The Feds Are Coming For Google. Could The Trade Desk Be Next?
What does the FTC's warning shot mean?
It was hard not to notice the disconnect in the ad tech headlines this week, along with a heavy does of irony.
Just as news was flying fast that the Department of Justice may be recommending to break up Google - even before next month’s programmatic trial - one of Google’s chief antagonists and would-be beneficiary of a more competitive playing field, was the subject of two major news stories.
The Trade Desk crushed its earnings, buoyed by its cookie alternative: “The Trade Desk Says UID2 Has Now Reached ‘Critical Mass’ - reported AdExchanger
Also, on AdExchanger’s home page, was this piece “Ad Tech Companies Should Heed The FTC’s Warning About Hashing”
Um, isn’t UID 2.0 - the much-touted, Trade Desk-backed answer to Google dumping cookies to appease regulators - all about hashed email addresses?
Which is it? The Trade Desk is killing it? Or the Trade Desk should duck?
Apparently, great minds think alike:
If you read Allison Schiff’s report on the FTC’s warning, it sounds pretty dire, and the message not accidental. I mean, the title of the FTC blog post that Schiff references is titled, not so subtley: No, hashing still doesn't make your data anonymous
Here’s what privacy attorney Jessica Lee told Schiff: “The FTC is signaling that they are watching this issue and are prepared to enforce.”
As we’ve seen lately, while some Congressman can barely use their iPhones, the FTC and DOJ are sharper than you might think, and aren’t playing around.
Therefore, is the whole premise of UID 2.0 - i.e. collecting a large database of email addresses obtained by publishers for things like registration and personalization -and using that for widespread ad targeting (kinda like Google used to) in serious trouble?
Could the high flying Trade Desk itself really be the subject of regulatory pressure?
I’ve long wondered, what would happen once regulators - and lawmakers looking for a populist cause - got wind of an ad tech company secretly using people’s email addresses to target them with ads all over the web? Still, I’m no lawyer.
So I asked Alysa Hutnik of the DC law firm Kelley Drye & Warren for help.
“It’s very much an open ended topic,” she said.
—sponsor—
Here’s how Hutnik tried to explain it to me:
The act of hashing emails is OK on the surface. That tactic is actually helpful in preventing data leaks or unauthorized use
It not that you cannot hash an email. That’s a helpful data security measure to reduce the data leakage/unauthorized use of the identifier by third parties. That’s positive.
However, the FTC and several major state privacy laws do consider hashed emails “personal info.” It’s how this data is collected, and how it’s user that really matters
“If you’re using an identifier with sensitive personal information…there are greater obligations around both notice to the consumer and consent obligations,” she said.
Ok, so are the Trade Desk, and really the folks running UID 2.0, doing things right in terms of consumer notice and consent? Well, what do I know - but I’d guess their lawyers know what they are doing here, right?
As Hutnik put it, what the ad industry is trying to do with UID 2.0 is “not all that different from cookies used to track [people] pseudonymously, which in the US has operated under an opt out framework.”
That sounds safe, but…
“Where companies are doing it right, [this identifier] can only be used in specific authorized use cases and not to build independent profiles across the industry.”
Hmm. Well, can UID 2.0 bee seen as “building independent profiles”? I’m going to say that’s open to interpretation?
In the meantime, Hutnik noted that ad tech companies of all kinds have to make sure they’ve spelled everything out in their prviavy policies, and have put in mechanism to let people delete their information or opt out. Not everyone’s there.
She also noted that in California, a bill called The Delete Act promises to bring this sort of thing to the forefront.
“It will be interesting also to see what happens once the Delete Act is in effect and there are higher volumes of opt outs-slash-deletion requests that must be shared downstream and honored,” she said.
So, the Trade Desk appears to be treading on uncertain ground. However, in my view, there are several reasons to believe companies like TTD will steer clear of any real trouble:
Unlike Google, Meta, Amazon etc. the Trade Desk isn’t a consumer-facing bad guy. Rather, the company is the very definition of a faceless, behind the scenes ad tech company, one that most consumers and lawmakers don’t know. Who’s really getting hurt here, you might argue? It’s just a few email addresses - not people’s home addresses or medical records?
In the face of Google and other Big Tech companies facing anti trust allegations - The Trade Desk is the little guy. They are the company that is supposed to benefit from these laws - an actual undermanned competitor. (TTD pulled in $585 million in Q2. Alphabet: $85 billion). So do the feds really want to go after this relatively modest tech company
UID 2.0 is really about helping top publishers stay afloat - who wants to be against that, right?
BUT - on the flip side, you could argue that UID 2.0 isn’t about any one company - but rather a huge subsegment of the ad business. Do regulators see the stakes as being higher there?
I don’t know. But I’m also not sure I’d want to bet the operations of an entire industry on it either.
A QUICK FAVOR TO ASK:
I’m working on a survey on the state of YouTube media planning with the folks at Precise.TV - the results of which will inform a report I’m putting out in October. Would you mind taking this survey?
Thanks! And thanks to Precise.TV.