The self-regulatory group Network Advertising Initiative, which represents ad-tech companies, is warning advertisers and publishers against using an apparent loophole in California's new privacy law.
In a blog post issued this week, the organization says brands and publishers “should be thinking twice, maybe three times,” before taking advantage of the potential loophole -- which involves classifying ad tech companies as “service providers.”
California's law, which took effect this year, requires companies to allow consumers to opt out of the sale of their personal information -- including persistent identifiers, browsing history and other data used by ad tech companies to track consumers online and serve them with targeted ads. Online companies are expected to enable opt-outs by placing a “do not sell” link on their websites.
The law broadly defines “sale” as including transfers and disclosures -- which would appear to cover transfers to ad-tech companies. But the measure also says transfers made for business purposes, pursuant to contracts with service providers, are not sales.
That business-purpose exception has led some companies to contend that they don't “sell” data when they disclose information about web users pursuant to contracts with ad-tech companies -- provided the ad-tech companies only use the data for a narrow set of purposes.
Leigh Freund, NAI President and CEO, says some ad-tech members of the organization are now being asked to enter into those types of service contracts with advertisers and publishers.
The NAI's blog post, and accompanying white paper, outline the potential downsides of those contracts.
“The over-use of service providers can lead to multiple bad effects, including the degradation of individual business results, creation of unhealthy and anti-competitive market dynamics, and, ironically, increased compliance risks,” the organization writes.
The group adds that California Attorney General Xavier Becerra hasn't yet weighed in on the ramifications of classifying ad-tech vendors as service providers.
“Taking all of these drawbacks together, brands and publishers should be thinking twice, maybe three times, about whether 'service provider' contracts really are a silver bullet for CCPA compliance, and should be actively exploring alternatives to service provider arrangements with their ad-tech vendors to avoid negative side effects,” the NAI adds.