Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The biggest privacy story of 2024 is actually about something that No state.
TO shock some and knowledgeable, somewhat smug said-ya-so nods from others, Google announced in the summer that it is canceling its long-term plan to end support for third-party cookies in Chrome.
Instead of getting rid of them, Google will now introduce what Anthony Chavez, VP of Privacy Sandbox, referenced in July blog post as a “new experience”. New experience? How exciting.
The mechanism will allow people to “make an informed choice that applies to their web browsing history,” Chavez wrote.
Meanwhile, development of the Chrome Privacy Sandbox API continues apace.
But if the steep decline in the number of cookie-related proposals in my inbox since July is any indication, the urgency among ad tech vendors, publishers and advertisers to test Sandbox has all but died out.
“Marketers who rely on programmatic ad buying are taking a bit of a breather,” says Mike Froggatt, analyst and senior director at Gartner.
But the postponement is only a postponement of performance. Signal loss is real.
Nevertheless, the Privacy Sandbox no longer dominates the headlines. I’m even considering turning off the Google alert for “Privacy Sandbox” – and maybe creating one for “Andrew Ferguson”. He is the current Republican commissioner of the FTC and President-elect Donald Trump has chosen Lina Khan to replace chairwoman.
But cookies aside – and don’t forget to leave some real ones for Santa – 2024 saw many other big privacy changes that we predict will continue to be big stories in 2025. Here are some of the highlights.
PET projects
Over the past few years, privacy-enhancing technologies have steadily moved from the theoretical to the practical.
All major advertising platforms have invested in PETs; and The IAB Tech Lab has a working group dedicated to PETsand all APIs in Chrome Privacy Sandbox are built on different PETs.
I’m sure readers of this newsletter are familiar with the concept, but it’s worth defining the terms.
PET is a solution that can perform complex data processing functions without disclosing information at the individual, household, or personal user level to unauthorized parties. Simply put, it’s a technology designed to support privacy from the start, rather than jury-rigging protections.
One example is different privacywhich adds carefully calibrated and random “noise” to the data set to hide individual data points. Another is secure multi-party computation, which is a cryptographic technique that allows multiple parties to analyze data together while maintaining the privacy of inputs. This is what most data clean spaces are built on.
PETs will only become more common in the next year and years to come, especially as regulators continue to scrutinize and pressure the digital advertising industry.
But it’s also important to keep this in mind: PETs are not a cure-all.
The Federal Trade Commission recently made this very clear.
Not so clean rooms
In a blog post published in NovemberThe FTC warned that despite their potential benefits, data-cleaning spaces do not automatically preserve privacy.
Actually “close examination of DCR” – I refuse to recognize the acronym, but this is quote, so let’s move on – “provides an evergreen lesson: while privacy-enhancing technologies cannot protect privacy by themselves, and while they address some privacy risks, they can contribute to others.”
For example, if data storage is not configured correctly, it could set the stage for unauthorized data sharing and increase the risk of leaks and breaches.
Meanwhile, all too often “the data that gets into the clean room is dirty,” as in “discordant, inaccurate, unreliable, and possibly even illegal,” says Jamie Barnard, CEO of privacy software company Compliant.
“If there is too much trust, too little verification and sloppy control, there is a serious risk of cross-contamination and leakage,” says Barnard. “Plus, if it all happens inside a black box, the parties may forget about the damage until it’s too late.”
But the FTC isn’t oblivious and doesn’t take the company’s privacy claims at face value.
As the agency’s staff said in a blog post: “Liability for violations of the FTC Act is not magically mitigated by smart technology.”
They fight with words – but will this fight continue?
Business locations
With a Republican majority under Trump, the FTC is poised to change its focus and enforcement priorities.
The Commission will continue to actively pursue consumer protection and privacy because that is its mandate. But expect a reduction in the amount of rulemaking, more sympathy for the business community, and a shift away from pejorative terminologysuch as “commercial tracking” and “tracking advertising”.
Still, it’s hard to say exactly what we’ll see in terms of privacy enforcement over the next four years.
Andrew Ferguson, Trump’s nominee for chairman, in his current role as commissioner, has voted to at least partially support all privacy-related actions since taking office in April, including issuing FTC staff examines data practices of social media and video streaming services and the FTC settlement with Gravy Analytics and Mobilewalla.
But on his pitch to Trump to serve as chairman — the the memo was leaked and obtained by Punchbowl News – Ferguson he wrote that under his leadership the agency “will stop abusing [its] by law enforcement as a substitute for comprehensive privacy legislation.”
So I guess we’ll just have to wait and see. 🤷♀️
🙏 Thanks for reading! The most consistent feedback I’ve gotten this year is that people like cat videos. I rarely get comments on the articles themselves, just reactions to the cat stuff. And I’m fine with that. Hopefully that means people read (or at least scroll) to the end. 😹
This is the last issue of 2024 so let me wish you all a very happy new year and I hope you have planning something fun. As always feel free to drop me a line [email protected].