First Party World: People in charge via GDPR by 25 May 2018 – Calling Lawyers & Geeks
First Party World: People in charge via GDPR by 25 May 2018 – Calling Lawyers & Geeks
Convener: Doc Searls
Notes-taker(s): Scott Mace
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Paul Baran’s models of the Internet: Centralized, decentralized, distributed, independent.
But every different Internet node is an independent entity. David Reed works with Customer Commons. End to end in system design. Put all the intelligence at the ends of the network. All the middle does is route. It puts everybody in a position of independence.
Cicero talked about what’s more strongly guarded than a man’s own home. It’s his castle.
Every one of those nodes is a castle. When we go to a Web site, we’re not traveling anywhere. We’re actually requesting a file. Netscape 1994 invented cookies to maintain state.
Contracts. I’m not a lawyer but I hang out at a law school. An agreement made by any two parties. That’s a contract. There can be a third party but that’s all law contemplates. The third party is inherently neutral. Always someone proffering the terms and someone agreeing to terms.
In the everyday world, we have a set of understandings, but in the internet world we’ve only had 22 years of that. For the Web, we chose an architecture called client/server. You always go to the server. World looks like this. Display Lumascape. This is the ad tech business. You the consumer are being followed by ad networks who plant cookies on you. He’s done a good job of saying who’s involved.
The GDPR comes along to protect consumers. You will owe up to 4% of your global revenue if we find you in violation of that.
The three entities they have: the data subject, data controller (could be any party in here, including Oath). The spirit of GDPR says you’ll not only collect info about people but you owe it back to them if you collect it because it’s there data. Starting in 2013, McKinsey and IBM started talking about the term big data. Now Microsoft, Oracle, SAP, Accenture, Deloitte. Now if you look up GDPR, who are the top advertisers. IBM, Deloitte. We have one small simple solution in getting compliance. A couple days ago, what happened. There are approaches to the GDPR that start with the individual. If you agree to my terms, you’re in compliance with the GDPR. The third component is the processor.
Here’s the auspicious thing that happened. Having Twitter conversation with the guy who invented Lumascape. He said you’re being childish. Then he comes out with this two days ago. [Plays video]
In a world where ads target, one regulator took a stand to invoke privacy regulations. Notice consumers have changed to people. That’s a big change. GDPR coming May 2018. An ecosystem has to adjust to a first party world. We won that argue. Will you be ready? Credits: Jason Kint, runs Digital Content Next, new name for Online Publishers Association. Now getting religion. He helped Terence Kawaja come up with this.
Q: Jason Kint is telling publishers Facebook and Google are not their friends. Margrethe Vestager. She’s the one who says you’re a trust, we’re going to bust you.
Doc: This came out yesterday: The day after tomorrow, when adblockers and GDPR kill all adtech and martech. Full of quotes from Doc. This is the book I wrote 5 years ago - The Intention Economy: When customers take charge. We’re there now.
Q: Have you talked to Timothy Wu about this?
Doc: Yes and no. He wrote a great book about advertising. So Customer Commons is basically a complete knockoff of Creative Commons. Created at Berkman Center. The whole idea is the First Party terms that we can assert can live in a place that a browser or app can point to. The terms can be invoked and can be infinite. We will make them complicated. We can do intentcasting, where we can do the advertising. In a secure way, they’re shared with what in marketing is called a qualified lead. An exchange and a negotiation can take place. Intentcasting and all those ceremonies, take the entire adtech and martech, annual conference with 5,000 entity Lumascape. Martech needs customer tech on your side. Let’s make sure it’s one kind of customer tech that talks to anybody, rather than the way CRM works now. We want it in the world by next May 25. It won’t work across the board but it will be a proof of concept. Spoken to people at Conde Nast and Wired, the Guardian. I think we can make this happen.
Term: #NoStalking. The person is saying, just show me ads not based on tracking me. There is probably a more succinct way of putting it. On the other side is a publisher. Behind that is advertising or advertisers in general. Was part of a major advertiser until the early 1990s. The way advertising worked for the longest time, the advertiser had an agency. Through it they placed an ad. That ad sponsored the publisher. There was no mystery in it. You know the ad came from that company. That was called sponsorship. Ad tech said we’re tracking eyeballs. Walt Mossberg starts Re:Code, is on stage with a big ad tech guy. You’re going to advertise with us right? Ad tech guy says we’ll find your readers and look for the cheapest place. Your eyeballs got followed to Breitbart. It’s called into the world an endless variety of content. All we’re doing is saying we’re only interested in supporting you. Ad blocking is saying no to all of advertising. This brings sponsorship back. So what we need right now, there’s human readable, lawyer readable [legalese] and the third is machine readable. We need a little help with lawyer readable. Students at Harvard are helping. How are these terms being proffered? Are you using the DNT field? W3C is mired in not coming up with a definition for DNT. Looking for a browser person to help. So looking for geek help and lawyer help.
Q: I can help with the DNT thing. Active standards work on user-granted exceptions to express exceptions. A fairly simplistic response the server can give back. The W3C standard should be published imminently. There is a UX to put in front of the consumer all the consents they need.
Doc: Concer. We’re trying to turn this thing around.
Q: This is browser vendors developing this for display in browsers. It’s browser-vendor centric. Intention is the three great browsers will commit to develop this if industry commits to accept it. Last time, Microsoft did this thing...this time could happen by May.
Q: DNT had no teeth. GDPR is a meat grinder. With DNT, if I went to a site that didn’t respect that, there wasn’t feedback. If we wait for standards it’s going to be a while.
Q: Browser vendors are somewhat neutral territory, different world view. I work for Oath. Publishers like Jason Kint have their own problems. All this consent stuff lands on that. The publisher owns the media and offers it for sale. They’re worried about the UX for their site or what the browser vendors will do in front of them to control access to their site. The IAB has a proposal, not circulated yet, daisy chain or daisy bit. What Doc is proposing. A set of permissions or bits which will go against all 880 participants in the IAB universe, consumers will consent to use of their data. I.e. stalking, analytics. 4-6 bits for each entity named in the Lumascape. What we’re being asked to do in ad tech trade is to choose a preferential one. One thing I would love to get out of this is where you all would like it to happen. Do we want browser centric, publisher centric?
Doc: I am an attorney for the individual. I’ve been paid twice by the IAB to tell them what to do. Especially re ad blocking. IAB says it’s about the ad blocking companies rather than what people want to do.
Q: Digi.Me, what we do. Profile them on device, none of their data leaves their device but you can ask them how has your shopping at McDonald’s changed in the last three months. Others are doing similar stuff. You need a summary of that. Get them to opt in. The beauty of it is if you go to the individuals, you will get orders of magnitude better information than from all the tracking.
Doc: The only thing until May 25 is show me ads not based on tracking me.
Q: No interest based advertising?
Doc: Let me talk about interest based advertising. Here’s advertising. It went to a publisher and sponsored that publisher. That was all it did. There was another thing first called direct mail, then direct marketing. When the Web came along, it said DM is going to be advertising. It looks exactly like advertising. We’ve redefined advertising. It’s only direct marketing. Madison Avenue fell asleep, direct marketing ate its brain and woke up as an alien replica of itself. I’m proposing, simple, narrow, are you so deep into this that you can’t do this (no interest advertising).
Q [Wendell]: Yes. The 3x multiplier, out of Harvard Business School, IAB sponsored, if we can answer how to make more money using that method, we are all ears.
Doc: The concept I want to prove this is still possible.
Q: What Digi.Me and JLink are doing, putting the user in control doesn’t address some of the issues. Doesn’t address the free and informed consent in the GDPR.
Q: Stalking is because there is no ability to ask automatically an individual for their interests. That’s advertising’s dream. What’s wrong with that?
Doc: The only thing wrong with it is it’s not in my plan.
Q: You need a signal off to the publisher that says here’s the user’s data and what the user wants to do that. The IAB can say here’s what I’m allowed to do with the data.
Q: If you read these privacy notices, you will get a term, interest based advertising. What it says is do you consent to have ads delivered against your profile based on your interests gathered. Content targeting, AdSense. Technographic targeting. Geographic targeting. No stalking, not a term of art in the industry.
Doc: I don’t like the term no stalking right now. Since Harvey Weinstein we have to lose it. The problem is targeting. My friends at Ad Block Plus, say it’s all about acceptable ads. It blurs the whole thing. What I want to support is publishers who want to see an ad in the Wall Street Journal. A trillion dollars has been spent on ad tech but not a single brand has been made by it.
Q: We’re testing if one of Jason Kidd’s clients can make money off the no stalking tag.
Q: If you say no stalking equals no interest based advertising...your problem, is this no stalking but do what you like downstream, or are you saying no stalking and no interest based advertising? They’re separate things.
Doc: Everyone in the direct marketing world, all of Google and FB, advertising is basically interest based.
Q: Ad choices, you go into their system, don’t work for the next site. All the agency is on their side.