IAB Tech Lab https://www.iab.com/organizations/tech-lab/ Empowering the Media and Marketing Industries to Thrive in the Digital Economy Thu, 06 Jun 2024 12:59:46 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 OneTrust Becomes First Privacy Vendor to Integrate with IAB Diligence Platform Powered by SafeGuard Privacy https://www.iab.com/blog/onetrust-becomes-first-privacy-vendor-to-integrate-with-iab-diligence-platform-powered-by-safeguard-privacy/ Tue, 04 Jun 2024 20:26:32 +0000 https://www.iab.com/?post_type=iab_blog&p=183966 This morning, OneTrust announced it was the first company to integrate with the IAB Diligence Platform, powered by SafeGuard Privacy. The integration allows OneTrust’s users to seamlessly integrate their vendor diligence information from the IAB Diligence Platform into the OneTrust platform, boosting efficiency, accuracy, and accountability across the digital advertising industry and ensuring adherence to … Continued

The post OneTrust Becomes First Privacy Vendor to Integrate with IAB Diligence Platform Powered by SafeGuard Privacy appeared first on IAB.

]]>
This morning, OneTrust announced it was the first company to integrate with the IAB Diligence Platform, powered by SafeGuard Privacy. The integration allows OneTrust’s users to seamlessly integrate their vendor diligence information from the IAB Diligence Platform into the OneTrust platform, boosting efficiency, accuracy, and accountability across the digital advertising industry and ensuring adherence to state privacy law requirements.

When we first announced the launch of the IAB Diligence Platform, we emphasized the importance of working smarter to solve the complex process of managing privacy diligence with the numerous vendors in the digital advertising industry. The Platform is compatible with any privacy program management solution and assesses privacy compliance in the context of actual data flows and uses in the digital advertising industry. Moreover, it’s fully auditable, making it an invaluable tool for effective and efficient privacy compliance management for your business.

The IAB Diligence Platform includes questions that are specifically drafted for a publisher’s state privacy law diligence of a Supply-Side Platform (SSP); an advertiser’s diligence of a demand-side platform (DSP); an SSP’s diligence of a DSP; and everyone’s diligence of data brokers.  The Platform also includes SafeGuard Privacy’s US State Law assessments that can be leveraged for self-assessment, and for additional vendor assessment.

The IAB Diligence Platform is a critical step in standardizing privacy due diligence for the digital advertising industry.  We encourage all IAB members, and the industry more broadly, to use it to satisfy their privacy diligence obligations.

To learn more about the IAB Diligence Platform, please visit https://safeguardprivacy.com/iab-diligence-platform/.

 

The post OneTrust Becomes First Privacy Vendor to Integrate with IAB Diligence Platform Powered by SafeGuard Privacy appeared first on IAB.

]]>
Ad Ops Workshop for Advanced TV https://www.iab.com/events/ad-ops-workshop-for-advanced-tv/ Mon, 20 May 2024 20:23:48 +0000 https://www.iab.com/?post_type=iab_event&p=182815 Learn all about the Ad Creative ID Framework, the VAST CTV Addendum, and the brave new world of ad formats and interactivity in CTV. Before we move on to build a better ecosystem of cross-platform video ad placement and measurement, we need to “get the small things right.” Learn how adjusting your workflow for labeling … Continued

The post Ad Ops Workshop for Advanced TV appeared first on IAB.

]]>
Learn all about the Ad Creative ID Framework, the VAST CTV Addendum, and the brave new world of ad formats and interactivity in CTV. Before we move on to build a better ecosystem of cross-platform video ad placement and measurement, we need to “get the small things right.” Learn how adjusting your workflow for labeling you ad media for TV environments can save you time and resources, protect the brands of the campaigns you run, and better measure performance. This is a free event held at the IAB Ad Lab. With limited capacity, we’ll first open registration to companies who are committed to implementing VAST CTV Addendum 2024 and Ad Creative ID Framework.

The post Ad Ops Workshop for Advanced TV appeared first on IAB.

]]>
Multi-State Privacy Agreement and Global Privacy Platform Update https://www.iab.com/blog/multi-state-privacy-agreement-and-global-privacy-platform-update/ Tue, 14 May 2024 13:00:45 +0000 https://www.iab.com/?post_type=iab_blog&p=182831 The IAB Tech Lab’s Global Privacy Platform (GPP) is a technical protocol designed to streamline the transmission of privacy and consumer choice signals across the digital advertising ecosystem (e.g., between publishers, advertisers, and adtech intermediaries) and help its participants adapt to regulatory demands across markets. The GPP currently supports the following privacy strings: the IAB Europe … Continued

The post Multi-State Privacy Agreement and Global Privacy Platform Update appeared first on IAB.

]]>
The IAB Tech Lab’s Global Privacy Platform (GPP) is a technical protocol designed to streamline the transmission of privacy and consumer choice signals across the digital advertising ecosystem (e.g., between publishers, advertisers, and adtech intermediaries) and help its participants adapt to regulatory demands across markets. The GPP currently supports the following privacy strings: the IAB Europe TCF, the IAB Canada TCF, U.S. state-specific privacy strings for California, Virginia, Utah, Colorado, and Connecticut (other states forthcoming), and a US National Privacy String that is specifically designed to support IAB Privacy, Inc.’s Multi-State Privacy Agreement (MSPA). The IAB Tech Lab looks to the IAB Legal Affairs Council to provide the legal inputs for U.S.-related strings, IAB Europe for the legal inputs to the TCF string, and to local market participants and local IAB’s for the legal inputs to those jurisdictions’ strings.

The US National Privacy String was specifically designed to support the MSPA. The Tech Lab’s github repository makes that purpose clear with the naming convention: “IAB Privacy’s [the IAB entity that holds the MSPA] US National Privacy Technical Specification.” The preface in github states:

This document outlines the technical specification for using the GPP specifications with the IAB Privacy Multi-State Privacy Agreement legal requirements. . . . The US National Privacy Section is a string that consists of the components described below. Users should employ the US National Privacy Section only if they will adhere to the National Approach [a defined term in Section 1.81 of the MSPA] for their processing of a consumer’s personal data.

While we believe that this language is clear, we’ll provide even more qualifying language in the coming weeks to make it doubly clear – the US National Privacy String must only be used by MSPA signatories or MSPA-certified partners who have agreed to comply with the “National Approach” as defined in the MSPA.

For those who are not an MSPA signatory or certified partner, there are several reasons why they should not send or receive IAB Privacy’s MSPA US National String and use it for their own purposes. First, if publishers or advertisers send the US National String when they are not a signatory to the MSPA or a certified partner, they run the risk of making material misrepresentations that they are an MSPA signatory or certified partner and adhere to the MSPA’s National Approach as the means of reconciling the differences in the state privacy laws. Regulators such as the FTC and State Attorneys General have previously enforced misleading certification advertising claims. Second, if adtech providers induce or knowingly receive and open the US National Privacy String and are not a signatory to the MSPA or a certified partner, they run the risk of potentially assisting and facilitating false advertising for which there is joint and several liability. It also raises the risk of a tortious interference claim being brought by another MSPA signatory.

We certainly appreciate the desire for a single string to cover the U.S., but alas we do not have a federal privacy law that we can simply cite to in the string, as we do for the state-specific strings. Some have asked, “Why can’t we just list the relevant provisions of all the state laws in a US national string and not connect it to the MSPA?” The problem is that the string would be of little privacy value – no better than a general representation and warranty to comply with applicable provisions of all relevant state privacy laws. The outcome is the senders and recipients of the string would have different views and implementations around reconciling the different state privacy laws. So, receipt of the same signal would lead to different implementation outcomes.

Some have similarly asked, “What if I have privacy terms in my contracts with my partners, could I use the US National Privacy String then?” The problem is that there are potential variations in terms across partnership agreements, resulting in the same outcome of differing views and implementations. Our industry can do better than that to protect consumer privacy and we doubt that regulators would ever accept such an approach.

That is why we created the MSPA, and the corresponding U.S. National Privacy String, in the first place – to serve as a central and transparent set of privacy terms for the industry to point to that brings a consistent set of privacy outcomes and generally aligns with the highest common denominator across the privacy laws.

It is more imperative than ever for our industry to be compliant to the letter of the law. If you’re an MSPA signatory or certified partner, go ahead and send either IAB Privacy’s US National Privacy String or a state-specific string; the MSPA accommodates both approaches. But if you’re not an MSPA signatory, you should only send or receive state-specific strings with your partners.

The post Multi-State Privacy Agreement and Global Privacy Platform Update appeared first on IAB.

]]>
Expanded Coverage for OMSDK for CTV https://www.iab.com/events/expanded-coverage-for-omsdk-for-ctv/ Wed, 01 May 2024 17:34:13 +0000 https://www.iab.com/?post_type=iab_event&p=182359 The Open Measurement SDK (OM SDK) is expanding its CTV footprint.  With its success in Mobile App and Web Video, the IAB Tech Lab continues to work towards cross-platform measurement with OM SDK for CTV.  The CTV expansion will bring the same consistent impression and viewability measurement signals to CTV environments, furthering our reach from … Continued

The post Expanded Coverage for OMSDK for CTV appeared first on IAB.

]]>
The Open Measurement SDK (OM SDK) is expanding its CTV footprint.  With its success in Mobile App and Web Video, the IAB Tech Lab continues to work towards cross-platform measurement with OM SDK for CTV.  The CTV expansion will bring the same consistent impression and viewability measurement signals to CTV environments, furthering our reach from Android TV and tvOS to include Samsung & LG.

Learn more about new CTV events signals, including:

  • Identifying CTV Traffic: Know the environment in which a native app is running.
  • Last Activity: Signal that an event occurred indicating someone is “still watching”.
  • Display Connection Status: Understand when the TV display is off, but applications may still be running.
  • Video Pod Measurement: Enable measurement of video ad pods with gapless playback for “javascript” session types.

The post Expanded Coverage for OMSDK for CTV appeared first on IAB.

]]>
Privacy Tech Workshop for Lawyers and Cross-Functional Privacy Teams – D.C. https://www.iab.com/events/privacy-tech-workshop-for-lawyers-and-cross-functional-privacy-teams-d-c/ Wed, 03 Apr 2024 16:45:33 +0000 https://www.iab.com/?post_type=iab_event&p=180547 This instructor-led, full-day training bridges the knowledge gap for non-technical professionals like privacy lawyers, cross-functional privacy teams, and those drafting commercial contracts that need to get a deeper understanding of what happens to personal information when it traverses the digital ad supply chain. Note: This is not a CLE-eligible workshop Topics will include: How the … Continued

The post Privacy Tech Workshop for Lawyers and Cross-Functional Privacy Teams – D.C. appeared first on IAB.

]]>
This instructor-led, full-day training bridges the knowledge gap for non-technical professionals like privacy lawyers, cross-functional privacy teams, and those drafting commercial contracts that need to get a deeper understanding of what happens to personal information when it traverses the digital ad supply chain.

Note: This is not a CLE-eligible workshop

Topics will include:

  • How the digital supply chain works and how data flows through the ecosystem
  • Changes in the digital advertising status quo caused by operating systems, browser, regulation, and concerns around “data leakage”
  • Evolution of new privacy technologies including PETs to address the changes
  • Other approaches to addressability

*Save the date! More to come soon!

The post Privacy Tech Workshop for Lawyers and Cross-Functional Privacy Teams – D.C. appeared first on IAB.

]]>
Navigating the Divide: Privacy Sandbox Fit-Gap Analysis and Industry Solutions https://www.iab.com/events/navigating-the-divide-privacy-sandbox-fit-gap-analysis-and-industry-solutions/ Fri, 02 Feb 2024 20:24:23 +0000 https://www.iab.com/?post_type=iab_event&p=177321 On the first MadTech Webcast of 2024, ExchangeWire will be joined by IAB Tech Lab on February 13th, 2024 at 3pm GMT | 10am EST to discuss the recent findings from the Privacy Sandbox Fit Gap Analysis. Throughout this Webcast, they will discuss: – Privacy Sandbox Fit Gap Analysis study results – Areas where adjustments … Continued

The post Navigating the Divide: Privacy Sandbox Fit-Gap Analysis and Industry Solutions appeared first on IAB.

]]>
On the first MadTech Webcast of 2024, ExchangeWire will be joined by IAB Tech Lab on February 13th, 2024 at 3pm GMT | 10am EST to discuss the recent findings from the Privacy Sandbox Fit Gap Analysis.

Throughout this Webcast, they will discuss:
– Privacy Sandbox Fit Gap Analysis study results
– Areas where adjustments and improvements may be needed
– To what extent Privacy Sandbox prioritizes user privacy

 

Don’t miss this full-on virtual chat from ExchangeWire in association with IAB Tech Lab, keeping you up-to-date in these unprecedented times.

 

Agenda:
15 minute presentation by Shailley Singh, IAB Tech Lab
30 minute panel discussion

The post Navigating the Divide: Privacy Sandbox Fit-Gap Analysis and Industry Solutions appeared first on IAB.

]]>
Working Harder Won’t Solve Privacy Diligence. It’s Time to Work Smarter. https://www.iab.com/blog/working-harder-wont-solve-privacy-diligence-its-time-to-work-smarter/ Thu, 01 Feb 2024 23:33:15 +0000 https://www.iab.com/?post_type=iab_blog&p=177097 Introducing the IAB Diligence Platform With more than a dozen privacy laws in effect or coming into effect, each of which provides for an opt-out of “sales” and targeted advertising, digital advertising is increasingly becoming a regulated industry. This change in the law must be met with a change in business practices, including how we … Continued

The post Working Harder Won’t Solve Privacy Diligence. It’s Time to Work Smarter. appeared first on IAB.

]]>
Introducing the IAB Diligence Platform

With more than a dozen privacy laws in effect or coming into effect, each of which provides for an opt-out of “sales” and targeted advertising, digital advertising is increasingly becoming a regulated industry. This change in the law must be met with a change in business practices, including how we conduct diligence around privacy in digital ad transactions.

Liability is shifting

One of the fundamental changes in state privacy laws is the inclusion of accountability. There are new requirements around what partners can and cannot do with the personal information you provide them. Indeed, you must take “reasonable and appropriate steps” to make sure that your partner uses that personal information consistent with the law — for example, by including mandatory audit provisions in your contracts.

Perhaps the most significant change is the California Privacy Protection Agency’s (CPPA) regulation stating that whether you conduct diligence of your partners with whom you disclose personal information is a material factor in determining whether you will be liable for their wrongdoing.  In other words, due diligence and third-party risk management should now be integral aspects of your data privacy program.

Enforcement is getting tougher — and digital advertising will face new scrutiny

Not only is liability shifting, but enforcement is too. Upon the effective dates of the dozen-plus privacy laws, each vests enforcement in its attorney general’s office. In California, both the Attorney General’s Office and the CPPA each have enforcement powers.

Those enforcers have shown a clear intent to protect consumers under their privacy laws.  On January 26, the California Attorney General’s announced a sweep of streaming services under the CCPA.  The Connecticut Attorney General’s Office announced its enforcement priorities for the digital advertising industry at the IAB State Privacy Law Summit on November 15, including setting bright lines on the right to opt-out of the disclosure of personal information to vendors for measurement and frequency capping (where those vendors do not serve as your processors), as well as parameters on the categorizing information as deidentified.

Colorado’s Attorney General Phil Weiser has said “Enforcement of the Colorado Privacy Act is a critical tool to protect consumers’ data and privacy (…) If we become aware of organizations that are flouting the law or refusing to comply with it, we are prepared to act.”

Finally, the CPPA has a fully staffed enforcement division to investigate possible violations, and it’s hard to imagine digital advertising won’t be one of its key focus areas. Importantly, you can expect announced or unannounced audits to commence soon, particularly: for companies who’ve had any history of non-compliance with any privacy law; where there are potential violations of the law; or where the subject’s “collection or processing of personal information presents significant risk to consumer privacy or security”.  And there is no longer a mandatory 30-day “cure period” — no guaranteed second chances — under the CCPA.

Companies should not underprice state privacy risk because doing so could become a big — and very costly — mistake.

Industry diligence must improve

Historically, privacy diligence has relied on two things. First, you obtained a representation and warranty in the contract that the business partner would comply with applicable law and then indemnity if it failed to do so.  Second, you typically sent out a generic questionnaire.

This approach will no longer do.

For a fully digital industry, diligence is woefully analog and outdated. It’s underfunded, understaffed, and in an underdeveloped state. Companies send out and receive dozens of questionnaires monthly in connection with transactions and partnerships. These often ask the same questions in multiple different ways, which makes responding to them a rote exercise of managing answers in spreadsheets and cutting and pasting. Worse, these questionnaires are often generic and out of date, and the majority fail to address the actual uses of personal information contemplated by the business arrangement and the entirety of each state law. Sometimes, the surveys come back incomplete — if they come back at all.

The industry must solve for privacy diligence, and it can’t do so by doubling down on its current approach. Rather, what’s needed are standards around privacy diligence that can achieve effectiveness and efficiency so that all industry participants are speaking the same language. We need standardized privacy diligence questions that address both the letter of the law and the specific data flows and business use cases for every vendor and sub-vendor. We also need a more effective and efficient means of managing the diligence process.

It’s a digital problem that demands a digital solution.

Introducing the IAB Diligence Platform

To proactively meet the needs of regulators, the IAB convened a Privacy Implementation and Accountability Taskforce (PIAT), composed of publishers, advertisers, agencies and ad tech companies.  The group highlighted the need for an effective and efficient solution: the IAB Diligence Platform.

The Platform provides a privacy diligence solution that is purpose-built for the digital advertising industry. This solution will combine new industry vertical business questions with US state law assessments in one collaborative platform to make the diligence workflow effective and efficient for both sides of the partnership.

Leading industry privacy lawyers and law firms are collaborating in the PIAT initiative to draft the right business and privacy questions of each digital advertising use case and vendor type. We know that the right questions that a publisher should ask an SSP aren’t the right questions for an advertiser or its agency to ask a DSP.  These questions will be complemented by questions specifically tailored to assess compliance with each state privacy law.

The IAB Diligence Platform will be built on the SafeGuard Privacy Platform, which features robust state law assessments and a vendor compliance hub.  Users will be able to complete the diligence questionnaire once and share it with the partners on the platform as they engage in digital ad transactions.  By moving the industry towards use of the Platform, there will be a strong network effect to drive efficiency and improve deal speed.  In fact, IAB members that are already on the SafeGuard Privacy platform are seeing 80%+ efficiency gains by managing multiple laws concurrently and automating vendor compliance. They have a single source of truth for members to handle their diligence efficiently, and they’re saving dozens of FTE hours a month.

The solution provides:

  • Standardized privacy questions that will be leveraged by the industry.
  • Ability to fill out assessments and questionnaires once and easily share with partners many times.
  • Ability to update compliance as new laws come online or existing laws and regulations evolve.

It’s better for vendors. Automated sharing means significant time and labor savings for vendors — they answer the right set of questions once and share everywhere. Deals close faster when there are no overlapping, inappropriate, out of date, and repetitive questions to wrestle with.

It’s better for accountability. It’s auditable, fully accountable, and provides a clear record of compliance: companies that are audited can show the actions they’ve taken to ensure that control and privacy of company data was assured. The combination of SafeGuard Privacy assessments and IAB PIAT (Privacy Implementation & Accountability Task Force) questionnaires delivers what the heightened regulatory landscape calls for.

Of inertia, lack of budgets, and finger-pointing

The first challenge is for the industry to overcome inertia. We must recognize that we are now becoming a regulated industry, and expect that regulators will do their job diligently. What worked in the past will not work in the future.

Despite this, few budgets have a line item for a diligence platform. This must change.

Company leaders must not allow this to devolve into finger-pointing about which budget this should come from — especially since nobody’s going to point at their own budget first.

This needs to be a priority driven by top management, with real effort to find the resources and get a real solution in place. The good news is, the cost is lower than it might appear — and certainly lower than the financial and reputational cost of an enforcement action arising from your partner failing to properly process personal information you provided to it.

Additionally, the costs of the industry’s current approach are high, but largely hidden. Every hour that employees spend sending out questionnaires, working with vendors to fill in the inevitable gaps, and chasing down vendors who are too overwhelmed to reply has a hard-dollar cost. This is to say nothing of the opportunity cost of executives stepping in to push through contracts that have been held up in the process.

What to do now

We encourage everyone to understand the new legal landscape, and prepare for smarter diligence. If you’re not already a member of IAB PIAT (Privacy Implementation & Accountability Task Force), you can email michael.hahn@iab.com. You can also contact SafeGuard Privacy here to see a demo of the IAB Diligence Platform.

The new regulations are real, and we expect them to be enforced. The most important thing to do is to start today to prepare for new state privacy law diligence requirements.

The post Working Harder Won’t Solve Privacy Diligence. It’s Time to Work Smarter. appeared first on IAB.

]]>
The Accountability Platform Explained https://www.iab.com/events/the-accountability-platform-explained/ Wed, 03 Jan 2024 22:17:20 +0000 https://www.iab.com/?post_type=iab_event&p=175718 What is the Accountability Platform? Join this webinar to explore the Accountability Platform, a specification for open, auditable data structures and standard practices to support parties communicating user preference signals like a GPP String or TCF String. Learn more about how it works and how it supports the evaluation of the correctness and completeness of … Continued

The post The Accountability Platform Explained appeared first on IAB.

]]>
What is the Accountability Platform? Join this webinar to explore the Accountability Platform, a specification for open, auditable data structures and standard practices to support parties communicating user preference signals like a GPP String or TCF String. Learn more about how it works and how it supports the evaluation of the correctness and completeness of user preference signals as they’re communicated within the digital ad supply chain.

The post The Accountability Platform Explained appeared first on IAB.

]]>
IAB Tech Lab, Privacy & Addressability, “As The Cookie Crumbles” https://www.iab.com/events/privacy-addressability-as-the-cookie-crumbles-2/ Mon, 11 Dec 2023 02:09:08 +0000 https://www.iab.com/?post_type=iab_event&p=174975 Third-party cookie deprecation, the cookie crumbling, the cookie-pocalypse – whatever term you’re using to describe it, it’s here. Grappling with signal loss – and we’re not just talking about cookies – is a major concern for the industry. Having a sound privacy compliance and addressability strategy is paramount to meeting the challenge. The Privacy & … Continued

The post IAB Tech Lab, Privacy & Addressability, “As The Cookie Crumbles” appeared first on IAB.

]]>
Third-party cookie deprecation, the cookie crumbling, the cookie-pocalypse – whatever term you’re using to describe it, it’s here. Grappling with signal loss – and we’re not just talking about cookies – is a major concern for the industry. Having a sound privacy compliance and addressability strategy is paramount to meeting the challenge. The Privacy & Addressability event will bring together privacy technology and policy experts from publishers, advertising technology providers, and advertisers. Together, we will discuss the development and application of the latest innovations, technologies, and standards essential for constructing your addressability stack.

This event provides a unique opportunity to dive deep into the technologies and solutions being developed for addressability, privacy and data security. Attendees will gain valuable insights into the practical application, benefits, and limitations of privacy enhancing technologies. Additionally, discussions will cover how to use Tech Lab’s compliance and audit frameworks to comply with government regulations, plus so much more. Join us to stay ahead of the curve in understanding and adapting to the dynamic changes hitting the ad tech ecosystem.

This event series is in-person only.

*Agenda times are not final and subject to change.

The post IAB Tech Lab, Privacy & Addressability, “As The Cookie Crumbles” appeared first on IAB.

]]>
01/10 OpenRTB 2.x 2023 Release Review Webinar https://www.iab.com/events/01-10-openrtb-2-x-2024-release-review-webinar/ Mon, 11 Dec 2023 00:39:02 +0000 https://www.iab.com/?post_type=iab_event&p=174962 Join industry leaders to review updates to the OpenRTB 2.x specification made in 2023 that had material impact on the Programmatic Supply Chain. Process changes resulting from the first year of monthly releases have given way to the introduction of Provisional Attributes in addition to signal updates focused on ways to more easily identify Made … Continued

The post 01/10 OpenRTB 2.x 2023 Release Review Webinar appeared first on IAB.

]]>
Join industry leaders to review updates to the OpenRTB 2.x specification made in 2023 that had material impact on the Programmatic Supply Chain. Process changes resulting from the first year of monthly releases have given way to the introduction of Provisional Attributes in addition to signal updates focused on ways to more easily identify Made for Advertising inventory and better support for CTV.

The post 01/10 OpenRTB 2.x 2023 Release Review Webinar appeared first on IAB.

]]>