Firing Up The Privacy BS Detector

Comic: "It's privacy, safe, folks!"

It’s easy to turn cynical when your job involves writing about ad tech and privacy.

Ad tech vendors and a growing crop of privacy tech companies pitch me constantly to offer their POVs and to brief me on the privacy-preserving features of whatever new product they’re hyping at the moment.

One vendor will hock its “highly predictive, privacy-safe” consumer data-powered proprietary AI neural network (really) while another touts its “privacy-compliant tech for CTV.”

I see the terms “privacy-safe,” “privacy-compliant,” “GDPR-compliant,” “CCPA-compliant,” “privacy-preserving” and “dishwasher safe” (just kidding) in my inbox so often that these descriptors have become nearly meaningless to me.

Fun fact: “Semantic satiation” is the technical term to describe the psychological phenomenon for when overly repeating a word or phrase causes it to temporarily become gibberish to your brain.

And here’s a less fun but still important question: What can brands and publishers do to see through problematic privacy pitches and not fall prey to the mind-numbing effects of semantic satiation?

Question everything

The answer is to be as radically skeptical as Socrates.

Put another way: Fire up your BS detector.

There are certain phrases companies use when they’re talking about their products that should make your antennae twitch. At AdExchanger’s Programmatic IO conference in Las Vegas last month, Rowena Lam, the IAB Tech Lab’s senior director of product, privacy and data, called attention to a bunch of them.

The term “privacy-preserving” is a classic, Lam said. The problem is that it’s so broad as to be almost devoid of meaning, and it begs a lot of questions.

How, for example, does the solution preserve privacy? What techniques are being used? Does the solution rely on encryption? Tokenization? Some other privacy-enhancing technology?

Without the details, saying a tool is “privacy-preserving” is not unlike the sort of puffery you’d get from a used-car salesman.

“Fully anonymous” is another oft-used, ambiguous term.

As Lam pointed out, privacy experts themselves haven’t even agreed on a definition of what anonymization means. So when vendors say they take a fully anonymous approach, that declaration deserves a follow-up question (or five).


But I think my favorite one is “totally privacy-compliant” – because there’s no such thing.

No single vendor has tools that can cover you from every angle, and even if there was such a toolset, using it “doesn’t automatically make you compliant,” Lam said. There isn’t a magic button for total privacy compliance.

Which reminds me of something I heard Arielle Garcia, UM’s chief privacy officer, say at an IAB Tech Lab Rearc privacy event in New York in February.

Back when the General Data Protection Regulation went into effect in 2018, UM almost immediately started getting inbound messages from many of its tech partners claiming they were “GDPR compliant.”

To Garcia, this was a red flag.

“If someone confidently says to me, ‘I am fully GDPR compliant,’ I would not work with that partner because no one knows what that actually means,” she said. “It’s about unpacking the details behind that to understand whether a solution is durable or not.”

Stay cynical, folks.

But here’s something to melt your heart. Meet Truffles the cat, proof that cuteness cures. Drop me a line at [email protected] to let me know what you think (about privacy, about cats and also if you happen to know a corrupt injury attorney for squirrels).

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


Add a comment

You must be logged in to post a comment.