Commentary
Programmatic Shift Hurts Publishers That Cater To Children
- by Michael Hahn , Bill Morrow , August 3, 2016
Yet such growth has not taken hold among publishers with Web sites directed at children, despite the fact that programmatic can increase revenues, decrease transaction times and shrink direct sales overhead.
Why have these publishers allocated their inventory for distribution through less profitable channels? The answer has little to do with a market failure — and everything to do with a government failure.
The Children’s Online Privacy Protection Act (COPPA) was enacted to enhance parental control over the information collected from children while they are online. The act, along with the implementing rules from the Federal Trade Commission (FTC), prohibits Web sites directed at children under 13-years-old from collecting personal information unless proper notice is provided and parental consent is obtained.
The FTC amended the act’s implementing rule in 2013 to expand the umbrella of covered personal information. It now includes persistent identifiers, which are used to recognize users across different Web sites, as well as geolocation information.
Thus, COPPA covers the very information that underpins behavioral advertising, including customer numbers held in cookies, Internet protocol addresses, processor or device serial numbers and unique device identifiers.
Even more problematic than the rule’s scope is the act’s “strict liability” standard. This standard makes publishers responsible for the unauthorized collection of information from children regardless of whether a third party is at fault or the collection is inadvertent.
COPPA strangely imposes the same legal standard that the law reserves for ultra-hazardous activities, such as rock blasting or the operation of a nuclear reactor. Persons who engage in those activities are liable for the injuries they cause to others regardless of whether they undertake reasonable preventive steps.
COPPA and its implementing rule have certainly gone off the tracks in assuming that behavioral advertising is tantamount to an ultra-hazardous activity.
Publishers of child-directed sites often refuse to distribute their inventory through supply-side platforms and ad networks over whom they have limited control, both because of this regulatory scheme and a lack of confidence in the distribution chain. They know that such intermediaries sometimes violate the parameters set by publishers concerning the use of digital ad space.
How many times has an ad operations manager been dismayed to learn that a video ad with audio automatically played in a banner, or that an advertisement displayed denigrates the publisher’s brand, despite contractual provisions prohibiting such conduct? That kind of track record, frequently caused by inadvertence and occasionally with intent, makes publishers understandably wary that intermediaries will properly comply with COPPA when requested.
This is particularly true for programmatic advertising, where distribution complexity and lack of intermediary trust and transparency is even more acute. The reality is that publishers of child-directed sites do not know – and cannot vet – the numerous parties that “touch” programmatic ad inventory and may insert tags that facilitate behavioral advertising or retargeting.
Moreover, while intermediaries typically offer representations and warranties concerning COPPA compliance, and publishers often request indemnification for violations, those protections are not sufficient. The reality is that intermediaries often lack the resources to sufficiently deter them from causing violations for which publishers will be held strictly liable.
As advertisers increasingly allocate their budgets to programmatic and child-directed sites do not participate in this channel, publisher revenue growth is increasingly stunted. The industry needs to stem this tide and, in the first instance, do so through innovation.
This can be accomplished through wide-scale adoption of a private programmatic platform to support COPPA-compliant market participants. Such a closed network of buyers and sellers would involve third-party vetting, an agreement that inventory will be used for consumption purposes only, and robust and consensual accountability mechanisms.
Such solutions are only in their infancy, but may ultimately provide publishers of child-directed sites the safeguards they need to increase their distribution of inventory through the programmatic channel, in spite of COPPA’s strict liability standard.
However, if an effective technical and market-based solution does not develop, the industry will need to take a second look at a legislative solution that imposes liability solely upon parties that knowingly violate the Act. Or, alternatively, such legislation should eliminate strict liability when a publisher of a child-directed site contracts with a third party in a manner that requires COPPA compliance.
Michael and Bill -email me - happy to share more you are not completley informed. Totally understandable-new ground for sure - will let you read two articles (recent) and lets have a conversation
http://adexchanger.com/ad-exchange-news/thursday-07282016/
and the drum -- http://www.thedrum.com/news/2016/07/27/rubicon-project-and-superawesome-pair-bring-programmatic-advertising-under-13
Trust this is of interest. Best and thank you
Thanks for the comment Gary, and congrats on the partnership w/ Rubicon announced last week. In the article we mention that "solutions are in their infancy". Perhaps we only have a different viewpoint on the progress of the solution, rather than the problem. When I had shared programmatic responsibility for a portfolio that included Cartoon Network, I asked our SSP Rubicon for a solution to this conumdrum. It's great to see it is coming to fruition and we are rooting for the success of such platforms. I will e-mail you to discuss further. - Bill
Very nice analysis of the issue. I would like to add two points. While the ad industry is quite interested in a solution that keeps it out of regulatory hot water, it's important to remember that any modern website or app has numerous third party components that impact privacy. An app with a child audience that uses REX for compliant ads might also use 3 other ad networks that do not curate ads, or it might use an analytics service that captures IP address to do its thing. The proper place for COPPA compliance to be dealt with is at the publisher level, not at the third party level. Parental consent is a huge friction point and once the publisher has receieved it, parents should not have to repeatedly give consent for each of the components of a site or app that capture PII, as would be required under COPPA. <br /><br />My point here is that while Rex looks like a viable 'CYA' solution for adtech, in actual practice it won't provide the publisher with any real compliance except in the unique case where the publisher gathers no PII on their own and uses no other third party services that gather PII. The FTC encourages publishers to build their sites and apps using 'privacy by design', which means proper handling of privacy is considered at the design and build level, not 'tacked on' later.<br /><br />My second point is that you didn't mention the new EU General Data Protection Regulation (GDPR). This new privacy law is the '800 lb gorilla' that will rock the adtech world in a fundamental way. It covers any entity that interacts with an EU citizen, which includes the vast majority of US publishers. <br /><br />With respect to COPPA-style parental consent, Article 8 of GDPR is nearly an exact copy of COPPA with a few important exceptions. First, the default age of consent is 16, not 13. GDPR allows each of the EU member states to choose its age of consent (the UK is on the way out of EU, but previously announced it will go with 13). So you potentially have a situation where the consent age will vary between 13 and 16 depending on which country your user is located in.<br /><br />GDPR requires 'active, informed consent' from users before PII can be captured, stored and used. This consent must be logged and revoking it must be as easy as giving it. Ad networks, known as 'Data Processors' in GDPR speak are under the same responsibility as the publisher (known as the 'Data Controller') to ensure user consent is in effect before doing anything with user PII. There is no 'grandfathering' of consent - user databases that were gathered using passive Opt in or non-informed consent must be 'repermissioned' before use in compliance with GDPR. <br /><br />Summarizing, GDPR is a much bigger concern for Adtech than COPPA. Consent will be required from EVERYONE, not just parents of U13 children.<br /><br /><br />
COPPA was enacted to ensure that children receive 21st Century protections from unfair digital marketing practices, including data collection. Behavioral targeting and related applications are inappropriate for young people. Informed parental consent means honest disclosure on data and marketing practices--a one-stop consent will not do. Programmatic practices are inappropriate--even when they attempt to use back-door "contextual" data driven techniques. Marketers should expect more advocacy to protect children and teens privacy in both the EU and U.S. But they should also develop ethical approaches to monetization that don't undermine privacy, parental role or negatively impact the welbeing of youth.