New enforcements in adtech: Who might be left off the board?

All of the most significant challenges that digital advertising faces today are related to transparency and user data. Digital advertising has evolved to the point where it needs almost no human interaction. What it needs now is collected web behavioral data, transactional data, and cultural information in order to merge this all into some kind of a brief that adtech systems can effectively act upon.

With automatic data collection, digital advertising systems find out what your brand’s customers care about, when and where they buy products across various touchpoints and the mediums they consume. This is a big opportunity and a big challenge for advertising at the same time. Ever-increasing safety, privacy, and transparency concerns dictate the new rules according to which companies should operate and apply user information.

From August 27, 2019, Google has started blocking ads from sellers who aren’t listed in app-ads.txt files. GDPR and CCPA regulation, in their turn, delivered new standards according to which companies need to handle user data. Although some changes like app-ads.txt aren’t officially obligatory, it’s time to find out if together they pose a threat to the advertising industry.

What pushes the ad industry towards app-ads.txt

Before we can talk about app-ads.txt, it is important to recall its predecessor, ads.txt. It’s a simple text file that stands for authorized digital sellers. Mobile publishers can add it to the top-level domain of their website, just like they did with the robots.txt file. It lists all the sellers and resellers that are authorized to trade inventory on their behalf. This is what prevents fraudsters from profiteering on their reputation and protects advertisers from buying spoofed or fake inventory.

According to ads.txt trends‘ report, in 99% of cases, Google was on ads.txt file in 2018. The total number of sites with it is expected to multiply 7.1 x year-after-year. But that was the only protection IAB developed for desktop. The mobile environment and OTT (over-the-top TV) also needed a fraud-proof solution suited for their specific environments.

Source

One of the greatest dangers for the mobile environment has always been spoofing: when low-priced inventory is sold to the advertiser as premium. Spoofing the name of the website, fraudsters make advertisers a higher price for impression than it actually is. App-ads.txt makes all the same things ads.txt does for desktop – but this time for mobile. All of the approved monetization partners get listed at app-ads.txt and that’s uploaded to the publisher’s web source, the URL of which is then listed at the app store’s listing metadata.

What does it mean for adtech?

Apparently, file installation is not meant to be difficult, but as a rule, unless the procedure is enforced, the adoption process may become very slow. Google didn’t make the standard obligatory but nevertheless warned – if the publisher does not have app.ads.txt uploaded to their web domain, they will most likely lose an opportunity to sell their inventory as they did before. Since Google already stopped bidding on non-ads.txt sources, ad exchanges, and RTB companies are already facing some drastic revenue drops and sell traffic to Google via a third party or indirect sources. Since Google is the biggest DSP consumer in ad-tech, most partners are also facing a significant decrease.

By default, people think that ad fraud is a problem that brings harm only to advertisers. It’s true, but only partly. Ad fraud poses something at stake for everyone: for advertisers, it is a bot, non-human generated traffic, and for the publisher, it is ad quality and ads with inappropriate content.

Unfortunately, premium inventory first falls prey to fraudsters who search for the juiciest piece of the pie. To prevent oneself from potential revenue loss, companies have no way out but to enforce their ads.txt adoption as soon as possible for the sake of transparency and a better mobile environment for everyone.

GDPR 2.0 and CCPA: Restriction or protection?

The growing need for transparency and safety of information has been propelling the world towards new, updated user privacy legislations. The product of this is the adoption of GDPR (General Data Protection Regulation) by the European Union and CCPA (California Consumer Privacy Act ) by the United States.

Although the legal basis for CCPA was prepared on June 28, 2018, the act isn’t supposed to be enforced by 2020, because it takes a long time for companies to prepare. By that time, everyone who works with Californians’ personal data should be ready to execute their rights for info deletion, management, opting-out and disclosure, considering where the data is being used.

Source

Basically, CCPA is very similar to the GDPR in its purpose to protect the fundamental privacy rights of users. However, having an example of how slowly companies adapted to GDPR, we can expect the same from CCPA. By August 05, 2019, only 11,8 % of companies knew their business would have to comply.

Source

Last year, many of those who actually prepared to GDPR were fined because of failure to interpret regulations correctly. That’s why many companies did it the “lazy way” with only retouching privacy policies. Because of this, IAB recently released Transparency and Consent Framework 2.0. It gives the legislation a little more clarification and enables media sellers with more audition rights when it comes to vendors’ data processing.

What does it mean for adtech?

More and more countries will be developing their own data protection rules. In these circumstances, ad market players face different challenges at once: technical and organizational measures directed towards compliance, partner network audit and – finally – ones related to practical interpretation.

Penalties for violating CCPA regulation rules are far more lenient than sanctions for non-compliance with GDPR: $7500 for each violation officially registered and confirmed (vs. 10 million euros). However, since CCPA regulation in California looks less like a transparency constitution of GDPR but more like a to-do manual, the transition to the new rules is expected to be relatively painless. Those who got the knack with GDPR will easily do so with CCPA.

Legal aspects of data management and safety will be changing frequently so that in the end, some adtech players will probably have to change their algorithms and the data sources they use during ad campaigns. No one knows if CCPA will evolve into federal law, but for the global adtech businesses, adjusting for the nationwide framework of the U.S would certainly be much easier than catching up with each separate state’s law.

Some adtech players that can’t afford to rebuild their systems will have to completely restrict the collection of Californian cookies, which means shutting down services for a big pool of clients. The rest of the companies will definitely diminish the number of data they collect from Californians, as they will have to justify it under CCPA. Adtech platforms will rely more on their own, first-party data and, as a result, will become more transparent and open.

To wrap it up

Changes in legislation, user privacy and data safety regulations are constantly disrupting and challenging the digital advertising industry. Like everything new, these challenges will inevitably cause difficulties in adaptation, but in the long-term perspective, they drive so-called “natural selection” and lead the ad industry to progress.

GDPR and CCPA won’t restrict personal data usage, but rather oblige companies to be open and more responsible considering the types of customer data they use. IAB initiatives, like app-ads.txt, will become leverages that will also promote transparency and partner-partner level trust. A similar effect ad industry achieved with ads.txt would be a huge benefit for the in-app ecosystem, since it will cause mobile inventory clean-up and lead to confidence in every served impression.

Ivan Guzenko is CEO of SmartyAds.