European carriers file to create joint venture for opt-in ad targeting of mobile users • TechCrunch

European telcos are moving ahead with a plan to create a joint venture to offer opt-in ‘personalised’ ad targeting of regional mobile internet users following trials in Germany last year. Although it remains to be seen whether EU regulators will sign off on their plan.

In an application sent to the European Commission’s competition division (discovered earlier by Politico), Germany’s Deutsche Telekom, France’s Orange, Spain’s Telefonica and Britain’s Vodafone set out the proposed concentration to create a jointly controlled and equally owned joint venture – to offer “a privacy-led , digital identification solution to support the digital marketing and advertising activity of brands and publishers,” as they describe the proposed “first-party” data targeting infrastructure.

The Commission has until 10 February to make a decision on whether to approve the joint venture (JV), and therefore whether to allow the carriers to proceed with a commercial launch.

A spokesman for Vodafone said the telcos are not in a position to comment on the proposed JV at this stage while the commission considers whether to approve the initiative. And wouldn’t be drawn on a potential launch timeframe. They suggested that public announcements about the project would follow approval – provided the telcos get the green light from Brussels to collaborate on the mobile ad targeting infrastructure.

Details of the plan for the operators to dive into personalized ad targeting emerged last summer during initial trials in Germany. The technology was then described as a “cross-operator infrastructure for digital advertising and digital marketing” – and Vodafone said it would rely on user consent for data processing. The project was also given the initial moniker “TrustPid” (though if it flies, expect that clumsy label to be replaced with some slicker marketing).

The telco ad targeting proposal quickly landed on the radar of the privacy watchdog who raised concerns about the legal basis for processing mobile users’ data for ads – given the EU’s extensive data protection and privacy laws; and given existing microtargeting adtech (which also relies on a requirement for user consent) was found in breach of the General Data Protection Regulation last February.

The project also received early attention from the data protection authorities in Germany and Spain. We’re told that engagement with regulators led to some adjustments to how the telcos proposed to obtain consent – to make the process more explicit.

The telcos’ submission of applications proposing to create a JV, which is dated 6 January 2023, confirms that “explicit user consent” (via an opt-in) is the intended legal basis for the targeting, and writes:

Subject to explicit user consent given to a brand or publisher (on an opt-in basis only), the JV will generate a secure, pseudonymized token derived from a hashed/encrypted pseudonymous internal identity associated with a user’s network subscription that will be provided by participating network operators. This token will allow the affected brand/publisher to recognize a user without revealing any directly identifiable personal information and thus enable them to optimize the delivery of online display advertising and perform website/app optimization. Users will have access to a user-friendly privacy portal. They can review which brands and publishers they have given consent to, and withdraw their consent.

A representative of one of the telcos involved (Vodafone) discussed their approach, confirming that the intention is to rely on obtaining consent from users via pop-ups. So if anyone was hoping that the demise of third party cookie tracking would knock consent spam on the head that seems premature.

A first-party data-based alternative to the (still, for now) ubiquitous tracking cookie also requires a legal basis to process people’s data for marketing – and alternatives to consent look increasingly difficult given ongoing guidance (and enforcement) by EU data protection regulators, such as the massive fine this month for Meta to try to assert contractual necessity to process user data for ads; or the warnings TikTok attracted last year when it tried to switch from consent to a legitimate interest requirement for its “personalised” ads – a move it was forced to back off.

Consent as the legal basis for “personalised ads” is no picnic either: the IAB’s Transparency and Consent Framework (TCF) – which relies on a requirement to consent to third-party ad tracking – was found in breach of the GDPR last year ( as was IAB Europe itself ). And the Belgian DPA gave the adtech industry a tough reform mandate. Admittedly, for now, the status quo of the tracking ads continues, zombie-like – pending a final legal settlement.

The difference the four telcos behind the proposed JV seek to claim for their proposal for consent-based ad targeting – versus current-generation (legally clouded) adtech targeting – is, first, that it is based on first-party data (the requirement for the TrustPid project is no synchronization and/or enrichment of the individual associated targeting tokens is permitted and/or possible between participating advertisers). So it’s not the kind of “super-profiling” of users in the background without consent that has gotten current-gen adtech into such legal (and reputational) hot water. The proposed tracking is set up on a per-brand/advertiser basis – with each needing to obtain prior consent from their own users and can only target data points they collect. (Additionally, we’re told that user-associated tokens will be cycled regularly, with the initial proposal to reset them every 90 days.)

Second, the telcos propose placing contractual restrictions on participants — such as requiring that no special category data (eg, health data, political affiliation, etc.) can be linked by an advertiser as a targetable interest to a user-linked token. They also want JV to have the final say on the language/design of consent pop-ups (which they say will give users a top-level opt-out, rather than burying that option as routinely happens with cookie consent pop-ups ). And they say they will audit all participating sites on a regular basis.

There’s a third control: A portal where mobile users can see (and revoke) any consents they’ve given to individual brands/publishers to use their first-party data for ads — and which, we’re told, will provide an option that allows mobile users to block all the system (then a hard logout). While we understand that it is not currently the case (in the trial period) that users using such a block are prevented from receiving pop-ups asking for their consent to ad targeting – again, consent spam and consent fatigue appear to persist. (And, well, could probably be more as consent is distributed – ie, if the system takes off with lots of brands and advertisers.) At least, unless or until they can figure out a suitable legal basis that doesn’t require constant pestering of users who already refused consent with pop-ups.

If the telecom companies’ JV gets the green light from the commission, scrutiny of the project will of course be called – and careful attention to technical (and contractual) details may well create new concerns. So it is too early to judge whether the approach will/will pass muster with regulators and privacy experts.

There could also be friction from mobile internet users themselves – if they suddenly find they’re facing a fresh, annoying layer of consent spam when surfing the mobile internet, a service they pay the telcos to provide after all. So the tolerance for spam with extra consent can be very low.

Also, convincing mobile users to actually opt-in to ads – assuming they are actually provided with a genuinely free (and fair/non-manipulative) choice to refuse tracking, rather than being coerced or confused into what has been the dark the pattern rule for years — constitutes a major barrier to admission. Many people will refuse tracking if actually asked about it (see, for example, the impact of Apple’s app tracking transparency requirements on the ability of third-party iOS apps to track users).

So even if the telcos are allowed to build their ad targeting JV, there’s no guarantee that mobile users on their networks will agree to play ball.

Still, if this takes off, it could be a chance for brands to win over online users with a new approach. Being upfront about wanting to process people’s personal data for ads – and potentially also able to offer incentives for users to agree – offers an opportunity to do things differently versus a scary status quo that can’t clearly explain how people’s data was sucked up, where it might have ended up, or what was actually done with it.

An upfront approach can thus provide a way for experienced brands to deepen their relationships with loyal customers by asking simple questions, not resorting to stealth monitoring.

Leave a Reply

Your email address will not be published. Required fields are marked *