Publishers "Selling Your Data"
What The New York Times got wrong editorially but right economically
In this "Privatization" series, I plan to explore how privacy is affecting business, strategy, and the Internet economy. Good privacy can mean good business.
An often repeated complaint about an ad-supported Internet is that publishers are selling their users' data to target ads. Capturing this sentiment, The New York Times (NYT) published an opinion piece in 2018 with the sub-headline:
"Facebook has always sold data to advertisers, and it probably always will."
Ironically in 2020, the same publication has announced that it is "phasing out all 3rd-party advertising data" from data brokers in favor of using its own first-party data that they collect on their own users.
So is NYT now selling its users' data? The short answer is no. The longer answer is maybe, and California will decide.
Short Answer: No
Publishers like The New York Times and Facebook have a different business model than that of 3rd-party ad data brokers (e.g. Acxiom, Epsilon) which have been cut off from those sites. Publishers make money by selling ads while data brokers make money by selling data they’ve collected and packaged.
Ads can be targeted by using data, but if you were able to access the data itself, you wouldn't necessarily need the publisher who originated the data.
Let's say a car dealer wants to target people in market for cars. They could buy ads on Cars.com, but if Cars.com did the targeting and placement of the ad itself without allowing the dealer's own tracking or targeting technology, then the dealer can't reach that same Cars.com audience on other sites. In this case, Cars.com would be amassing 1st-party data on its own users and keeping the data to itself.
However, Cars.com could choose to sell the user data such as tracking cookies to a 3rd party data broker who could use it to create a "in-market for a car" 3rd-party data segment. The dealership could then buy this segment from the data broker and identify those specific car shoppers on other publications that may have lower ad inventory prices but overlap in audience.
It's generally not in the interest of publishers to sell the user data because advertisers wouldn't need to keep buying ads from them: if dealers can reach the same car buyers elsewhere for less, they'll stop buying ads from Cars.com!
In the case of The New York Times, it isn't "selling your data" when it uses 1st-party data about your readership of NYT business and travel sections to enable NYT advertisers to reach only "business people who likes to travel.” NYT is selling ads targeted to a specific segment of its readership, and it's in NYT’s interest to disallow advertisers from independently identifying individuals who meets that profile. Otherwise, the NYT could "data leak" and lose value to the advertiser in the long run when the advertiser runs off with the data.
NYT’s plan to ban usage of 3rd-party data brokers and only allow NYT’s 1st-party data could be hailed as a consumer privacy move. After all, the NYT is harming 3rd-party data brokers and their practice of profiling users from various sources.
However, it is also a smart business move. NYT is now forcing advertisers to pay up not only for the premium real estate on NYT webpages but also to pay the NYT for the data premium for targeting the ads instead of some data broker. Even better, the NYT doesn't need to match its user profiles with the data brokers in order to facilitate said targeting, which means the NYT doesn't need to reveal who is a NYT reader, which in itself is valuable targeting data. So the only way to reach NYT readers is through the NYT!
Long Answer: Depends. Ask California
Where this gets more complicated is when using more sophisticated technical setups to facilitate digital ads, which is very common on the Internet. Sites such as NYT may sell ad space using an online ad auction that happens in milliseconds to find the highest bidding advertiser around the world for a given web page or user.
Let’s say the NYT is auctioning an ad space for the 36 Hours in Lisbon travel web page when a visitor loads the page. An invited advertiser may participate in the auction using an electronic bidder known as a demand-side platform (DSP) to submit a bid for that specific page view known an as an ad impression. As part of this auction process, the bidder may be told not only what webpage the ad would go on but also what IP address, cookie, device ID, or other identifiers the user visiting the webpage has, which helps the bidder decide how much to offer for the chance to serve an ad.
With this user data, the advertiser would have a way to identify that same webpage visitor in other publications and later auctions. So that advertiser can reach "travelers interested in Lisbon" on other webpages with cheaper ad rates. The NYT may not have intended to give away that data, but it's possible. The advertiser didn't even necessarily need to bid or win the auction to get that data.
Worse for the publisher, California may consider that a "sale of data" even though no money changed hands due to its new California Consumer Privacy Act (CCPA). This law allows consumers to opt out of sales of their data to 3rd parties. The CCPA definition of a sale doesn’t require money to change hands. With CCPA enforcement beginning July, we'll soon see how publishers will need to reshape operations to secure user data for legal, trust, and monetization reasons.