European telcos are pushing forward with a joint venture to offer opt-in “personalized” ad targeting of regional mobile network users. This follows trials in Germany last year, though EU regulators will ultimately decide its fate.
Four of Europe’s biggest telcos – Deutsche Telekom, Orange, Telefónica and Vodafone – have proposed forming a jointly owned joint venture to provide brands and publishers with a privacy-first digital identification solution for targeted digital marketing. The filing was submitted to the European Commission’s competition division.
The Commission has until Feb. 10 to decide whether to clear the JV and permit the carriers’ commercial launch.
Vodafone declined to comment on the proposed joint venture while the European Commission reviews it, nor did they offer a timeline for its potential launch. However, if approved by Brussels, they plan to publicly announce their mobile ad targeting infrastructure initiative.
Last summer, Vodafone launched trials in Germany for a plan involving personalized ad-targeting. Described as a “cross-operator infrastructure for digital advertising and digital marketing,” the project was initially labeled “TrustPid” (likely to be replaced with something more marketable if successful). Its success relies on user consent to data processing.
Privacy watchdogs quickly noticed the telco ad-targeting proposal, voicing concerns about its legal basis for processing mobile users’ data for ads. This technique, similar to existing microtargeting adtech that relies on user consent, was ruled in violation of the European Union’s General Data Protection Regulation (GDPR) last February.
The project encountered early scrutiny from data protection authorities in Germany and Spain. Following engagement with the regulators, consent procedures were modified to be more explicit.
The telcos’ Jan. 6, 2023 filing proposing a JV confirms “explicit user consent” (opt-in) as the legal basis for targeting, stating:
Subject to explicit user consent (opt-in only), the JV will generate a secure, pseudonymized token. This is derived from a hashed/encrypted pseudonymous internal identity linked to the user’s network subscription, provided by participating network operators. The token enables brands/publishers to recognize users without revealing personal data, enabling them to optimize online display advertising and site/app optimization. Users have access to a privacy portal where they can review who they’ve given consent and withdraw said consent if desired.
Vodafone confirmed that they plan to rely on users’ consent, evidenced by pop-ups, for their approach. Unfortunately, this means that the hopes of third-party cookie tracking’s demise decreasing consent spam may be premature.
An alternative to tracking cookies must have a legal foundation for processing people’s data for marketing. This is becoming more challenging due to EU regulators’ guidance and enforcement, such as the hefty fine imposed on Meta who tried citing contractual necessity. Similarly, TikTok was warned last year when it attempted to use legitimate interest instead of consent for their “personalized ads”, yet had no choice but retract the move.
Consent for personalized ads is a complex issue: Last year, the IAB’s Transparency and Consent Framework (TCF) – which relies on consent to third-party ad tracking – was found in violation of GDPR. In addition, the Belgian DPA ordered the adtech industry to make changes. Despite this, tracking-ads continue with no resolution in sight.
Telcos are proposing contractual limits to ensure no special category data (e.g., health, political) is attached as a targetable interest to user-linked tokens. They want the JV to have final say on consent pop-up language/design and offer users top level refusal rather than burying it with cookie consent pop-ups. Regular website audits will also be conducted by them.
Users can view and revoke any consents they’ve given brands/publishers to use their data for ads on a portal. They also have the option of blocking the entire system, but this does not currently prevent consent pop-ups asking for permission. It seems that consent spam and fatigue will continue – or even increase if lots of brands & advertisers join – unless an appropriate legal basis is found that doesn’t require ongoing pestering those who denied consent with pop-ups.
If the telcos’ JV is approved by the Commission, close examination of technical and contractual details may raise new worries. It is therefore too soon to determine if it will be accepted by regulators and privacy experts.
Mobile network users may be put off by an additional layer of consent spam when using the mobile web, which they are already paying their telcos for. This could lead to low tolerance for extra consent spam.
Convincing mobile users to opt-in to ads is a major hurdle—especially if they are given the free and fair option of denying tracking, as opposed to being forced or misled into it. For example, Apple’s App Tracking Transparency requirement has greatly reduced third-party iOS apps’ ability to track users due its popularity among those asked about it.
Even if telcos can launch their ad-targeting JV, there’s no guarantee mobile users on their networks will opt in.
If this succeeds, brands have a chance to win users with an innovative approach. Rather than the current unsettling climate in which data is taken without explanation of how it’s used or where it goes, brands could be honest about using personal information for ads and offer incentives for approval.
Take a straightforward approach to deepen relationships with loyal customers by making direct requests instead of relying on sneaky surveillance.