European telcos plan network ID venture to deliver
European telcos plan network ID venture to deliver targeted online ads. Europe’s biggest telecom operators are setting up a joint venture to support a new form of targeted advertising, based on a customer’s network subscription. targeted online ads
Following trials last year in Germany, European telcos are moving forward with a plan to establish a joint venture to provide opt-in “personalized” ad targeting of regional mobile network consumers. However, it is yet unclear whether European Union officials will approve of their proposal.
In a filing submitted to the European Commission’s competition division, Germany’s Deutsche Telekom, France’s Orange, Spain’s Telefónica and the UK’s Vodafone set out the proposed concentration to create a jointly controlled and equally owned joint venture — to offer “a privacy-led, digital identification solution to support the digital marketing and advertising activities of brands and publishers,” as they describe the proposed “first party” data ad-targeting infrastructure.
The decision about whether or not to approve the joint venture (JV) and, consequently, permit the carriers to proceed with a commercial launch, must be made by the Commission by February 10.
A Vodafone spokesman declined to comment on a prospective launch date and said the operators are not in a position to speak on the envisaged JV at this time while the Commission decides whether to approve the initiative. They said that assuming Brussels gives the telcos the go-ahead to collaborate on the infrastructure for mobile ad targeting, public messaging on the project will occur after approval.
During the first testing in Germany last summer, information regarding the carriers’ plan to go into tailored ad-targeting became available. At the time, Vodafone indicated they would be depending on user agreement to the data processing and that the technology was a “cross-operator infrastructure for digital advertising and digital marketing.” The initial name of the project was “TrustPid” (but if it flies, expect that clunky label to be replaced with some slicker marketing).
The telco ad-targeting proposal quickly landed on the radar of a privacy watcher, who raised concerns about the legal basis for processing mobile users’ data for ads — given the European Union’s comprehensive data protection and privacy laws, and given existing microtargeting adtech (which also relies on a claim of user consent), was found in breach of the General Data Protection Regulation in February last year.
The project also faced some early attention from data protection authorities in Germany and Spain. We’re told engagement with regulators led to some tweaks to how the telcos proposed to gather consent — to make the process more explicit.
Declaring that “explicit user consent” (obtained through an opt-in) is the intended legal foundation for the targeting, the telcos’ filed proposal requesting the formation of a JV, dated January 6, 2023, writes: Subject to explicit user consent provided to a brand or publisher (on an opt-in basis only), the JV will generate a secure, pseudonymized token derived from a hashed/encrypted pseudonymous internal identity linked to a user’s network subscription which will be provided by participating network operators. This token will allow the brand/publisher concerned to recognize a user without revealing any directly identifiable personal data and thereby enable them to optimize the delivery of online display advertising and perform site/app optimization. Users will have access to a user-friendly privacy portal. They can review which brands and publishers they have given consent to, and withdraw their consent.
A spokesperson for one of the involved carriers (Vodafone UK) explained their strategy and acknowledged that the plan is to rely on pop-ups to obtain consumers’ agreement. Therefore, it appears premature for anyone to have hoped that the end of third-party cookie tracking would bring an end to consent spam.
A first-party data-based alternative to the (still, for now) ubiquitous tracking cookie also requires a legal basis to process people’s data for marketing — and alternatives to consent look increasingly tricky given ongoing guidance (and enforcement) by EU data protection regulators, such as the massive fine this month for Meta for trying to claim contractual necessity for processing user data for ads; or the warnings TikTok attracted last year when it sought to switch from consent to a claim of legitimate interest for its “personalized ads” — a move it was forced to back away from.
However, using consent as the legal justification for “tailored ads” is no walk in the park: Last year, the GDPR concluded that the IAB’s Transparency and Consent Framework (TCF), which is based on a claim of consent to third-party ad monitoring, was in violation (as was the IAB Europe). Additionally, the Belgian DPA gave the adtech sector a strict reform directive. The tracking-ads status quo, however, continues as of right now, zombie-like, until a definitive judicial judgment.
The distinction the four telcos behind the proposed JV are seeking to claim for their proposal for consent-based ad targeting — versus current-gen (legally clouded) adtech targeting — is, firstly, that it’s based on first-party data (the claim for the TrustPid project is no syncing and/or enriching of the individual-linked targeting tokens is allowed or possible between participating advertisers). So it’s not the kind of consentless-by-design background “superprofiling” of users that’s landed current-gen adtech into such legal (and reputational) hot water. The proposed tracking is siloed per brand/advertiser — with each needing to gain upfront consent from their own users and only able to target against data points they gather. (Plus we’re told user-linked tokens would be cycled regularly, with the initial proposal being to reset them every 90 days.)
Secondly, the telcos are proposing to put contractual limits on participants — such as requiring that no special category data (e.g., health data, political affiliation) can be attached by an advertiser as a targetable interest to a user-linked token. They also want the JV to have the final say on the language/design of consent pop-ups (which they say will offer users a top-level refusal, rather than burying that option as routinely happens with cookie consent pop-ups). And they say they will audit all participating websites on a regular basis.
There is a third check: a portal where mobile users can view (and revoke) any consents they have provided to individual brands/publishers to use their first-party data for ads — and that, we’re told, will provide an option that lets mobile users block the entire system (so a hard opt-out). Although we understand it’s not currently the case (in the trial) that users who apply such a block are prevented from receiving pop-ups asking for their consent to the ad targeting — so, again, consent spam and consent fatigue look set to continue. (And, well, could plausibly multiply as consent gets unbundled — that is, if the system takes off with lots of brands and advertisers.) At least, unless or until they can figure out an appropriate legal basis that does not require ongoing pestering of users who already denied consent with pop-ups.
If the telcos’ JV gets the green light from the Commission, scrutiny on the project will of course dial up — and close attention to technical (and contractual) details may well throw up fresh concerns. So it’s too soon to judge whether the approach will/would pass muster with regulators and privacy experts.
Users of mobile networks themselves may also become frustrated if they find themselves suddenly confronted with a new, obtrusive layer of consent spam while using a service that they have paid telcos to supply them with—browsing the mobile web. Thus, there may not be much room for additional consent spam.
Moreover, convincing mobile users to actually opt into ads — assuming they are indeed provided with a genuinely free (and fair/non-manipulative) choice to deny tracking, rather than being forced or bamboozled into it as has been the dark pattern rule for years — presents a major barrier for uptake. Plenty of people will deny tracking if they are actually asked about it (see, for example, the impact of Apple’s App Tracking Transparency requirement on third-party iOS apps’ ability to track users).
So even if the telcos are allowed to build their ad targeting JV, there’s no guarantee mobile users on their networks will agree to play ball.
Still, if this flies, there could be a chance for brands to win web users over with a fresh approach. Being transparently upfront about wanting to process people’s personal data for ads — and, potentially, also able to offer incentives for users to agree — offers an opportunity to do things differently versus a creepy status quo that can’t clearly explain how people’s data got sucked up, where it may have ended up, or what’s really been done with it.
Therefore, a direct approach could offer a way for smarter brands to improve their ties with devoted customers by making plain requests rather than using covert surveillance.