Chronotope’s avatarChronotope’s Twitter Archive—№ 134,034

                                        1. I know this is not what it directly means, but this does make me think of my biggest issue w/ iab / IABEurope's TCF consent transmission standard, the so-called "consent string". Because TCF strings are encoded, normal humans can't confirm their own consent settings easily... IvanaBartoletti/1397521016306421760
                                      1. …in reply to @Chronotope
                                        I understand the technical needs it addresses by being encoded, there is a lot of data & it all needs to fit. But I think that's an argument against the complexity of TCF, not a good reason. Average non-technical humans should be able to tell what consent settings are transmitted
                                    1. …in reply to @Chronotope
                                      I don't often compliment the IAB, but one of the things that made me like the CCPA "USP" consent string standard they developed was that the data about user consent was saved and transmitted in a clear legible format that any user could see on every network request and confirm.
                                  1. …in reply to @Chronotope
                                    I think one of the most disappointing things about the currently in-progress proposal to unify the two standards into GPP/TCF3 is that they would move the CCPA consent string into the encoding process, obscuring it from general users...
                                1. …in reply to @Chronotope
                                  I know this is a *very* arbitrary line in the sand, but IAB consent standards are built on a basis that all data is sent downstream & each consumer of the bid stream is expected to decode the consent string and respect whatever setting works for them not consuming available data
                              1. …in reply to @Chronotope
                                Because settings are individual, it's very difficult to imagine a regulator or auditor being able to verify that downstream systems are indeed not consuming the data they are being told not to consume. The IAB is developing an accountability standard to make this easier but...
                            1. …in reply to @Chronotope
                              Past reporting on the consent string has brought forward sources who have been clear that intermediary systems have illegally (and in this case, I *mean* breaking the law) consumed user data against the consent string's expressed user preference...
                          1. …in reply to @Chronotope
                            The last line of defense for any user is to look at a network request, see their consent preference was correctly transmitted, and then make assumptions on the basis of the ads they are seeing as to if they need to report a violation, but encoding the consent makes this very hard
                        1. …in reply to @Chronotope
                          Proposed accountability measures don't really address this, it doesn't make it accountable to an average user, just to highly technically adept regulators or auditors... which--I dunno--have really yet to appear? And ad systems have shown the ability to camouflage bad activity
                      1. …in reply to @Chronotope
                        In reality, the only way to make any accountability in the ad system is to make every ad request accountable to the user to whom it is presented. Change to ad systems behaviors has entirely been driven by specific per-user-built advocacy...
                    1. …in reply to @Chronotope
                      This includes: themarkup monitoring users' Facebook ads; nandoodles work on brand safety; and a host of advocates and reporters who have sat down and looked at what ads were appearing where and were able to identify vendors and name and ask why...
                  1. …in reply to @Chronotope
                    But generally, there are not easy equivalent mechanisms for examining what happens with your consent signals in the EEA. It requires significant lift to decode, tie specific signals and purposes to specific vendors, etc...
                1. …in reply to @Chronotope
                  And in the case of both EEA and CA, there is no real way to see who consumes your data while ignoring your consent signal. The encoding on TCF doesn't encode *your data* it just encodes *your consent*. I don't generally think that is the right approach.
              1. …in reply to @Chronotope
                I worry the proposed new consent string standards coming out of the Rearc work at IABTechLab, while well-intentioned, are just taking us further down this wrong path. It puts a burden on the consumer to manage and monitor their own consent, when it should be making it easier...
            1. …in reply to @Chronotope
              I think developments in both the legal understanding of GDPR & legislative changes to CCPA are challenging some of the IAB assumptions on compliance & it might be a good idea to step back and reconsider how we want to better enable users to become their own advocates and auditors
          1. …in reply to @Chronotope
            I think we need to likely reconsider our approach to put *users* as the primary consumer of consent. They have shown an interest and a hunger to be part of the process and consent transmission should make their consumption of a signal the highest priority...
        1. …in reply to @Chronotope
          And I think that as it becomes clearer to users a whole host of use cases arise around playing that consent signal back to the user at ever step of the process that is accessible to them from within their browser to confirm all players are following the rules.
      1. …in reply to @Chronotope
        Ad tech has generally not considered legibility to users as a major factor when building standards, but the more I think about it the more I think it should be the highest priority. There is no other entity more incentivized to hold players accountable.
    1. …in reply to @Chronotope
      I think that maybe the TCF/GPP approach is inherently flawed. I think it may need to go back to the drawing board and reconsider what it means to use this signal as a tool to enable user activism. Especially with UUIDs rising to make the process more tied to individuals.
  1. …in reply to @Chronotope
    If ad tech wants to make individual targeting a more regular part of advertising technology, it should be accompanied by rising individual empowerment to make choices across the bidstream and all entities that consume it.
    1. …in reply to @Chronotope
      I also continue to be troubled by current process, which isn't to withhold the initial transmission of user data on lack of consent. Instead data is always transmitted & downstream providers are required to be trustworthy & auditable, neither of which has been true in the past


Search tweets' text