path. It puts a burden on the consumer to manage and monitor their own consent, when it should be making it easier...Permalink On twitter.com
❤️ 1 Favorite
Mood -3 🙁
-
I think developments in both the legal understanding of GDPR & legislative changes to CCPA are challenging some of the IAB assumptions on compliance & it might be a good idea to step back and reconsider how we want to better enable users to become their own advocates and auditorsPermalink On twitter.com
❤️ 1 Favorite
Mood +7 🙂
-
I think we need to likely reconsider our approach to put *users* as the primary consumer of consent. They have shown an interest and a hunger to be part of the process and consent transmission should make their consumption of a signal the highest priority...Permalink On twitter.com
Mood +3 🙂
-
And I think that as it becomes clearer to users a whole host of use cases arise around playing that consent signal back to the user at ever step of the process that is accessible to them from within their browser to confirm all players are following the rules.Permalink On twitter.com
❤️ 1 Favorite
Mood +3 🙂
-
Ad tech has generally not considered legibility to users as a major factor when building standards, but the more I think about it the more I think it should be the highest priority. There is no other entity more incentivized to hold players accountable.Permalink On twitter.com
Mood -1 🙁
-
I think that maybe the TCF/GPP approach is inherently flawed. I think it may need to go back to the drawing board and reconsider what it means to use this signal as a tool to enable user activism. Especially with UUIDs rising to make the process more tied to individuals.Permalink On twitter.com
Mood -3 🙁
-
If ad tech wants to make individual targeting a more regular part of advertising technology, it should be accompanied by rising individual empowerment to make choices across the bidstream and all entities that consume it.Permalink On twitter.com
❤️ 2 Favorites
Mood +2 🙂
-
I also continue to be troubled by current process, which isn't to withhold the initial transmission of user data on lack of consent. Instead data is always transmitted & downstream providers are required to be trustworthy & auditable, neither of which has been true in the pastPermalink On twitter.com
❤️ 4 Favorites
Mood 0