The use of tracking cookies is winding down, and Apple’s anti-tracking privacy update has impacted mobile apps’ advertising revenues. But these changes have only prompted the adtech industry to get more creative with its solutions. The latest example comes from Pandora parent company, SiriusXM, which this week rolled out a new way to identify and track its listening audience across apps, which it’s calling “AudioID.”

The new identity solution comes from AdsWizz, the digital audio ad tech company Pandora acquired for $145 million back in 2018, gaining access to adtech products like dynamic ad insertion, campaign monitoring tools, podcast transcription tech, and even weirder features — like “Shake Me” that let users shake their phones during an ad to trigger an action. Now, AdsWizz is being put to work in a new way, by powering the AudioID product.

To work, AudioID matches the datasets of user information across SiriusXM’s businesses, including its own satellite radio music service, as well as streaming apps Pandora and Stitcher — the podcast app it bought for $325 million in 2020.

The company explains that it looks for signals in the datasets that overlap. So, for example, if a customer signed up with the same email address across both Pandora and Stitcher, SiriusXM can combine those accounts into a single “AudioID.” Consumers won’t likely know this matching is happening behind the scenes. They aren’t being asked by the apps to provide any additional information or consent. There’s no opt-out. That’s because the AudioIDs are meant to be a stand-in for the traditional identifier which, in the past, may have contained or linked to a user’s personal information. SiriusXM, on the other hand, describes its AudioIDs as unique but “anonymized.”

But the AudioID can match together all kinds of signals beyond just an email or phone number to inform its creation. The technology can look for matches across device IDs, IP addresses, other user profile data, and then create an identifier that spans streaming apps. That means it can track a user’s listening behavior whether they’re playing music or podcasts in a mobile app, in the browser, in a car, or on a smart device in their home.

In other words, the company has come up with a way that will continue to allow advertisers to target users with more relevant ads, but in a way that attempts to obfuscate the personal information and identity of the listener and instead focus on the content they listen to.

At launch, the solution will support first-party ad targeting, enhanced measurement, reach, forecasting, and frequency capping use cases, says SiriusXM.

“We are entering a new era of identity – both in culture and in technology – that defines us not by who we are on paper or the cookies we leave behind, but by our interests and passions,” states Chris Record, AdsWizz SVP and Head of Ad Product, Technology and Operations. “AudioID is a consumer-first, privacy-conscious infrastructure that will deliver our audiences the best experiences and give marketers access to data-driven capabilities like never before.”

Of course, it remains to be seen whether consumers will appreciate the positioning of this type of solution — especially after they receive highly-targeted ads after tapping a “do not track” pop-up in their mobile app. The assumption on marketers’ part, of course, is that consumers actually welcome personalized ads because they’re more relevant to their interests. They believe the issue is that consumers don’t want their personal information floating around in advertisers’ dossiers. Arguably, though, consumers who opt-out of tracking understand the trade-off is that the ads they encounter may become less precise. But they tap that button anyway. If anything, that’s because consumers are opting out not only out of a desire for protecting their private, personal information, but because highly personalized ads have gotten far too creepy. The AudioID solution doesn’t seem to address that aspect of consumers’ complaints with modern-day adtech — especially if it’s collecting and compiling a user’s “interests and passions” for better targeting.

SiriusXM notes that the solution is opt-in for its partnered publishers and marketers — they don’t have to use AudioID, in other words. It says that later in 2022, it will extend this first-party targeting to off-platform marketers and advertisers across AdsWizz in the U.S., as well.

The use of tracking cookies is winding down, and Apple’s anti-tracking privacy update has impacted mobile apps’ advertising revenues. But these changes have only prompted the adtech industry to get more creative with its solutions. The latest example comes from Pandora parent company, SiriusXM, which this week rolled out a new way to identify and track its listening audience across apps, which it’s calling “AudioID.”

The new identity solution comes from AdsWizz, the digital audio ad tech company Pandora acquired for $145 million back in 2018, gaining access to adtech products like dynamic ad insertion, campaign monitoring tools, podcast transcription tech, and even weirder features — like “Shake Me” that let users shake their phones during an ad to trigger an action. Now, AdsWizz is being put to work in a new way, by powering the AudioID product.

To work, AudioID matches the datasets of user information across SiriusXM’s businesses, including its own satellite radio music service, as well as streaming apps Pandora and Stitcher — the podcast app it bought for $325 million in 2020.

The company explains that it looks for signals in the datasets that overlap. So, for example, if a customer signed up with the same email address across both Pandora and Stitcher, SiriusXM can combine those accounts into a single “AudioID.” Consumers won’t likely know this matching is happening behind the scenes. They aren’t being asked by the apps to provide any additional information or consent. There’s no opt-out. That’s because the AudioIDs are meant to be a stand-in for the traditional identifier which, in the past, may have contained or linked to a user’s personal information. SiriusXM, on the other hand, describes its AudioIDs as unique but “anonymized.”

But the AudioID can match together all kinds of signals beyond just an email or phone number to inform its creation. The technology can look for matches across device IDs, IP addresses, other user profile data, and then create an identifier that spans streaming apps. That means it can track a user’s listening behavior whether they’re playing music or podcasts in a mobile app, in the browser, in a car, or on a smart device in their home.

In other words, the company has come up with a way that will continue to allow advertisers to target users with more relevant ads, but in a way that attempts to obfuscate the personal information and identity of the listener and instead focus on the content they listen to.

At launch, the solution will support first-party ad targeting, enhanced measurement, reach, forecasting, and frequency capping use cases, says SiriusXM.

“We are entering a new era of identity – both in culture and in technology – that defines us not by who we are on paper or the cookies we leave behind, but by our interests and passions,” states Chris Record, AdsWizz SVP and Head of Ad Product, Technology and Operations. “AudioID is a consumer-first, privacy-conscious infrastructure that will deliver our audiences the best experiences and give marketers access to data-driven capabilities like never before.”

Of course, it remains to be seen whether consumers will appreciate the positioning of this type of solution — especially after they receive highly-targeted ads after tapping a “do not track” pop-up in their mobile app. The assumption on marketers’ part, of course, is that consumers actually welcome personalized ads because they’re more relevant to their interests. They believe the issue is that consumers don’t want their personal information floating around in advertisers’ dossiers. Arguably, though, consumers who opt-out of tracking understand the trade-off is that the ads they encounter may become less precise. But they tap that button anyway. If anything, that’s because consumers are opting out not only out of a desire for protecting their private, personal information, but because highly personalized ads have gotten far too creepy. The AudioID solution doesn’t seem to address that aspect of consumers’ complaints with modern-day adtech — especially if it’s collecting and compiling a user’s “interests and passions” for better targeting.

SiriusXM notes that the solution is opt-in for its partnered publishers and marketers — they don’t have to use AudioID, in other words. It says that later in 2022, it will extend this first-party targeting to off-platform marketers and advertisers across AdsWizz in the U.S., as well.

GWI, a UK-based tech company — formerly GlobalWebIndex — that’s built up a SaaS business which disrupts traditional offline market research methods with a global network of data contributors, mobile surveys and a self-serve platform for surfacing rich consumer insights to customers that include tech giants like Google, has closed a $180 million Series B at a valuation of more than $850M.

The growth funding round is led by global investment firm Permira — and is only GWI’s second tranche of VC after a $40M Series A back in 2018.

The 2009-founded startup was bootstrapped for years by founder and CEO, Tom Smith, before finally taking external investment a few years ago with the goal of scaling access to its consumer lifestyle and habits data beyond dedicated research teams — to “non expert” professionals who may be working in all sorts of roles right across a business.

“That huge market opportunity needed us to really scale up both the GTM [go-to-market] teams but also engineering teams, build up bigger data sets — that’s what we started to really push the peddle on in 2018. And that was a great success, in terms of scaling up the business. That’s really why we’ve come back now to do a growth round because that market opportunity has got bigger,” Smith tells TechCrunch.

Following its $40M Series A, GWI says it’s tripled recurring revenue and grown to nearly 400 employees based across offices in London, New York, Prague, and Athens. Last year it also opened an office in Singapore.

“It’s a really large market, it’s very global,” he adds on why the company has gone back for a second dip into VC now. “The more capital we have to expand out GTM, data-sets and build world class user interface solutions the quicker we’ll be able to build that traction in the global market.”

Rising competition from ‘no code’ touting research-as-a-service rivals (such as London-based Attest) is also likely giving GWI cause to step on the growth gas.

Smith’s original itch to transform traditional (offline) market research methods — infamous for being slow and costly — led to GWI building out a platform for large scale, high frequency data collection which can serve up instantaneous audience profiling and consumer insights to a roster of customers that includes giants like Facebook and Google (who are hardly short of a bit of personal data themselves). Other customers GWI names include Spotify, Twitter, EA, Red Bull, WPP, and Omnicom.

It says it has around 700 customers at this stage.

“The kind of customers we work with now are very large technology companies and platforms who essentially have all the first party data you can think of but they don’t have the richness of that data — they need independent, rich, profiling data to build a better understanding of customer subsets, and that’s what we provide.”

“The big area of growth for us is enrichment of first party data,” Smith adds. “This is where we match — probabilistically, through similar types of demographics and variables (or in some cases deterministically between IDs) — and in an anoymized way we’re able to enrich their first party data and provide our profiling data.”

GWI’s market research platform is fed by around 22 million “digitally connected” consumers across (currently) 48 countries, who take detailed surveys (meaning there’s opt in consent to use of their data) via third party panel providers which plug into GWI’s platform to continuously supply that core data.

It then does its own weighting and probabilistic matching to extrapolate out from the millions of (pseudonymized) survey responses it receives — to what it describes as “global insights at scale, representing the views of 2.7BN, digitally-connected consumers”; covering data about consumers’ demographics, preferences, and behavioural attitudes — all with the goal of helping customers (major brands, agencies, and media organisations) gain a deeper understanding of their audiences.

“We’re looking at preference, attitudes, lifestyles, brand choices, types of media consumed, demographics — the broad subsets,” says Smith, sketching the broad-brush insights the platform serves up to help customers profile their audiences.

Any direct identifiers are stripped out of the survey response data prior to GWI getting it, per Smith — replaced with a unique ID so it’s still possible for its customers to ask follow up questions via the platform without the individuals needing to be identified to customers or to GWI. So the pitch is ‘privacy safe’ behavioral profiling data at scale.

“What we’re doing really differently — it hasn’t been done before — is that we’ve applied technology to the process of [market research] data collection. So we’re running an incredibly large scale data collection, highly frequent in terms of collection process, delivery to customers and all of that is made available inside a self-service platform… instantaneously accessible. Which is a very unique proposition.”

“Every company needs to understand their target audiences, whether they’re future customers, current customers, or the market place they operate in. And increasingly, as companies move — thanks to the digital world we live in — the possibility to engage and reach customers from anywhere in the world is a very real possibility,” he adds.

“But the challenges of understanding those audiences become massively complicated. And if you use market research — which is what people have done traditionally it’s going to take you months, cost millions of dollars. And you going to end up with a very substandard set of data, ultimately.

“The problem we’re solving is by collecting this massive pool of global data any company, regardless of size, scale or budget, can utilize our data to build a really rich understanding of their target audiences that would be impossible with market research.”

Smith says GWI’s latest chunk of VC funding will go on further expansion of GWI’s geographical reach and demographic depth. Or, put more simply, it’s going to capture more data-points from more consumers in more countries.

“This will enable us to provide instant answers to any question and to better understand people,” he says, adding: “We will represent more communities, particularly in underserved markets and segments than any data set before.

“We currently cover 48 countries, but this will increase to 50 in the coming months, and we’ll be expanding that further and adding more data sets across a range of audiences and verticals. We already cover over 40,000 attributes and over 4,000 brands.”

Another big focus for the funding is on the UX of the platform — with Smith saying they want to make it “even more accessible”.

“We want anyone, regardless of research experience, to be able to answer questions, develop meaningful insights and drive decisions in their day-to-day workflows. Creating insights should be as easy as searching Google; and sharing them and aligning across an organisation should be effortless and embedded whether the company is five people or five million.

“This means major investment in consumer grade UX, machine learning for insights automation, and natural language processing.”

“Most businesses are well aware of the need for a deep understanding of their audiences, but for many, this is still a one-off piece of research undertaken every year,” he adds.

“Market research as an industry has stubbornly refused to evolve, clinging on to high-cost service based models, offline methods, and a lack of scale. We are demystifying audience insight and democratising the data to make global audience insight a reality for any business of any size, without the need for deep research expertise or extensive training.”

While he confirms that a small percentage (1%) of GWI’s customers do also use tracking cookies (and/or pixels) in conjunction with the audience insights its platform surfaces, he’s not concerned about the imminent demise of third party cookies.

In recent years, Google has signalled an intent to deprecate support for tracking technologies in Chrome — via its evolving Privacy Sandbox suite of proposed alternative ad targeting technologies. Other browsers already block third party cookies by default. So the direction of travel of for core web infrastructure is toward a cookie-less future. Which may end up making alternative sources of consumer insight data more valuable.

“GWI’s survey-led data does not rely on cookies to provide audience insights to our customers,” says Smith, adding: “We’re actually excited about the prospect of a cookieless future. It presents so many opportunities for the industry to rethink how it uses behavioural data.

“At GWI we believe strongly that data insights are so much more valuable when they’re based on (or fused with) zero-party data. We know that there are organisations everywhere scrambling to find alternatives to the cookie, many of which appear to be very cookie-esque in nature. Which is probably just kicking the can down the road.

“For GWI, we are focused on proving that probabilistic matching, using really great zero-party data, can be far more effective.”

What does he mean exactly by “zero party data”? Smith says this refers to information that’s been “totally anonymized and can never be linked back to an individual but can be used to drive additional profiling or probabilistic matching”.

“There’s really no way you can tie it back to an individual because of the nature of the data that our customers want us to collect — which is attitudes, lifestyles, outlooks. It’s all the stuff that you can’t collect through behavioral data [i.e. such as tracking cookies] really. You just can’t tie it back to one individual person,” he argues, discussing the robustness of the anonymity.

In theory, if a customer of GWI were to have enough of its own extremely high dimension first party data — on millions or even billions of global consumers (as, for example, Facebook has) — there might, potentially, be a way for a customer to reverse the pseudonymity if they could link individual survey takers to identifiable user accounts on other service/s based on matching/mapping profiled interests.

However as GWI’s platform provides access to aggregated as well as anonymized data it’s indeed hard to see how that could happen. (At least outside of a custom integration that did not aggregate the data or else substantially reduced the level of aggregation and enabled matching with other data-sets.)

“They don’t use our data in this way,” Smiths says of Facebook own use of GWI’s service. “They would use it completely independently to their first party data. They are analyzing our data-sets to provide independent profiling data of their audiences in different countries — and they just work with GWI data in silo. You look at data on an aggregated basis. You look at segments of Facebook users, how likely that they are to engage with specific brands or exhibit specific behaviors — there’s absolutely no linkage to first party data.”

“That’s what 99% of our customers use-cases are — they’re using our data in silo to build insights around audiences which they then translate and use elsewhere,” he adds.

Smith also confirms that the unique IDs GWI receives from panel providers (which would likely still constitute personal data under EU law) are never passed to customers.

“The general movement from GDPR and towards individual privacy has been really good for us because people increasingly having to work with aggregated and anonymized data — which is what is our absolute strength and really core for our proposition,” he adds.

“I started the business in 2009 which was the last really great recession. Obviously we’re going through interesting times now but it’s a very different dynamic to back then. That was a tough environment to build a business. There was no way I was going to raise early stage investment for the idea I brought to market — and also it was a research-based solution, which was very much seen as probably not the future of audience insights.”

Over a decade on from the spark of an idea Smith had, with use of behavioral data facing a rising tide of privacy concern and regulatory control, his bet on modernizing the business of market research — via big data, aggregation and probabilistic modelling — looks well positioned to cater to changing compliance requirements while still being able to serve businesses with valuable consumer insights.

Provided GWI can iterate and evolve its UX fast enough to keep up with ‘no code’ touting rivals that are fast following ballooning demand for research-as-a-service.

“What we’re seeing a demand for is a shift from deterministic data — so ‘I can target this individual’ — to one where it’s probabilistic,” says Smith on changing customer demand. “So… based on data we can see or the attributes we can see through the first party data within the browser, they’re likely to fit this bucket in terms of attitudes and lifestyles. And that probabilistic matching is far easier to make happen — and to do at real scale [which] is what you need for advertising to be effective. And we’re increasingly getting asked to probabilistically match our data.

“The other interesting thing for us is that as more and more media runs through it’s basically being bought on first party deterministic data — directly from Facebook or all the big vendors of advertising space — [and] they’ll use our data to perform the key parts of that strategic planning process: Who is my audience, what do they look like? They’ll build that rich profiling and then take the insights from the audience and just translate those into a platform that has first party or deterministic data.

“They’re not directly matching it but they’re taking the insights to inform the types of audiences they should reach through Facebook or Google or Snap or Twitter or TikTok. The people that own the data directly. You don’t actually need to deterministically match that data — and that’s something that’s really in demand.”

Smith adds that GWI is in the process of rolling out a new feature that will enable customers to push an audience that’s been identified in its platform into Facebook — based on “matching the common variables” — much like Facebook’s own ‘lookalike audience’ ad targeting tool.

“There’s no direct data link but you’re taking commonalities and those commonalities drive your media buy and the audiences you should reach for in Facebook,” says Smith, adding: “And that’s really where the industry is moving in my opinion.

“You’re modelling out probabilistic likelihood that that audience fits the audience you want — and actually more valuable is the insights you derive about who your audience is, they really determine where you should activate your media plan.”

Commenting on GWI’s Series B in a statement, Alex Melamud, principal at Permira, said: “Understanding the digital consumer will continue to be increasingly important to brands, agencies, and media organisations who focus on engaging and acquiring customers through digital channels. Companies competing in today’s marketplace need instant audience insights and we believe GWI’s modern platform and globally, harmonised data set provides a unique solution to any data storyteller. We look forward to leveraging our global platform to support GWI’s continued growth and expansion across international markets.”

In another supporting statement, Ron Shah, partner at New York-based VC Stripes, who led its Series A, added: “GWI’s exceptional products should be in the hands of every professional who wants to better understand their customers and make smarter, data-driven decisions, and this milestone is a powerful step forward for the company. Since our original investment in 2018, Tom and the GWI team have made great strides in delivering a transformative and superior product and we believe they’re just getting started. We’re thrilled to have Permira join us in this journey to make GWI’s ambitions a reality.”

Don’t bootstrap for too long

With GWI trotting along a path that could lead to a unicorn valuation this once bootstrapped startup has come a long way — in time and money — from earlier years, such as when Smith had to take some 200 meetings to nail down its first customer (Microsoft). Evidently there’s been a fair amount of sweat and pain involved in scaling this particular SaaS business. So what tips does Smith have for other bootstrapping founders?

“There are many more avenues for raising capital now. Alternative finance just didn’t exist back then,” he notes, perhaps a little ruefully. “There are some obvious things — you have to keep the business extremely lean. The product at the beginning was fairly rudimentary but it solved one problem for customers which was how to understand their audience on a global basis. Solve that on a small scale.

“You’ve got to try and keep it very focused, very lean — and just try and solve one small problem. Most of what we did in the very early days was more service based. There wasn’t really any technology. We tried to minimize the costs. I was a non-technical founder so that didn’t help. But try and fulfil it as a service to begin with — before you really invest in engineering technology which is obviously very hard to pull off and very expensive.

“You [also] need to consider what product you’re selling. Ultimately we’re selling market research which is a high value product that people will pay a good high ticket for and were used to paying for at the beginning of a payment cycle up front. Not all products would suit that. So you need to understand the dynamics of what you’re selling and if it would suit that model. It worked for us — but it’ll only get you so far. At some point if you’re really going to scale you’ve got to spend more than you’re bringing through the door, basically.”

“I probably wouldn’t have bootstrapped for quite as long as I did,” Smith adds. “Try to get to a position of funding earlier.”

GWI, a UK-based tech company — formerly GlobalWebIndex — that’s built up a SaaS business which disrupts traditional offline market research methods with a global network of data contributors, mobile surveys and a self-serve platform for surfacing rich consumer insights to customers that include tech giants like Google, has closed a $180 million Series B at a valuation of more than $850M.

The growth funding round is led by global investment firm Permira — and is only GWI’s second tranche of VC after a $40M Series A back in 2018.

The 2009-founded startup was bootstrapped for years by founder and CEO, Tom Smith, before finally taking external investment a few years ago with the goal of scaling access to its consumer lifestyle and habits data beyond dedicated research teams — to “non expert” professionals who may be working in all sorts of roles right across a business.

“That huge market opportunity needed us to really scale up both the GTM [go-to-market] teams but also engineering teams, build up bigger data sets — that’s what we started to really push the peddle on in 2018. And that was a great success, in terms of scaling up the business. That’s really why we’ve come back now to do a growth round because that market opportunity has got bigger,” Smith tells TechCrunch.

Following its $40M Series A, GWI says it’s tripled recurring revenue and grown to nearly 400 employees based across offices in London, New York, Prague, and Athens. Last year it also opened an office in Singapore.

“It’s a really large market, it’s very global,” he adds on why the company has gone back for a second dip into VC now. “The more capital we have to expand out GTM, data-sets and build world class user interface solutions the quicker we’ll be able to build that traction in the global market.”

Rising competition from ‘no code’ touting research-as-a-service rivals (such as London-based Attest) is also likely giving GWI cause to step on the growth gas.

Smith’s original itch to transform traditional (offline) market research methods — infamous for being slow and costly — led to GWI building out a platform for large scale, high frequency data collection which can serve up instantaneous audience profiling and consumer insights to a roster of customers that includes giants like Facebook and Google (who are hardly short of a bit of personal data themselves). Other customers GWI names include Spotify, Twitter, EA, Red Bull, WPP, and Omnicom.

It says it has around 700 customers at this stage.

“The kind of customers we work with now are very large technology companies and platforms who essentially have all the first party data you can think of but they don’t have the richness of that data — they need independent, rich, profiling data to build a better understanding of customer subsets, and that’s what we provide.”

“The big area of growth for us is enrichment of first party data,” Smith adds. “This is where we match — probabilistically, through similar types of demographics and variables (or in some cases deterministically between IDs) — and in an anoymized way we’re able to enrich their first party data and provide our profiling data.”

GWI’s market research platform is fed by around 22 million “digitally connected” consumers across (currently) 48 countries, who take detailed surveys (meaning there’s opt in consent to use of their data) via third party panel providers which plug into GWI’s platform to continuously supply that core data.

It then does its own weighting and probabilistic matching to extrapolate out from the millions of (pseudonymized) survey responses it receives — to what it describes as “global insights at scale, representing the views of 2.7BN, digitally-connected consumers”; covering data about consumers’ demographics, preferences, and behavioural attitudes — all with the goal of helping customers (major brands, agencies, and media organisations) gain a deeper understanding of their audiences.

“We’re looking at preference, attitudes, lifestyles, brand choices, types of media consumed, demographics — the broad subsets,” says Smith, sketching the broad-brush insights the platform serves up to help customers profile their audiences.

Any direct identifiers are stripped out of the survey response data prior to GWI getting it, per Smith — replaced with a unique ID so it’s still possible for its customers to ask follow up questions via the platform without the individuals needing to be identified to customers or to GWI. So the pitch is ‘privacy safe’ behavioral profiling data at scale.

“What we’re doing really differently — it hasn’t been done before — is that we’ve applied technology to the process of [market research] data collection. So we’re running an incredibly large scale data collection, highly frequent in terms of collection process, delivery to customers and all of that is made available inside a self-service platform… instantaneously accessible. Which is a very unique proposition.”

“Every company needs to understand their target audiences, whether they’re future customers, current customers, or the market place they operate in. And increasingly, as companies move — thanks to the digital world we live in — the possibility to engage and reach customers from anywhere in the world is a very real possibility,” he adds.

“But the challenges of understanding those audiences become massively complicated. And if you use market research — which is what people have done traditionally it’s going to take you months, cost millions of dollars. And you going to end up with a very substandard set of data, ultimately.

“The problem we’re solving is by collecting this massive pool of global data any company, regardless of size, scale or budget, can utilize our data to build a really rich understanding of their target audiences that would be impossible with market research.”

Smith says GWI’s latest chunk of VC funding will go on further expansion of GWI’s geographical reach and demographic depth. Or, put more simply, it’s going to capture more data-points from more consumers in more countries.

“This will enable us to provide instant answers to any question and to better understand people,” he says, adding: “We will represent more communities, particularly in underserved markets and segments than any data set before.

“We currently cover 48 countries, but this will increase to 50 in the coming months, and we’ll be expanding that further and adding more data sets across a range of audiences and verticals. We already cover over 40,000 attributes and over 4,000 brands.”

Another big focus for the funding is on the UX of the platform — with Smith saying they want to make it “even more accessible”.

“We want anyone, regardless of research experience, to be able to answer questions, develop meaningful insights and drive decisions in their day-to-day workflows. Creating insights should be as easy as searching Google; and sharing them and aligning across an organisation should be effortless and embedded whether the company is five people or five million.

“This means major investment in consumer grade UX, machine learning for insights automation, and natural language processing.”

“Most businesses are well aware of the need for a deep understanding of their audiences, but for many, this is still a one-off piece of research undertaken every year,” he adds.

“Market research as an industry has stubbornly refused to evolve, clinging on to high-cost service based models, offline methods, and a lack of scale. We are demystifying audience insight and democratising the data to make global audience insight a reality for any business of any size, without the need for deep research expertise or extensive training.”

While he confirms that a small percentage (1%) of GWI’s customers do also use tracking cookies (and/or pixels) in conjunction with the audience insights its platform surfaces, he’s not concerned about the imminent demise of third party cookies.

In recent years, Google has signalled an intent to deprecate support for tracking technologies in Chrome — via its evolving Privacy Sandbox suite of proposed alternative ad targeting technologies. Other browsers already block third party cookies by default. So the direction of travel of for core web infrastructure is toward a cookie-less future. Which may end up making alternative sources of consumer insight data more valuable.

“GWI’s survey-led data does not rely on cookies to provide audience insights to our customers,” says Smith, adding: “We’re actually excited about the prospect of a cookieless future. It presents so many opportunities for the industry to rethink how it uses behavioural data.

“At GWI we believe strongly that data insights are so much more valuable when they’re based on (or fused with) zero-party data. We know that there are organisations everywhere scrambling to find alternatives to the cookie, many of which appear to be very cookie-esque in nature. Which is probably just kicking the can down the road.

“For GWI, we are focused on proving that probabilistic matching, using really great zero-party data, can be far more effective.”

What does he mean exactly by “zero party data”? Smith says this refers to information that’s been “totally anonymized and can never be linked back to an individual but can be used to drive additional profiling or probabilistic matching”.

“There’s really no way you can tie it back to an individual because of the nature of the data that our customers want us to collect — which is attitudes, lifestyles, outlooks. It’s all the stuff that you can’t collect through behavioral data [i.e. such as tracking cookies] really. You just can’t tie it back to one individual person,” he argues, discussing the robustness of the anonymity.

In theory, if a customer of GWI were to have enough of its own extremely high dimension first party data — on millions or even billions of global consumers (as, for example, Facebook has) — there might, potentially, be a way for a customer to reverse the pseudonymity if they could link individual survey takers to identifiable user accounts on other service/s based on matching/mapping profiled interests.

However as GWI’s platform provides access to aggregated as well as anonymized data it’s indeed hard to see how that could happen. (At least outside of a custom integration that did not aggregate the data or else substantially reduced the level of aggregation and enabled matching with other data-sets.)

“They don’t use our data in this way,” Smiths says of Facebook own use of GWI’s service. “They would use it completely independently to their first party data. They are analyzing our data-sets to provide independent profiling data of their audiences in different countries — and they just work with GWI data in silo. You look at data on an aggregated basis. You look at segments of Facebook users, how likely that they are to engage with specific brands or exhibit specific behaviors — there’s absolutely no linkage to first party data.”

“That’s what 99% of our customers use-cases are — they’re using our data in silo to build insights around audiences which they then translate and use elsewhere,” he adds.

Smith also confirms that the unique IDs GWI receives from panel providers (which would likely still constitute personal data under EU law) are never passed to customers.

“The general movement from GDPR and towards individual privacy has been really good for us because people increasingly having to work with aggregated and anonymized data — which is what is our absolute strength and really core for our proposition,” he adds.

“I started the business in 2009 which was the last really great recession. Obviously we’re going through interesting times now but it’s a very different dynamic to back then. That was a tough environment to build a business. There was no way I was going to raise early stage investment for the idea I brought to market — and also it was a research-based solution, which was very much seen as probably not the future of audience insights.”

Over a decade on from the spark of an idea Smith had, with use of behavioral data facing a rising tide of privacy concern and regulatory control, his bet on modernizing the business of market research — via big data, aggregation and probabilistic modelling — looks well positioned to cater to changing compliance requirements while still being able to serve businesses with valuable consumer insights.

Provided GWI can iterate and evolve its UX fast enough to keep up with ‘no code’ touting rivals that are fast following ballooning demand for research-as-a-service.

“What we’re seeing a demand for is a shift from deterministic data — so ‘I can target this individual’ — to one where it’s probabilistic,” says Smith on changing customer demand. “So… based on data we can see or the attributes we can see through the first party data within the browser, they’re likely to fit this bucket in terms of attitudes and lifestyles. And that probabilistic matching is far easier to make happen — and to do at real scale [which] is what you need for advertising to be effective. And we’re increasingly getting asked to probabilistically match our data.

“The other interesting thing for us is that as more and more media runs through it’s basically being bought on first party deterministic data — directly from Facebook or all the big vendors of advertising space — [and] they’ll use our data to perform the key parts of that strategic planning process: Who is my audience, what do they look like? They’ll build that rich profiling and then take the insights from the audience and just translate those into a platform that has first party or deterministic data.

“They’re not directly matching it but they’re taking the insights to inform the types of audiences they should reach through Facebook or Google or Snap or Twitter or TikTok. The people that own the data directly. You don’t actually need to deterministically match that data — and that’s something that’s really in demand.”

Smith adds that GWI is in the process of rolling out a new feature that will enable customers to push an audience that’s been identified in its platform into Facebook — based on “matching the common variables” — much like Facebook’s own ‘lookalike audience’ ad targeting tool.

“There’s no direct data link but you’re taking commonalities and those commonalities drive your media buy and the audiences you should reach for in Facebook,” says Smith, adding: “And that’s really where the industry is moving in my opinion.

“You’re modelling out probabilistic likelihood that that audience fits the audience you want — and actually more valuable is the insights you derive about who your audience is, they really determine where you should activate your media plan.”

Commenting on GWI’s Series B in a statement, Alex Melamud, principal at Permira, said: “Understanding the digital consumer will continue to be increasingly important to brands, agencies, and media organisations who focus on engaging and acquiring customers through digital channels. Companies competing in today’s marketplace need instant audience insights and we believe GWI’s modern platform and globally, harmonised data set provides a unique solution to any data storyteller. We look forward to leveraging our global platform to support GWI’s continued growth and expansion across international markets.”

In another supporting statement, Ron Shah, partner at New York-based VC Stripes, who led its Series A, added: “GWI’s exceptional products should be in the hands of every professional who wants to better understand their customers and make smarter, data-driven decisions, and this milestone is a powerful step forward for the company. Since our original investment in 2018, Tom and the GWI team have made great strides in delivering a transformative and superior product and we believe they’re just getting started. We’re thrilled to have Permira join us in this journey to make GWI’s ambitions a reality.”

Don’t bootstrap for too long

With GWI trotting along a path that could lead to a unicorn valuation this once bootstrapped startup has come a long way — in time and money — from earlier years, such as when Smith had to take some 200 meetings to nail down its first customer (Microsoft). Evidently there’s been a fair amount of sweat and pain involved in scaling this particular SaaS business. So what tips does Smith have for other bootstrapping founders?

“There are many more avenues for raising capital now. Alternative finance just didn’t exist back then,” he notes, perhaps a little ruefully. “There are some obvious things — you have to keep the business extremely lean. The product at the beginning was fairly rudimentary but it solved one problem for customers which was how to understand their audience on a global basis. Solve that on a small scale.

“You’ve got to try and keep it very focused, very lean — and just try and solve one small problem. Most of what we did in the very early days was more service based. There wasn’t really any technology. We tried to minimize the costs. I was a non-technical founder so that didn’t help. But try and fulfil it as a service to begin with — before you really invest in engineering technology which is obviously very hard to pull off and very expensive.

“You [also] need to consider what product you’re selling. Ultimately we’re selling market research which is a high value product that people will pay a good high ticket for and were used to paying for at the beginning of a payment cycle up front. Not all products would suit that. So you need to understand the dynamics of what you’re selling and if it would suit that model. It worked for us — but it’ll only get you so far. At some point if you’re really going to scale you’ve got to spend more than you’re bringing through the door, basically.”

“I probably wouldn’t have bootstrapped for quite as long as I did,” Smith adds. “Try to get to a position of funding earlier.”

FLoC (Federated Learning of Cohorts), Google’s controversial project for replacing cookies for interest-based advertising by instead grouping users into groups of users with comparable interests, is dead. In its place, Google today announced a new proposal: Topics.

The idea here is that your browser will learn about your interests as you move around the web. It’ll keep data for the last three weeks of your browsing history and as of now, Google is restricting the number of topics to 300, with plans to extend this over time. Google notes that these topics will not include any sensitive categories like gender or race.

To figure out your interests, Google categorizes the sites you visit based on one of these 300 topics. For sites that it hasn’t categorized before, a lightweight machine learning algorithm in the browser will take over and provide an estimated topic based on the name of the domain.

Image Credits: Google

When you hit upon a site that supports the Topics API for ad purposes, the browser will share three topics you are interested in — one for each of the three last weeks — selected randomly from your top five topics of each week. The site can then share this with its advertising partners to decide which ads to show you. Ideally, this would make for a more private method of deciding which ad to show you — and Google notes that it also provides users with far greater control and transparency than what’s currently the standard. Users will be able to review and remove topics from their lists — and turn off the entire Topics API, too.

“The design of topics was informed by our learnings from the earlier FLoC trials,” Google’s Privacy Sandbox lead Ben Galbraith said in a press briefing ahead of today’s announcement. “And this resulted in a bunch of great feedback from the community, as I’m sure you know. As such, Topics replaces our FLoC proposal and I want to emphasize that this whole process of sharing a proposal, doing a trial, gathering feedback and then iterating on the designs — this is the whole open development process that we wanted for the Sandbox and really shows the process working as intended.”

Image Credits: Google

Galbraith noted that Google has spoken to a number of parties to gather feedback for this new proposal, but today marks the start of the company’s process of collaborating with the ecosystem. It’ll remain to be seen if other browser vendors will be interested in adding the Topics API. Since they all quickly turned a cold shoulder to FLoC, I’m somewhat skeptical that they will want to adopt the Topics API, but it’ll be interesting to watch how the ecosystem reacts.

It’s also worth noting that, for advertisers, Topics is only one potential signal to decide which ad to show to a given user. In some ways, it just becomes another signal for them that can be augmented with data about the article a user is currently reading, for example, or other contextual data about the user.

The plan is to start trialing the Topics API at the end of this quarter, but to get the ball rolling, Google also today published a technical explainer that delves a bit deeper into the details of the proposal.

German publishers are the latest to band together to try to derail or at least delay Google’s “Privacy Sandbox” plan to end support for tracking cookies in Chrome via a complaint to the European Commission.

The Financial Times reports that hundreds of German publishers, advertisers and media and industry groups — including local powerhouse Axel Springer (which publishes titles like Bild and Politico) — have submitted a complaint to the bloc’s competition chief, Margrethe Vestager, arguing that Google’s plan to phase out support for third party cookies from its Chrome browser and replace tracking infrastructure with alternative (and it claims) more privacy-respecting alternatives for ad targeting breaches EU competition law.

This is not a novel argument. The UK’s competition watchdog, the CMA, has been considering similar complaints since 2020 — and is in the process of consulting on a series of behavioral and operational commitments offered by Google in a bid to avoid a full ban on the migration in that market.

Indeed, the regulatory attention to Privacy Sandbox has already contributed to delay the implementation timeline by up to a year, as Google said last summer that the switch would not now happen until the second half of 2023 vs an earlier announcement, in January 2020, when it said it wanted to make the shift “within two years”.

While the UK is no longer in the EU, Google has said that if the country’s Competition and Markets Authority accepts its Privacy Sandbox commitments it will apply them globally — meaning they would also apply in and be relevant for the EU (which is not the same as saying they would be automatically acceptable to the bloc’s own regulators, however).

German publishers and advertisers don’t seem impressed by Google’s offer, though.

At least not judging by the 108-page complaint reviewed by the FT — in which it reports that Axel Springer, along with the country’s federal association of digital publishers and a number of others argue the planned changes will damage their businesses while allowing Google’s ads-based search business unaffected as it will collect to be able to collect vast amounts of user data.

Per the FT’s report of the document, the companies argue they must be allowed to continue to ask users for consent to process their data for ad targeting “without Google capturing this decision”; as well as urging that “Google must respect the relationship between publishers and users without interfering”.

In a statement responding to the report of the complaint, a Google spokesperson said:

“People want a more private, secure web and we’ve proposed ideas to help build it with new digital advertising tools to protect privacy and prevent covert tracking, while supporting a thriving ad-funded open web.”

In further background remarks, the tech giant argued that web users’ expectations and regulations are both changing so there’s a need for adtech infrastructure to adapt.

It also pointed out that other browsers have already withdrawn support for tracking cookies. (Albeit, Google’s market power here, via Chrome, is far more substantial than alternative browsers like Firefox and Safari.)

The tech giant also claimed its Privacy Sandbox proposal are being designed in the open — in consultation with a cross-section of the web community, including publishers.

Although, here again, there’s no doubt Google remains in the driving seat, directing and steering these proposals (and what ‘consultation’ there is and has been to date, certainly does not sum to co-design, let alone Google taking a more minor role in shaping the future).

Moreover, a perceived lack of transparency/openness in Google’s approach has also led the company to dial up the commitments it has offered the UK competition regulator on Sandbox — such as around testing and taking market feedback — which suggests, contrary to Google’s background claims, that a lack of openness is a particular bone of contention for advertisers and publishers (at least in the UK market).

In Germany, Google/Alphabet currently has two open antitrust investigations against it by the country’s Federal Cartel Office (FCO): One focused on its News Showcase product; and another digging into its data terms.

Notably, earlier this month the German regular found Mountain View meets the threshold for ex ante regulatory interventions to be applicable — which quickly led to an offer from Google to try to settle the News Showcase complaint. So it’s interesting to speculate whether the FCO has received a copy of the German publishers complaint against Privacy Sandbox.

If so — and if the FCO agrees there’s a problem — that would offer (very likely) the swiftest option for local behavioral relief, given Germany is ahead of other European countries (and the Commission) in updating its domestic competition rules with an eye on curbing tech giants’ market power. (The UK, for example, intends to bring in a “pro-competition” reform to tackle Big Tech’s market power too, but has yet to legislate, meaning the CMA is limited to its existing regulatory toolbox.)

However a spokeswoman for the FCO declined to confirm whether/if the regulator has received a Privacy Sandbox complaint from German publishers — saying only: “We don’t communicate about possible complaints we have received.”

A Commission spokeswoman also declined to comment on the FT’s report and any potential impacts the complaint could have on its own ongoing investigation of Google’s adtech practices.

The Commission has hit Google with a series of enforcements under Vestager’s tenure at the competition unit.

But it was not until last summer that Vestager finally turned her attention to Google’s adtech practices — saying then that the unit would examine whether Google is distorting competition by restricting access by third parties to user data for advertising purposes on websites and apps, while reserving such data for its own use.

The terms of reference of the investigation do explicitly refer to Privacy Sandbox — with the Commission saying it would look at the plan to replace third party ‘cookies’ on Chrome with a stack of alternatives ( including considering “the effects on online display advertising and online display advertising intermediation markets”).

The EU probe also covers scrutiny of a Google plan to stop making the advertising identifier available to third parties on Android devices when a user opts out of personalised advertising to similarly assess the wider ad market effects, among other areas of investigation.

On this, the Commission spokeswomen told us: “As part of its in-depth investigation, the Commission is examining, among others, Google’s announced plans to prohibit the placement of third party ‘cookies’ on Chrome and replace them with the “Privacy Sandbox” set of tools, including the effects on online display advertising and online display advertising intermediation markets.”

“This investigation is ongoing,” she added. 

The EU’s own set of ex ante rules for tech giants — aka, the Digital Markets Act — is currently making its way through the bloc’s co-legislative process. And MEPs recently voted to beef up restrictions on gatekeepers’ ability to track Internet users for ad targeting. Although the full detail of the future pan-EU law has yet to be hammered out.

So, whether or not Google gets its way with Privacy Sandbox, it’s clear adtech is facing substantial regional pressure to reform.

The outgoing UK information commissioner warned the industry last fall it’s past time for a big reset, emphasizing the need to move away from current methods of online tracking and profiling, and bake in data protection and privacy from the start.

The German publishers’ apparent focus on maintaining the ability to ask users for consent to track looks, well, interesting in light of long-standing GDPR complaints against current ‘consent request’ methods. (Also last November the ad industry body, the IAB Europe, warned it’s expecting to be found in breach of the pan-EU regulation — along with its industry standard Transparency and Consent Framework, which is used by scores of websites to gather consent for ad targeting.)

One thing is clear: There won’t be a sticking plaster fix for systematic, high velocity trading of web users’ personal data for ad targeting purposes — a meaningful alternative will be required to pass muster under robust EU privacy laws.

Whether this alternative gets designed by Google — or by the wider adtech and publishing industry engaging in good faith with privacy concerns — is a whole other question. And, well, so far Google does rather look streaks ahead in this regard… 

The European Union’s chief privacy and data protection regulator has urged EU policymakers to strengthen proposed ‘transparency’ rules for political ads — calling instead for meaningful limits that would fully ban microtargeting for political purposes.

The Commission proposal to regulate political ads, last fall, fell very far short of that — offering what this publication characterized at the time as a very “tepid” set of political ads transparency rules, riddled with loopholes which election fiddlers and propaganda muck-spreaders would find all too easy to exploit.

It seems the European Data Protection Supervisor (EDPS), Wojciech Wiewiórowski, takes a similar view, recommending in an opinion (PDF) yesterday — after the usual courtesies welcoming the “overarching aims” of the Commission proposal — that the regulation needs to be strengthened and that it should include “a full ban on microtargeting for political purposes”.

“Political communication is essential for citizens, political parties and candidates in order to fully participate in democratic life. To preserve our democracy, we also need strong rules to combat disinformation, voter manipulation and interferences with our elections. We need to do more if we want to tackle the many risks surrounding the use of targeting and amplification techniques for political purposes,” he said in a statement accompanying his opinion.

The EDPS’ call for a ban on political microtargeting is not a great surprise as Wiewiórowski has previously called for EU lawmakers to ban behavioral advertising entirely.

In February last year he warned that transparency measures may not be enough to prevent the myriad manipulative harms linked to microtargeting (such as discrimination; the exploitation of vulnerable or protected people and groups; the amplification of hate and fraud; and election interference, to name a few).

In his opinion on political ads now he argues that the case for a ban here is even stronger.

“The existing business models behind many online services have contributed to increased political and idealogical polarisation, disinformation and manipulation. Targeted advertising and amplification mechanisms have been instrumental in provoking such harms,” he argues, adding: “The EDPS considers his recommendations about online targeted advertising are even more valid in the political context, having in mind its potential negative impact on the integrity of democracy and its representative institutions.”

“Targeted advertising can be used to unduly influence individuals when it comes to political discourse and democratic electoral processes,” Wiewiórowski continues. “While ‘traditional’ offline political campaigning intends to influence voters’ behavior via message that are generally available and retrievable (verifiable), the targeted advertising makes it possible to target individual voters as well as group with tailored messages, specific to the particular needs, interests and values of the target audience.

“The EDPS concurs with the Commission’s conclusion that such practices have specific detrimental effects on citizens’ fundamental rights and freedoms, including their freedoms of opinion and of information, to make political decisions and exercise their voting rights. Moreover, he is convinced that they present increasing risks not only for the fundamental rights of individuals, but also for society as a whole.”

He goes on to warn that use of personal data allows for different groups of voters or individuals to be segmented and “characteristics or vulnerabilities exploited” — such as by serving an ad at a particular moment in time or a place when a person or group may be more sensitive to the messaging.

And of course democratic accountability and oversight over political messaging when, in the case of ads delivered via microtargeting platforms like Facebook, there may be literally hundreds of thousands (or more) permutations of marketing, tweaked and tailored to specific individuals, is simply not realistic.

To be clear, when the EDPS talks about targeted ads, he’s specifically concerned about the use of personal data for microtargeting — and how such data may be analyzed to infer characteristics (or otherwise derive information) about individuals which is then used to selectively target that person with messages judged to be most likely to have the desired impact — so his call for a ban on political microtargeting is not a call for a blanket ban on being able to target political ads.

(Contextual advertising, for example, which does not rely on processing individuals’ personal data to determine which ad to show — and where targeting is based on a general location, say, or limited to certain (non-sensitive) search keywords — seems unlikely to invoke the same suite of concerns.)

As well as calling for a full ban on political microtargeting, the EDPS wants to see further restrictions on the categories of data that can be processed for political targeting under the proposed law.

The Commission proposal did suggest some limits on the personal data that can be used for political targeting — focused on so called “special category” data, which refers to personal data considered the most sensitive (such as health data, political or religious affiliation, ethnic or racial origin, sexuality and so on).

However the EDPS wants the provision strengthened — pointing out that the Commission’s suggested limitations include two gaping exceptions which essentially make the claimed limits worthless (as TechCrunch also pointed out in our analysis last year).

“The EDPS considers that, in practical terms, Article 12 of the Proposal does not appear to offer any additional protection in comparison to existing Union legislation on data protection,” writes Wiewiórowski in a particularly awkward line of assessment for the Commission.

He goes further, too — essentially saying it’s unlikely that political microtargeting that makes use of such sensitive personal data would have a valid legal basis under EU data protection law (so, er, legally you probably can’t do that anyway) — with Wiewiórowski pointing out that current cookie consent practices are hardly renowned as paragons of compliance…

He also highlights “the growing use of complex and often opaque algorithms” — and AI — being used for ad profiling and targeting, asserting that: “[I]t is questionable to what extent the consent of the citizen will actually be sufficiently and meaningfully informed”.

He also adds: “More fundamentally, however, the EDPS questions whether practices which have been identified by the Proposal of having specific detrimental effects should be allowed at all to take place and whether the individual’s consent would be sufficient to mitigate the risks posed by them.”

In short, this is a very polite — but very firm — slapdown to the Commission’s whole approach (and its trumpeting of an “ambitious” proposal — which it claimed last year would usher in “strict conditions” and “secur[e] the use of personal data in context of political targeting, protecting the democratic process”). 

In essence, the bloc’s chief data protection supervisor is saying the proposal will do none of the things claimed in the Commission’s PR.

Ouch.

The Commission was contacted for a response to the EDPS’ opinion. At the time of writing it had not responded — but we’ll update this report if we get a comment.

It’s fair to say that the EU’s executive is not a fan banning very much when it comes to problematic digital practices.

A proposal to regulate AI introduced by the Commission last year did — unusually — propose some outright bans on certain use-cases. However civil society has warned the text added so many limitations, dilutions and exceptions to the suggested prohibitions it’s hard to see how they would have a meaningful effect on limiting harms.

When it comes to microtargeting, the Commission evidently also isn’t at all keen on a ban.

Indeed, a number of commissioners — including EVP Margrethe Vestager — have been straight-up parroting the adtech industry talking points on the topic in recent months (per Politico), seemingly in a bid to influence the European Parliament’s negotiating position on the legislation to prevent MEPs adding restrictions on adtech business as usual. (Not very successfully, however — given MEPs just gave a thumbs up to some major limits on tracking ads.)

Tracking industry lobbyists with links to the adtech duopoly — who of course have the most to lose if surveillance advertising actually gets banned — have argued that the survival of small businesses is dependent upon Internet users giving up their privacy en masse in order that everyone can be profiled and targeted cheaply enough to spark joy for SMEs’ marketing budgets.

Vestager appears to have made a similar point to a European Parliament committee last November — apparently favoring transparency and user friendly controls — aka, exactly the sort of measures adtech lobbyists like to suggest to try to fend off meaningful regulation — rather than anything more substantial measures. Such as the EDPS’ recommended outright ban.

Still, the Commission as a whole, and Vestager too, evidently sees the need for political ads to have different rules vs commercial marketing — so at least for there to be a perception that political ads are being dealt with more strictly in the EU.

In practice, though, their proposal looks closer to delivering yet more tedious and exhausting regulatory theatre than meaningful limits on serious harms. EU citizens should not be impressed.

While adtech lobbying to defend privacy-hostile microtargeting continues to try to chainlink the mass tracking, profiling and behavioral targeting of Internet users to the economic survival of SMEs, a YouGov survey earlier this month (via Euractiv) offers a very different perspective — finding a majority of French and German SMEs actually oppose microtargeting yet feel they have no choice but to use these ad tools given the market dominance of Facebook and Google.

So not exactly a ringing endorsement of creepy ads from (some) European SMEs.

Vestager — who remains the bloc’s competition chief — has made it clear for years that she’s not a fan of boosting competition by breaking up Big Tech, which could be one way to ensure SMEs have a better choice of ad tools.

Nor indeed is she a fan of blocking Big Tech M&As which may further entrench  dominance — preferring behavioral remedies, and/or regulation, rather than stronger intervention to restore competitive balance to tipped markets.

Such as the ten year ban on Google using Fitbit heath data for advertising — which was one of the “commitments” Vestager accepted to waive through that particular acquisition back in 2020.

Adtech has been a particular Vestager blindspot — as the Commission only opened a formal probe of Google’s adtech stack last summer, lagging way behind complaints and investigations across multiple jurisdictions.

When it comes to Big (ad)Tech’s market power, the Commission EVP has championed a package of ex ante rules as the best way to clean up abusive practices — aka the Digital Markets Act, which is fast making its way through the EU’s co-legislative process. Although here too MEPs have found her approach lacking — since the parliament voted for restrictions on microtargeting to be added into that law too.

The Commission is duty bound to listen to the other EU institutions as it draws up regulatory proposals. So how long it can keep sticking its fingers in its ears on the need to reform adtech is an interesting question to ponder.

The European Parliament has definitively backed major limits on behavioral advertising during a plenary vote on amendments to the pan-EU Digital Services Act (DSA).

The move looks set to crank up pressure on Big Tech business models that rely on pervasive tracking and profiling of users to target ads — with adtech duopoly Facebook and Google, which make most of their money through mass surveillance and microtargeting of Internet users, squarely in the frame.

In an earlier vote the parliament already backed a full ban on profiling minors and limits on the use of special category data for ad targeting to be added to another piece of draft digital legislation, the Digital Markets Act (DMA).

But while the DMA will apply to so-called internet “gatekeepers” (such as Facebook and Google) the latest amendments expand the remit of restrictions even further as the DSA updates the bloc’s long-standing ecommerce directive, so is set to apply to digital services more broadly. 

Having the same provisions in both packages of legislation is also important for legislative consistency (which supports enforcement) — and sends a clear signal of where the parliament stands on this issue.

While MEPs rejected an amendment to the DSA that had proposed a complete ban on behavioral advertising, a number of amendments proposed by a coalition of MEPs, civil society organisations and companies — organizing as the Tracking-free Ads Coalition — were passed during the votes.

These included one that is — effectively — a ban on using UX tweaks to manipulate/force consent as the amendment requires platforms to offer parity in consent flows for refusing or agreeing to hand over data.

Moreover, in the event of a user denying profiling the amendment says they should be given “other fair and reasonable options” to access the service. This amendment was passed with 329 in favor vs 303 against (with 60 abstentions).

Another Coalition amendment which passed mirrors provisions in the DMA to ban the ad profiling of minors and also prohibit the use of highly sensitive personal data (such as racial or ethnic origin, political or religious affiliation, sexuality or health data) for behavioral targeting of anyone.

It passed with a larger majority: 410:273 (with 9 abstentions).

At the same time, an attempt to weaken the draft legislation by removing existing restrictions in the text on dark patterns — via a split vote — was also resoundingly defeated by MEPs in a definitive rejection of Big Tech’s lobbying against regulation.

On dark patterns the parliament voted overwhelmingly (524:157; with 11 abstentions) to reiterate its desire for a ban.

Practices the parliament wants outlawed include giving more visual prominence to certain consent options vs others; repeatedly requesting consent after a denial to try to fatigue users into agreeing; nudging users to change settings after they have already made a choice; ignoring automated opt-outs signalled by users and requesting consent regardless; and making it “significantly more cumbersome” to terminate a service vs signing up.

The upshot of these votes is that the elected representatives of EU citizens have signalled strong backing for significant restrictions to microtargeting and related adtech practices (like manipulative consent flows) which — if they make it through into the final law — will put a significant squeeze on surveillance-based business models, increasing pressure for adtech reform.

“This is extremely significant because — trilogue pending — you can’t target people anymore on all the sensitive data or whatever can be used to infer that sensitive data, so sexual orientation, political affiliation, trade union membership, ethnic origin and so on, that’s quite broad — and whatever could be used to infer that,” said MEP Alexandra Geese, one of the parliamentarians backing the Tracking-Free Ads Coalition, speaking to TechCrunch after the vote.

“This is a game-changer — together with the other provisions we already had, and the compromise on the DMA which is the ban for targeted advertising on minors… the [provisions against] dark patterns [to] clearly allow people to say ‘yes’ or ‘no’ to tracking. That’s a bunch of provisions that clearly limit the possibility to use surveillance advertising significantly and I think that could usher in a change of the whole business model of the internet — away from surveillance advertising and towards contextual advertising.”

“It’s going to be complicated for platforms,” she added. “They will defend [current targeting practices] but all the restrictions are significant and I think especially advertisers will start looking at that and say, well why do we have to put up with these — in the end we don’t reach the people, why can’t we just do context? So I’m really hoping for a change of the business mode… We’re clearly showing this is not working, this is not compatible with a democracy — do something about it.”

An industry standard framework for obtaining consents to serve tracking ads currently is already facing a finding that it breaches the General Data Protection Regulation (GDPR).

So quite how the current creepy adtech ‘standard’ — of pervasive, consentless profiling of Internet, users combined with high velocity trading of people’s attention — would be able to survive with even less rope to lasso consumers’ eyeballs in the future is indeed unclear.

Geese pointed to a statement by Facebook in November — when the tech giant announced that it would not longer allow advertisers to target people based on “sensitive” topics, arguing: “They are feeling the heat, definitely,” before pressing the case to follow through and cement legislative limits: “But as long as we don’t have the instruments to check this that doesn’t mean anything — I mean who believes Mark Zuckerberg anyway?”

The Commission’s DSA proposal also contains a package of measures to dial up transparency and accountability on platforms and their hierarchy generating AIs — requiring larger platforms to submit to a degree of regulatory oversight of their algorithms, as well as to provide public interest researchers with access to data to enable independent scrutiny of platform effects.

Such measures will clearly be crucial in ensuring any legislative limits on Big Tech’s microtargeting are actually implemented by the platforms.

“We clearly can’t solve all the problems with the DSA — because first of all we need to do a lot more research, and the problem is so far we couldn’t do the research because we couldn’t access the data,” says Geese. “[But] with the DSA you give the Commission, the digital service coordinators, researchers and NGOs access to the data if they have good projects in order to assess the compliance so once the DSA’s in force we will start having an enormous amount of knowledge, of insights. And we will be able to come up with even better and more precise regulation.

“We won’t depend on Mark Zuckerberg or someone from Google telling us ‘oh we’re doing nothing wrong’; we will have the knowledge to deal with it. I think this is really what makes a difference.”

The parliament’s vote to restrict adtech is especially significant given the massive lobbying effort by Google and Facebook throughout last year, also looping in their extensive proxy network of third party industry organizations to lobby on their behalf.

US tech giants have poured literally millions into trying to influence the shape of this major update to EU digital legislation in recent years — leading to some especially cringeworthy memeing this week from internal market commissioner EVP, Thierry Breton. (Albeit, at least Breton avoided straight-up parroting of adtech talking points, unlike some others in the Commission… ).

Big (ad)tech’s campaigning against regulation of tracking ads also — oh the irony! — included a blitz of ads targeted at EU lawmakers ahead of today’s vote, as well as plenty of cash splashed on traditional newspaper ads. Such as the below Facebook ad in a German newspaper pushing a self-serving claim that small businesses need tracking ads to survive…

In the end, MEPs don’t appear to have been taken in by Nick Clegg’s favorite talking point. (Aka: ‘Save Me(ta) to Save SMEs’.)

How did they resist all that spin? Paul Tang, another of the parliamentarians who’s backed the push against tracking ads, pointed to a recent YouGov survey of SMEs in France and Germany — which found a majority don’t actually want to use tracking ads but said they feel they have no choice but to use Facebook and Google because of their market dominance.

He also highlighted the impact of antitrust reports, produced by competition authorities in the UK and Australia in recent years, digging into the adtech duopoly — which have suggested the lion’s share of every ad dollar (or euro) ends up in the coffers of Facebook and Google. (Or, put another way, the Big Adtech philosophy is: ‘me, me, me; not SME’.)

Tang also pointed out that the Coalition put over a year of work into raising awareness and educating fellow lawmakers on the issues and harms linked to tracking ads, with all this effort inexorably buoyed up by a parade of Big Tech scandals over the period — such as the Facebook Files. Or the flow of cartel-ish revelations from various antitrust suits.

So, in the European parliament at least, the penny appears to have dropped on Big Tech.

What happens next? The plenary vote amending the DSA sets the parliament’s negotiating position for trilogue discussions with its co-legislators, the Council (aka EU Member States’ governments) and the Commission — so Facebook and Google’s lobbying will likely swing towards Member State governments in earnest. And perhaps we’ll see Sundar Pichai finding time for another politician-pressing tour of European capitals.

In one early reaction to the parliament’s vote, the European arm of adtech industry association, the Interact Advertising Bureau (IAB), showed no signs of dialling down the lobbying — describing the vote as “disappointing”, and claiming that “personal data in advertising is already tightly regulated by existing legislation”, before urging EU lawmakers to “reconsider” to “ensure we end up with a DSA that provides legal certainty for all actors”.

The IAB’s regional director of public policy, Greg Mroczkowski, added in the statement: “It is disappointing that in a mistaken belief that targeted advertising causes online disinformation or breaches privacy and data protection principles, MEPs have decided to pass amendments that not only overlap with the GDPR and existing consumer law but risk undermining these rules, as well as the entire ad-supported digital economy.

“Ultimately, a Digital Services Act that boosts transparency and certainty across the online economy is in everyone’s interests. We will be consulting with our members and all interested stakeholders to try to come up with solutions that are workable, secure and efficient.”

There is still months more road to run on this drama before the full and final detail of the DSA is hammered out — so plenty could change. But, after the trilogue discussions conclude — assuming a compromise is reached (it still has not over the ePrivacy reform) — MEPs get another vote on the final text so today’s vote underscoring the parliament’s red lines on adtech sends a strong signal to Member States over what the parliament will accept in the final legislative package.

Hence why anti-tracking ads campaigners are sounding so jubilant. (And, well, the IAB isn’t.)

“There was an enormous amount of lobbying on parliament… It was really enormous — and we still made it. So I’m a lot more optimistic than yesterday, I have to say,” adds Geese. “This is a really really good report we’re passing in parliament today.”

On potential Council pushback, she suggests any pro-tracking moves by Member State governments might be tempered by the momentum that’s now been generated on the issue.

“In trilogue — let’s see. From what I know, surveillance advertising wasn’t a big issue in the discussions in Council that led to the general approach. It wasn’t even discussed much. And now there’s a momentum — that is very, very different — and I think governments will have to look into it. And ask themselves is that really the position we want to defend? Why are we defending Meta’s and Google’s interests rather than the interests of our own companies?

“So it’s going to be a different debate, I think. I know the general approach of the Council is already fixed but this is a possibility. We have to find a compromise anyway — and we will discuss it.”

“In Germany the government has changed in the meantime. That might have some weight. It depends a little bit. We will see. Too early to foresee that I think — but there’s an open space right now to talk about it,” she adds. “If we had lost this vote it would have been a lot more difficult because it would have been limited to minors. But now we have to discuss it in the trilogue very actively.”

Asked about the defeat of the amendment that had proposed a full, default ban on profiling for ads, Geese suggests Big Tech’s  lobbying did succeed in sewing enough FUD around the issue to create doubt in MEPs’ minds.

But she argues their spin won’t be able to survive the rising scrutiny — including from antitrust regulators interrogating the source of the adtech duopoly’s market power. So the direction of travel in the coming years looks clear.

“What the platforms manage to do was the instil the idea in people that either you have surveillance advertising or you have no advertising at all online. And that’s not true,” she tells TechCrunch. “We need some more time to show that this is not true — there’s some very good alternatives that would be even a lot better for European companies, also in terms of competition.

“We have these huge competition issues with Google and Facebook controlling in Germany and France, 70% of the market — globally a lot more — and now the people who really follow competition policy in digital markets know that, with the Texas lawsuit discoveries and so on that there’s really cartel curbing going on…. So once there’s interest for the topic you can communicate these facts but first you need to raise awareness.

“Because it’s complicated to explain and it’s not something people really feel in their daily lives, so politicians are not too motivated to look into this… And this is why this success is so important because in trilogue, the media, everyone will start talking about it, looking into it, and see how rotten the system is — and why it’s so bad for us. This is why I have quite a lot of home that sooner or later we will either have a total ban or just phase out the business model.”

Back in March Vienna-based PlanRadar snapped up a €30 million Series A to digitize construction and real estate. The Austrian startup – a platform for documentation and communication in construction and real estate projects – is continuing its funding roll with a $70 million fundraising round co-led by Insight Partners and Quadrille Capital.

The round also drew participation from existing investors including Headline, Berliner Volksbank Ventures, aws Gründerfonds, and Cavalry Ventures, plus new investors Proptech1, Russmedia and GR Capital. 

To add context to that, this is a significant raise for an Austrian company and PlanRadar claims it’s the third-largest Series B in Austrian history to date. I’ve detailed previously detailed how Austria is one of the newer, emerging tech hubs in Europe in one of my European city surveys.

PlanRadar now plans new offices in the US, Australia, the Gulf Cooperation Council (GCC), Southeast Asia, and Latin America. The company will also boost R&D investment and hopes to double its global headcount over the coming 12 months.

Since launching in Vienna, Austria, in 2013, PlanRadar says it has grown revenues by over 250% and more than doubled its customer base to 14,500 customers in over 60 countries. It has launched 10 new markets across Europe and Russia since 2020, with offices in Vienna, London, Amsterdam, Moscow, Paris, Madrid, Milan, Zagreb, Warsaw, and Bucharest.

Ibrahim Imam, PlanRadar Co-Founder and Co-CEO said: “We’re on a mission to make construction and building operations easier to manage, and we’ve proven there’s a huge global appetite for our technology.”

Thomas Krane, Principal at Insight Partners said: “The PropTech sector is poised for enormous growth, and PlanRadar is bringing the global construction and real estate industry into the digital future.” 

Competitors to PlanRadar include Bluebeam Revu, Autodesk Construction Cloud, Procore, and IBM’s TRIRIGA.

Over 30 civil society organizations, pro-privacy tech businesses and European startups are making a last ditch pitch to try to convince EU lawmakers to put stricter limits on surveillance advertising as a major vote looms on an update to the bloc’s digital rules.

The European Parliament will vote shortly to confirm its negotiating position on the Digital Services Act (DSA) — and the 30 signatories to the joint statement on “surveillance-based advertising” are urging MEPs to back amendments to the DSA to tighten the rules on how people’s data can be used for targeting ads.

In a nutshell they argue that inferred personal data (aka what a platform can learn/guess about you by snooping on your digital activity) should be out of bounds for ad targeting — and that advertisers should only be able to use information that has been consciously provided to them for targeting their marketing by the individuals in question.

An example of how that could work might be that a platform periodically asking a user to select a few categories of goods/interests for which they’re happy to receive marketing offers — such as, say, beauty products, hiking/outdoors gear, holidays, or culture/art.

They would then only be able to use such signals for ad targeting, making it contextual, rather than creepy.

This is not so very radical a suggestion.

Regulators in the region have in fact been warning that tracking based ads are on borrowed time for years, given systemic breaches of EU privacy laws. Though actual regulator enforcement against adtech has been harder to spot.

Most recently the outgoing UK data protection commissioner urged the industry to reform — and move away from the current paradigm of tracking and profiling — saying the future must be about providing Internet users with a genuine choice over how they are targeted with marketing messages.

The signatories to the statement calling for parliamentarians to get behind this kind of ad targeting reform argue it would have major benefits — preventing problems associated with the covert surveillance of web users which can lead to abusive ads that manipulate and exploit.

The theories of harm around microtargeted ads have been much discussed in recent years — with risks of behavioral targeting being linked to discrimination, exploitation of vulnerable people/groups, and democracy-denting election interference, to name a few.

Surveillance advertising’s problem is that it can’t be publicly accountability because it lacks genuine transparency.

Yet there are other ways to target ads that don’t require creepy snooping and behavioral profiling.

“We are convinced that targeted digital ads can be delivered effectively and with respect for users’ choice and privacy (i.e. without covert surveillance practices), provided that exclusively data specifically provided by users for that purpose is processed, in a transparent and accountable manner,” the signatories write.

The statement dubs the use of “inferred data, which reveals users’ vulnerabilities and, by definition, is collected or generated without their awareness and control” as “a particularly problematic practice in digital advertising”, arguing: “It is time to end this practice as it causes significant harm on an individual and societal level, as evidenced by extensive academic research and recent revelations including the Facebook Files and the whistleblower Frances Haugen’s testimony or Mozilla’s YouTube Regrets study.”

“It is in the best interest of companies engaging in digital advertising to respect users’ choice, autonomy, and expressed (not inferred) preferences,” they go on, pointing to survey results which found that 75% of social media users in France and Germany are not comfortable when their behavioural data is used to target them with advertising.

“While small and medium-sized businesses legitimately use online advertising to reach their clients, they do not need to rely on intrusive surveillance as a means to that end,” they further argue.

The statement suggests that the main beneficiaries of current adtech’s ‘surveillance free-for-all’ — and the pervasive, covert massive tracking of Internet users — are likely to be US tech giants.

While progressive European startups — which have been trying for years to scale alternative, privacy respecting approaches for ad targeting — are being competitively disadvantaged by the rights-violating data abuses of US giants.

“The only actors who benefit from exploitation of users’ vulnerabilities and cross-site tracking are US-based large online platforms, with an interest to preserve their dominant position in the digital advertising market,” the statement argues, calling for “regulatory incentives” so that “progressive” privacy-focused startups can scale their rights-respecting services and make them more accessible for small brands.

“Putting an end to the most invasive practices will strengthen small European brands and GDPR [General Data Protection Regulation] compliant digital services, as well as local media as it would promote fair competition in digital advertising and reinstate the power of quality.”

It’s an argument that should — in theory — play well with Europeans elected representatives in the parliament.

However in recent years US tech giants — led by Google and Facebook — have been pouring millions into lobbying efforts in Brussels in a bid to steer lawmakers away from policies that could damage their surveillance-based business models. So this is in no way a fair fight.

Key among the tech giant lobbying claims has been the suggestion that tougher rules on targeting will hit Europe’s small businesses. Indeed, Facebook (now Meta) has gone so far as to claim that banning surveillance ads would decimate the bloc’s economy.

But of course they would say that, wouldn’t they…

The 17 civil society organizations signing the joint statement are: the Panoptykon Foundation, Access Now, Alliance4Europe, Amnesty International, Article 19, Bits of Freedom, Civil Liberties Union for Europe (Liberties), Defend Democracy, Fair Vote, Global Witness, Irish Council for Civil Liberties, #jesuisla, The Norwegian Consumer Council, Ranking Digital Rights (RDR), The Signals Network, SumOfUs and Uplift.

While the 14 business representatives backing the call for a ban on use of inferred data for ad targeting are:

Disconnect, Casey Oppenheim, co-founder and CEO
DuckDuckGo, Gabriel Weinberg, CEO and Founder
Ecosia, Christian Kroll, CEO
Fastmail, Bron Gondwana, CEO and Nicola Nye, chief of staff
Kobler, Erik Bugge, CEO
Mailfence, Patrick De Schutter, co-Founder and MD
Mojeek, Colin Hayhurst, CEO
Opt Out Advertising, Tom van Bentheim, CEO
Piwik PRO, Maciej Zawadzinski, CEO
Quodari, Paul Pennarts, CEO
Startmail, Robert Beens, CEO
Startpage, Robert Beens, CEO
Strossle, Ha kon Tillier, CEO
Tutanota, Matthias Pfau, CEO

An earlier push by a number of MEPs towards the end of last year to get an outright ban on surveillance-based ad targeting included in the DSA did not prevail.

Although a parliamentary committee did back tightening restrictions on tracking-based advertising in another draft package of EU legislation that will apply to the most powerful Internet gatekeepers (so plenty of US giants), aka the Digital Markets Act (DMA) — by beefing up consent requirements for ad targeting and adding a complete prohibition on behavioral targeting of minors.

But the 31 signatories to today’s statement argue that the IMCO tweaks do not go far enough against the data industrial surveillance complex, writing: “We urge Members of the European Parliament to support plenary amendments to Article 24 of the DSA which go beyond the existing IMCO compromise and rule out surveillance practices in digital advertising — such as the use of inferred data — while supporting users’ genuine choice.”

Karolina Iwańska, a lawyer and policy analyst for the Panoptykon Foundation, also told us: “Unfortunately the compromise around ads in the IMCO committee is very weak and largely maintaining status quo” — adding that: “Big tech’s ‘SME’ lobbying was very successful.”

“We believe that a true compromise between a full ban on the use of personal data (unrealistic at this point) and status quo (everything allowed if consent is collected) is possible — but has sadly been ignored in the parliament,” she added, saying the anti-surveillance campaigners are now hoping to convince MEPs to back reform of personalized ads by limiting targeting to expressed preferences — which they believe will give Internet users “genuine control”.

The effort will need to work fast if it’s to achieve its aim.

Per Iwańska, the campaigners have drafted an amendment — but have yet to get backing from MEPs to submit it so that the parliament as a whole would be able to vote on it at the plenary. Clearly it’ll be crunch time for this push over the next few days.

Under the EU’s co-legislative process the Commission proposes legislation and that’s then followed by a process of wider negotiations between Member States and the European Parliament on the policy detail — with the chance for upcoming EU rules to be reworked and reshaped before they’re finally adopted.

Both the DSA and the DMA were proposed at the end of 2020 by the European Commission, with the DSA aimed at updating the bloc’s ecommerce rules and dialling up accountability on digital businesses by widening requirements to define areas of additional responsibility around content.

While the DMA targets the competition- and consumer-crushing market power of Internet giants, with a set of ex ante rules aimed at preventing abusive practices.

Trilogue negotiations on the DSA are due to start soon — once the parliament confirms its position in next week’s plenary vote. And — ultimately — there will need to be another plenary vote in the parliament on the final text. So campaigners against surveillance advertising may have other points in the process to try to push strategic amendments.

One thing is clear: The lobbying will continue throughout this year.

Any restrictions on ad targeting in the EU will still also have to wait for the legislation to be adopted and come into force — with EU lawmakers set to apply a grace period for digital businesses to come into compliance. So any rule changes won’t bite for many months more at least.

While the DMA — which appears to be moving pretty speedily through the co-legislative process — could get up and running relatively quickly, perhaps in 2023, the DSA looks likely to take longer before it comes into force; perhaps not until 2024.

In the meanwhile, the tracking and targeting continues…

The European Union’s chief data protection supervisor has sanctioned the European Parliament for a series of breaches of the bloc’s data protection rules.

The decision sounds a loud warning to sites and services in the region about the need for due diligence of personal data flows and transfers — including proper scrutiny of any third party providers, plug-ins or other bits of embedded code — to avoid the risk of costly legal sanction. Although the parliament has avoided a financial penalty this time.

The European Data Protection Supervisor’s (EDPS) intervention relates to a COVID-19 test booking website which the European Parliament launched in September 2020 — using a third party provider, called Ecolog.

The website attracted a number of complaints, filed by six MEPs, last year — with the support of the European privacy campaign group noyb — over the presence of third party trackers and confusing cookie consent banners, among a raft of other compliance problems which also included transparency and data access issues.

Following an investigation, the EDPS found the parliament was at fault in several respects and it has issued a reprimand — ordering rectification of any outstanding issues within one month.

The test booking website was found to be dropping cookies associated with Google Analytics and Stripe — but the parliament failed to demonstrate it had applied any special measures to ensure that any associated personal data transfers to the US would be adequately protected in light of the landmark Schrems II decision by the EU’s top court.

In July 2020, the CJEU struck down the bloc’s flagship data transfer agreement with the US (aka, the EU-US Privacy Shield) and issued further guidance that transfers of EU people’s personal data to all third countries must be risk assessed on a case by case basis.

The ruling also made it clear that EU regulators must step in and suspend data flows if they believe people’s information is at risk. So in order for some transfers to be legal (such as EU-US data flows) additional measures may be needed to raise the level of protection to the required standard of essential equivalence with EU law — something the European Data Protection Board (EDPB) has since issued detailed guidance on.

However — in the case of the parliament’s COVID-19 test booking site — the EDPS found no evidence that it or its provider had applied any such extra measures to safeguard EU-US transfers resulting from the inclusion of Google Analytics and Stripe cookies.

Turns out the provider had copypasted code from another website it had built, for a test centre in the Brussels International Airport — hence the presence of cookies for payment company Stripe on the parliament site (despite no payments actually being required for testing booked via the website).

Google Analytics cookies, meanwhile, had apparently been included by the provider to “minimise the risk of spoofing and for website optimisation purposes”, according to the EDPS’ findings.

Post-Schrems II, the presence of cookies designed to send data to US-based providers for processing creates immediate legal risk for EU-based websites — and/or their clients (in this case the parliament was found by the EDPS to be the sole data controller, while Ecolog was the data processor). So incorporating Google Analytics may do the opposite of ‘optimizing’ your site’s compliance with EU data protection law.

That said, enforcement of this particular compliance issue has been a slow burn, even since the 2020 CJEU ruling — with only a smattering of regulator-led investigations, and the clearest leadership coming from the EDPS itself.

A (very) long running complaint against Facebook’s EU-US data transfers, meanwhile, brought by noyb founder Max Schrems in the wake of the 2013 Snowden disclosures about NSA mass surveillance of social network and Internet data, still hasn’t resulted in a final decision by its lead data protection supervisor, the Irish Data Protection Commission (DPC) — despite the latter agreeing a full year ago that it would “swiftly” finalize the complaint.

Again, though, that makes the EDPS’ intervention on the parliament complaint all the more significant. tl;dr: EU banhammers are, gradually, falling.

In another finding against the parliament, the EDPS took issue with confusing cookie consent notices shown to visitors to the test booking website — which it found provided inaccurate information; did not always offer clear choices to reject third party tracking; and included deceptive design which could manipulate consent.

By contrast, EU law on consent as a legal basis to process people’s data requires is clear that choice must be informed, specific (i.e. purpose limited, rather than bundled) and freely given.

The parliament was also found to have failed to respond adequately to complainants requests for information — breaching additional legal requirements law which provide Europeans with a suite of access rights related to their personal data.

While the parliament has landed in the embarrassing situation of being reprimanded by the EDPS, it has avoided a fine — as the regulator only has narrow powers to issue financial penalties which it said these infringements did not trigger.

But the findings of fault by the bloc’s chief data protection supervisor draw fresh red lines around routine regional use of US-based tools like Google Analytics (or, indeed, Facebook Pages) in the wake of the Schrems II decision by the Court of Justice of the European Union.

Copypasting code with standard analytics calls might seem like a quick win to a website builder — but not if the entity responsible for safeguarding visitors’ information fails to properly assess EU-based legal risk.

The EDPS’ reprimand for the parliament thus has wider significant as it looks likely to prefigure a wave of aligned decisions by EU regulators, given the scores of similar complaints filed by noyb in August 2020 targeting websites across the bloc.

“We expect more rulings on this matter in the next month,” noyb’s honorary chairman, Max Schrems, told TechCrunch. “The fact that the EDPS has taken a clear position is a good sign for other DPAs.”

The EDPS’ sanction of the parliament over confusing cookie banners also sends a strong signal over what’s acceptable and what’s not when it comes to obtaining users’ consent to tracking — despite confusing dark patterns still being shamefully widespread in the EU.

(For a particularly ironic example of that, see this blog post by analyst Forrester — which warns that regulators are coming for “dark patterns”, even as the analyst’s own webpage serves what very much looks like a non-compliant cookie notice given the only obvious button reads “Accept cookies” and it takes multiple clicks through sub-menus to find an option to reject tracking cookies, so er… )

noyb also kicked off a major effort targeting this type of cookie non-compliance last year — which it suggested could lead to it filing up to 10,000 complaints about dubious cookie banners with EU regulators.

Regional regulators are clearly going to have their work cut out to clean up so much infringement — which in turn may encourage DPAs to coordinate on standardizing enforcements to drive the necessary scale of change.

The EDPS decision adds high level accelerant by sending a clear signal that confusing cookie banners are the same as non-compliant cookie banners from the body responsible for providing EU lawmakers with expert guidance on how to interpret and apply data protection law.

Here’s an illustrative snippet from its decision — which describes a portion of the confusion that hit visitors to the parliament website as they tried to parse the cookie notices at the time of the complaints (tracking cookies have since been removed from the site):

“The English version only referred to essential cookies and prompted the user to either click on the ‘accept all’ or the ‘save’ button. The difference between the two buttons was unclear. The French version of the second layer of cookie banner referred both to essential cookies and ‘external media’. These external media cookies included cookies from Facebook, Google Maps, Instagram, OpenStreetMap, Twitter, Vimeo and Youtube. The visitor could also choose between ‘accept all’ or ‘save’. The German version of the second layer of the cookie banner referred to only one ‘external media’ cookie — Google Maps — in addition to the essential cookie.”

The EDPS’ conclusion was that the cookie banners in all three languages failed to meet the EU standard for consent.

In another sign of the cookie (non)compliance reckoning that’s now unfolding in the region, some EU regulators have been taking actual action — such as France’s CNIL which issued a major slap-down to Google and Facebook last week, announcing fines of $170M and $68M respectively for choosing dark pattern design over clear choices in their cookie consent flows.

The EDPB, which supports DPAs’ enforcement of pan-EU rules like the General Data Protection Regulation, established a task force on the cookie issue last fall — saying it would “coordinate the response to complaints concerning cookie banners” noyb had filed with a number of regional agencies.

Schrems describes that step as a “good” development — but said it is also slowing things down.

Although he suggested the direction of travel is toward a standard that will require a simple yes/no for tracking. (Which will of course mean a firm “no” in the vast majority of cases, given how few people like being stalked by ads — hence the UK DPA’s recent warning to adtech that the end of tracking is nigh.)

“The CNIL and the EDPS decisions support the view by us that we need to move to fair ‘yes or no’ options,” Schrems told us. “We expect other authorities to follow this lead.”

What about his vintage data flows complaint via-a-vis Facebook’s EU-US transfers? Is there any sign of Ireland’s promised “swift” resolution to that particular complaint — which should have led to a DPA order to Facebook to suspend data flows years ago? But has so far only led to a preliminary order in September 2020 that Facebook suspend transfers.

“They always say that each decision is coming any day — I stopped following these rumors but there is a rumor on this again right now… ” Schrems said on the DPC, concluding his text with an eyeroll emoji.

Spotify is today introducing is introducing a new ad format aimed at podcasters which it’s calling “Call-to-Action Cards” — or CTA cards, for short. The feature, which is powered by Spotify’s streaming ad insertion technology, will display a visual ad in the Spotify app when the audio ad begins to play. The cards can be customized by advertisers with their own images, text and other clickable buttons that direct listeners to “shop now” or take some other action the advertiser is hoping to encourage.

While the ads are capable of capturing users’ attention while streaming, Spotify knows that listening to podcasts is often an activity where the app is running in the background while the user is doing something else — like going for a walk, exercising at the gym, doing housework, driving and more. That’s why Spotify is also making the new CTA cards available on both the podcast’s show and episode pages. This allows the targeted listeners to interact with the ad at some later point when they’re browsing through the Spotify app, the company explains. These cards will remain available for up to seven days after the listener has heard the ad, or less if the campaign wraps before that.

Image Credits: Spotify

In the future, Spotify believes the format will evolve to do more than simply directing users to a landing page of some kind.

“We think about these cards as an important step towards modernizing the format — a format that will become more capable over time, as we add shoppable and video and other interactive features into them,” said Jay Richman, Spotify’s Head of Ads Business & Platform, when introducing the format during a press briefing as a part of the company’s virtual participation at this week’s Consumer Electronics Show.

Advertisers who adopt the format will also have access to reporting and measurement based on confirmed ad impressions made possible through streaming ad insertion.

Spotify has heavily invested in the streaming ad insertion technology, which brought real-time targeting and reporting to podcasts. Before, when podcasts were delivered through the more open RSS format, they were also hampered by the technical limitations that came with being downloadable content only. Ads were embedded, not dynamically inserted, into shows. And the audio players couldn’t differentiate between which part of the program was the show’s content and which part was the ad — it was all one single file. With streaming audio insertion, the content itself is paused, the ad is inserted, and then the content resumes after the ad completes.

All of this takes place in real-time — but it doesn’t prevent the listener from skipping past the ads as they had before, if they don’t enjoy hearing the message.

In 2020, Spotify acquired the podcast hosting and ad company Megaphone for $235 million to help scale streaming ad insertion beyond its own shows to reach publishing partners through the Spotify Audience Network — a network that now includes shows from independent creators using Spotify’s Anchor platform. And just last month, Spotify acquired podcast tech company Whooshkaa to bring the technology to radio broadcasters who want to release their audio content as podcasts after first airing it on the radio.

Image Credits: Spotify

Because streaming ad insertion already knows when the ad appears in the program, Spotify can then pop up the accompanying CTA card as well to display the advertiser’s creative. For listeners, the experience may be a better one for seeking out the products and services they heard the host promoting during the program, as they’ll no longer have to try to remember a URL or a coupon code the creator had spoken.

However, the addition also makes using Spotify to stream podcasts feel even more like an ad-supported experience than before, as even Premium (paying) subscribers will be subject to the new, arguably distracting ads and will see them appear on both podcast show and episode pages even after they’ve finished listening.

Spotify tested the new CTA cards with select advertisers, including Ulta Beauty, ahead of today’s launch. According to Ulta’s Head of Content, Social, & Integrated Marketing, Christine White, the company reached around 250,000 unique Spotify listeners with one of its campaigns and around half of those saw at least one CTA card after hearing the audio message, including those who saw the card later while browsing the app.

Image Credits: Spotify

Spotify sees the CTA cards as another step toward making podcast content more interactive. The company is already experimenting in this area through features like voice commands and podcast audience polls and Q&As, which engage listeners in real-time — making them more likely to return to the app while the podcast is playing, too. More recently, it’s been expanding access to video podcasts, via Spotify’s Anchor platform. Podcaster creators can add a video to their podcast to show themselves recording the show or they can use the functionality to add the occasional graphic, chart, or slide. This feature is now rolling out to more creators and listeners, said Anchor co-founder and Spotify’s Head of Talk, Mike Mignano, during the same briefing.

Spotify notes that no incremental work will be required by creators to enable the new CTA cards, which will initially be available across select Spotify Original & Exclusive podcasts in the U.S., starting today.