Amid the ongoing scrutiny and concerns about competition in the ad-tech industry, tech players are scrambling to create a solution to replicate the tracking ability of third-party cookies while addressing increased consumer expectations for privacy to fulfill. There has been a growing focus on moving away from the use of third-party cookies, including Apple’s implementation of App Tracking Transparency and Google’s commitment to phase out third-party cookies. A consortium of European mobile phone providers has now come together to implement their own solution called TrustPid, which the European Commission recently approved as harmless for competition
What is the problem solved for?
Cookies are essentially small bits of information that record how you use the internet. There are two types of cookies. First-party cookies are generated by the website you are visiting and collect information about how you use the website (e.g. what you put in your shopping cart). First-party cookies can only be accessed and used by this website and help to improve user experience (e.g. by enabling automatic user login instead of remembering passwords).
Third-party cookies are generated from a different domain than the website you are visiting, e.g. B. from a social media or advertising platform. Like a first-party cookie, they track your use of the website, but the information tracked by the third-party cookie is available to the third party that generated the third-party cookie, not the website you are visiting. Most third-party cookies have a tracking function that collects information about your use of the internet. This information allows ad tech vendors to build a profile of your interests, which they use to target ads (so it’s not really Siri listening in on your conversations).
The demise of third-party cookies is imminent. Due to the pop-up notifications, users are increasingly blocking third-party cookies, with an estimated 40% of third-party cookies now being blocked. Regulatory bodies, including Gin in the EU and California, are moving to treat third-party cookies as personal data, which is subject to stricter data protection regulations.
Since then, Google has encountered obstacles in developing a replacement for third-party cookies, resulting in the extension of the deadline for phasing out third-party cookies from 2022 to 2023 and then to 2024. Google’s original proposal was called Federated Learning of Cohorts (or FLoC), which proposed aggregating (or “swarming”) users into semi-anonymous groups with similar browsing habits, but was finally dropped in 2021 after strong criticism from competitors, consumer groups and regulators about the impact on the had practiced data protection.
Recently, Google proposed its Topics API (more on that here), which only provides websites and advertisers with general information about user interests, e.g. B. “Cars & Vehicles” based on their recent browsing history. The Topics API currently remains Google’s proposal of choice and in February 2022 the UK CMA accepted binding transparency and consultation commitments from Google regarding its development and use.
However, Topics is not without criticism – although regulators have yet to render a final verdict, the World Wide Web Consortium’s Technical Architecture Group (TAG) stated that the Topics API protects users from ‘unwanted tracking and profiling’.
European telecom companies join the fray
On January 6, 2023, the European Commission received notification from four European mobile operators (Deutsche Telekom, Orange, Telefónica and Vodafone) regarding their plan to set up a JV that would provide a “privacy-focused digital identification solution to support digital marketing and advertising “ offers activities of brands and publishers”, which works on the basis of the creation of pseudonymised tokens based on a user’s network subscription provided by the participating network operators. As the joint venture involved former competitors, the mobile operators applied for EC approval. On February 10, 2023, the European Commission unreservedly cleared the formation of this JV, finding that “the transaction does not raise any competition concerns”.
This joint venture appears to be implementing the solution that Vodafone and Deutsche Telekom started testing in Germany in June 2022, currently called TrustPid. Vodafone has described TrustPid as an “alternative to the dominant platforms and counter-proposal to the third-party cookies that still exist today”. The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has been informed of the attempt, and Vodafone states that it is in ongoing talks with the BfDI about the solution to be tested.
How does TrustPid work and how does it compare to Topics?
By using the pseudo-anonymous tokens, TrustPid does not allow third-party advertisers to directly find out who you are; Using different tokens for each advertiser mitigates the “triangulation” (cross-tracking) of your usage across the web, and the portal gives you the ability to manage who can access and use the tokens you generate, including blocking any entirely Usage (and the TrustPid service itself).
The EC’s examination of the competition issues relating to TrustPid was quick. The European Commission was satisfied that the transaction would not raise any competition concerns as the TrustPid service is structured on a non-discriminatory basis and is open to competing mobile operators to provide inputs. In the downstream sectors, EK believed that the JV would not be able (or have any incentive) to foreclose on competing advertisers, mobile operators or other providers of digital identification services. The European Commission also concluded that the risk of coordination between mobile operators would not increase, presumably because TrustPid is a platform with a dedicated function that requires limited data inputs.
Since Vodafone and Deutsche Telekom launched the study in 2022, critics have expressed concerns that, ironically, given its intent to be an answer to third-party cookies, TrustPid is a “super cookie” because it makes it a superior tracking tool It is associated with users’ IP address and phone number, making it difficult for users to delete their data history or avoid tracking.
William Harmer, product manager at Vodafone, says the project isn’t a super cookie because it doesn’t use data interception to create customer profiles, unlike the advertising technology once used by Verizon Wireless, which the US Federal Communications Commission discovered in 2016 ( FCC) for inserting super cookies into users’ mobile browser requests without consent.
It has also been argued that information such as mobile phone numbers needed to route calls through communication networks should not be monetized by the telcos/ISPs, but should be “custodians of the confidentiality of your communications and data”. However, network information has long been used to offer consumers value-added services – like showing phone numbers on your mobile phone and your ability to block your own number from being displayed when making calls.
More broadly, TrustPid can be seen in a broader context of the ongoing battle between telcos and OTT providers over where in the vertical network and service stack control of user experience will lie, including the renewed battle for net neutrality in the context of 5G .
The European Commission’s quick approval of TrustPid could be explained by their continued desire to dilute the power of Big Tech (and even better that TrustPid is an EU innovation).