California’s hotly debated Delete Act (SB 362), if passed, could upend the ad-tech data broker market. The proposal appears to be moving quickly, coming in less than a year after the Consumer Privacy Rights Act (CPRA) went into effect in January. And, since it’s a legal matter about privacy, you can bet there are a few vague terms that are muddying the waters.

SB 362 gives people a universal delete mechanism for data collected by brokers, and passed the Assembly this week. The bill now returns to the Senate for approval and could be passed as law in a matter of days.

However, this advancement has sparked debate among both supporters and opponents over the bill’s co-author Tom Kemp, also an angel investor in a company offering data deletion services for a fee.

It’s not uncommon for legislators to rely on industry expertise when drafting laws over complex topics. An investigation by USA Today underscores this trend that over 10,000 bills introduced in U.S. statehouses were copied from bills drafted by influential groups and lobbyists. Still, legal experts and bill opponents—including the vocal ad industry which has relied on using peoples’ data to target ads—are raising questions over the motives behind the legislation. Some are pushing to pause the bill’s progress to have a more transparent discussion about the consequences.

“When California passes a law, other states pay attention. It’s important for legislators to get this bill right so that other states don’t follow a severely flawed approach,” said Dan Smith, CEO of the Computer Data Industry Association (CDIA). “[If the bill passes in its current state], you could see institutions, companies and individuals set up a cottage industry.”

Why the fracas?

According to SB 362, the residents of California can request to delete their data via a free delete button on a government website. However, the bill includes a provision that lets “authorized agents” assist individuals with their deletion requests.

But, the bill lacks a clear definition of authorized agents.

“With no guardrails,” said Smith, “any company or an individual could be an authorized agent.”

Alan Chapell, president of law firm Chapell & Associates, previously looked into companies that work on behalf of people to make data subject access requests (DSAR). He found that companies tend to overstate risks to people and do a poor job of explaining how they can help consumers.

“Many misstate what the law requires companies to do, perhaps deliberately,” Chapell told Adweek. “[Authorized agent provision] incentivizes behaviors that don’t help consumers.”

Ok, why is this important?

While the Delete Act was introduced in April by California State Senator Josh Becker (D-Menlo Park), it has attracted media attention due to the involvement of Tom Kemp, a Silicon Valley-based entrepreneur, investor, and policy advisor who co-authored the bill.

Kemp explicitly identified himself as the bill’s co-author, discussing his role and amendments across different platforms, including in an email to Adweek.

According to his website, Kemp co-wrote the bill with Emory Roane of the non-profit organization Privacy Rights Clearinghouse and presented SB 362 to Senator Becker.

So, what’s the concern?

Kemp also serves as an angel investor in several companies, with investments ranging from $50,000 to $300,000. This includes a for-profit company called Atlas Privacy, which offers data removal services at a price of $150 annually. So far, the company has raised $375,00, according to Crunchbase.

Co-authoring a bill that stands to benefit an individual’s private business is a scenario that presents a conflict of interest, four sources told Adweek.

“Kemp says he’s deeply involved in the bill’s amendment process,” said CDIA’s Smith. “And he’s invested in a company that stands to be one of these authorized agents … potentially making a lot of money off the bill’s passage.”

In response to these concerns, Kemp said “It’s funny that [the opponents] are shouting about a conflict of interest. Their financial conflict in opposition [to mine] would be a million times more.”

Passing this bill will likely lead to more signal loss, conceivably making it more difficult for marketers to target audiences. Previously, tech lobbyists have pushed their agenda over water-downed versions of state privacy laws.

For Matthew Schwartz, policy analyst, Consumer Reports, the financial motivations of the opponents of the bill outweigh that of Kemp’s.

“I wouldn’t say it should be disqualifying that one person could gain from the bill without adding that the public would gain from deleting their data,” Schwartz said. “People in opposition also have a vested financial interest in the bill’s outcome.”

There are others who don’t see an issue with Kemp’s involvement.

“This is no different than any lobbyists that help craft the legislation that’s financially beneficial to [them],” said Jordan Fischer, partner at law firm Constangy, Brooks, Smith & Prophete.

Where this does become a concern is when an entire business model is generated off the backs of a law, sources say.

But, who qualifies as an author?

The debate also raises questions over who can co-author a bill.

In California, legislators author the bill when an individual or group convinces a Member of the Legislature to do so, as in the case of Kemp. The Member then sends the idea and the language for the bill to the Legislative Counsel’s Office, where it is drafted into the actual bill. The drafted bill is returned to the legislator for their review alongside the people who originated the idea for the bill. This is to ensure that the provisions they desire are in the bill in the correct form, according to California’s legislative process.

That said, the Electronic Frontier Foundation, a nonprofit group that endorsed SB 362, classifies only elected officials running a bill as its authors.

“Organizations primarily supporting the bills are referred to as sponsors. It’s common for sponsors to be folks and/or companies that have an interest in a bill’s passage,” said Hayley Tsukayama, associate director of legislative activism at EFF. “In this case, Kemp is a sponsor and not an author.”

However, Kemp contested Tsukayama’s definition and pointed out that he does not qualify as a sponsor. This is as per the latest floor alert sent to all Legislators on Sunday as reviewed by Adweek, which acknowledged groups like Privacy Rights Clearinghouse among its main sponsors.

“You can call me a volunteer, a contributor, someone who helped to draft it,” said Kemp. “But I am not officially considered a sponsor.”

Salesforce is not new to artificial intelligence (AI), having used the technology through its platform in various ways for the last decade. But, as with most tech companies, it has faced a surge in interest from customers in recent months, asking about the potential and pitfalls of generative AI (GenAI).

Those questions are now part of a new brand campaign, “Ask More of AI,” led by Salesforce pitchman and ambassador Matthew McConaughey.

The company’s first major announcement in the generative space came in March with Einstein GPT. Sales GPT and Service GPT followed that.

“We see a little bit of a gold rush mentality happening in the market,” said Colin Fleming, evp of brand and marketing for Salesforce. With the new offerings, Fleming says b-to-b brand is “applying Gen AI into the use cases that people trust us for right in their companies.”

The questions we ask are not meant to stoke fear, but just meant to shine a light.

Colin Fleming, EVP, brand and marketing, Salesforce

“The big important part of this,” Fleming told Adweek, “is the idea of trust. We do believe that a lot of the startups and a lot of the companies have been throwing caution to the wind and really not considering what CIOs care about: data integrity, trust and residency. That’s where we feel like our investments have really helped us along the way and really created some space for us in the market.”

Fleming and McConaughey spent time learning about GenAI and writing a list of their questions, which became a part of the “Ask More of AI” campaign.

“We realized that GenAI is all about asking questions. But are we asking the right ones?” he mused.

A series of three tongue-in-cheek 15-second spots focus on questions that should be asked about data and privacy security. They each see the Academy Award-winning actor step into a different environment—be it a Wild West town or a forest filled with magic and fantastic imagery—as he is prompted to ask something about the impact of AI technology.

The first spot, “AI Sheriff,” wonders who is looking after us, while “Data Forrest” is about data privacy and the latest, titled “Self Aware Squirrel,” questioning movement towards the singularity.

The ads have been released in the U.S., but the campaign will be rolled out globally with less reliance on McConaughey and more supplementary content.

“We are trying to be very thoughtful about ensuring that the questions we ask are not meant to stoke fear, but just meant to shine a light on where we think the direction should be going,” explained Fleming, who also revealed that he uses ChatGPT with his daughter, writing bedtime stories.

The spots were developed in-house by the Salesforce marketing team, allowing the company to produce ads quickly to meet emerging business trends. The slightly unreal and inauthentic feel was intentionally added in post-production.

The use of GenAI visual effects is something the company has begun to explore, including testing what a Gen AI-created McConaughey would look like, although Fleming doubts the results will ever see the light of day.

“There’s a lot of advancement that has still to come in the generative video market. It’s not fully there yet. But we’ve learned a lot, and we think of that to do with the campaign,” he said.

B-to-b marketing continues to resemble b-to-c from both the creative side and the media buying and planning. Fleming, who’s spent more than 12 years at Salesforce and has b-to-c marketing background, says that is no accident. (Fun fact: before marketing, Fleming was a professional race driver for Red Bull.)

“We’re selling to humans. We’re selling to people. Businesses are writing the checks, but these are humans,” said Fleming of his customers. “We know that the tendencies of consumers are the same as business buyers, so we have tried to level the playing field in how we approach briefs and how we approach the work we put forth.”

At every industry event, and across my many friends in the advertising business, I am most often asked, “Why should I buy a data clean room?” My response is always the same: “What are you trying to build? What compelling products can you offer the market today that you could not offer yesterday?” 

The data clean room (DCR) is currently one of the most discussed solutions within the ad-tech and mar-tech ecosystems. There is, however, some confusion around this new acronym, with many organizations knowing they need a DCR but unsure of what they should be investing in.

Data clean rooms are about building anew, not ticking a box on a mar-tech shopping list. DCRs can and do replace antiquated and obsolete technology of the past. But the most exciting part of my job is helping customers build the next generation of advertising products—performant products that enable planning, targeting and measurement while respecting user privacy and maintaining control over sensitive data.

Not all data clean rooms are created equal 

At this stage, let’s deal with definitions. There’s a strong argument to be made that these technologies are better described as data collaboration platforms (DCPs), and I would agree. A DCP is the underlying technology that can enable DCR use cases and do so much more. However, as “data clean room” has been common parlance in ad tech, I’ll stick to that term for the sake of clarity. 

It’s important to understand that not all DCRs are created equal, and some aren’t or shouldn’t be called data clean rooms because they lack even the most basic privacy principles and protocols. Various technologies have been positioned in the market under this title, leading to the IAB Tech Lab publishing its Data Clean Room Guidance & Recommended Practices to help the industry reach a common understanding of what defines a DCR. 

Some solutions described as DCRs don’t even provide basic functionality like enhanced privacy protection and decentralization of data. Broadly speaking, there are two different types: Firstly, there is a centralized multiparty clean room, such as a data warehouse. These do allow for collaboration on analytics and data science processes between multiple organizations, with first-, second- and third-party data sets stored together in one place. However, they are generally very complex to use and may not provide adequate control or ownership of data, which could compromise the privacy of customers.

Secondly, there are decentralized multiparty clean rooms, which are the truest version of a data clean room. As they are decentralized, all data processing takes place where the data is located, so there is no need for the data itself to move. Instead, a mathematical model of the individuals in each data set is generated, which is anonymized so no personally identifiable information is compromised. These solutions, while providing greater control and protection, are actually built for ease of use and speed to accelerate adoption rather than slowing it.

Only the second of these options offers the full feature set and functionality to cover all the desired use cases of a DCR. There are six key considerations that businesses should be looking for when evaluating the solution they want to invest in: privacy, scale, speed, transparency, simplicity and control. But even with the right technology, successfully implementing a DCR requires a clear strategic vision. 

Building new products with data clean rooms 

The businesses that have been most successful in implementing this new technology, and so have enjoyed the maximum value from their investment, have built and launched innovative new advertising solutions with a DCR at their core.

Take, for example, U.K. broadcaster Channel 4, which set up its Brandm4tch platform to partner with brands including supermarkets, banks, utility providers, retailers and fast food delivery companies. Aware of the challenges surrounding TV advertising—in particular, the lack of transparency and availability of data—Brandm4tch enables advertisers to match their own first-party data with the 24 million registered viewers on Channel 4’s streaming service and create custom audiences, leading to campaigns that have measurably increased awareness and consideration. Each brand retains full control of their data, and customer privacy is fully respected.

While Channel 4 was an early adopter of the DCR, it’s the strategic path it has taken that has driven its success—not the technology itself. And it has only just begun to tap into the potential of DCRs, enabling rewarding new partnerships and creating valuable new revenue streams. 

The way forward in 2023 

If your business is looking to implement a DCR solution in 2023, then there are some key principles you should follow. As mentioned above, you should have a clear business objective at the center of your strategy. But beyond that, you should be thinking about the future—will your DCR be fit for purpose in five, 10 years’ time?

It’s an important question to ask yourself. While in the short term you may have partnerships already in place, think about the kind of collaborations you want to enable in the future. As the number of data sets available grows, your DCR needs to be able to scale up while still providing speedy, actionable insights.

The most important thing, though, is to prioritize privacy. Compliance with regional privacy laws and legislation is obviously essential, but it’s the bond of trust you have with your customers that really matters. Consumer awareness of how their data is stored, used and shared has never been greater, and organizations that fail to protect customer privacy risk substantial reputational damage. Businesses have to be sure there’s no way the personal data of an individual can be compromised, whether accidentally through misconfiguration or intentionally.

If you want to clearly demonstrate to your customers that you respect their privacy, the right DCR strategy is key. But it’s also fundamental that the DCR delivers valuable use cases and facilitates the kind of collaborations that will drive real business results now and in the future. So when it comes to implementing a DCR, ensure your purpose is crystal clear; only then will you be able to work toward tangible objectives and select the technology that is truly fit for purpose. 

Emerging as the first formal regulation of artificial intelligence, lawmakers in Europe signed off on a comprehensive set of rules—the EU’s Artificial Intelligence Act.

This groundbreaking legislation could serve as a potential blueprint for policymakers worldwide who are tasked with setting guardrails for the rapidly evolving technology.

What does the bill entail?

In the latest version of the bill, passed on Wednesday, generative AI would be subject to new transparency requirements. This includes publishing summaries of copyrighted material—something publishers have asked for under fair compensation. Additionally, makers of generative AI models will be required to put guardrails in place to prevent the generation of illegal content.

“The AI Act puts some fairly reasonable guardrails in place,” said Chris Pedigo, svp of government affairs at Digital Content Next. “The transparency piece gives publishers an opportunity to regain control over their content.”

The regulation is far from becoming law and its final version is not anticipated to be introduced until later this year. However, it’s the first of its kind and alleviates some publisher concerns over fair use and the possibility that they will lose out on traffic and revenue.

How does the rule work?

Measures to rein in AI were first proposed in 2021 but did not give much attention to generative AI. This time, makers of AI systems such as ChatGPT will be required to disclose information used to build the program. The law also regulates any product or service that uses AI while curtailing the use of facial recognition software.

The legislation follows a risk-based approach and categorizes AI systems into four levels of risk, ranging from minimal to unacceptable. Through risk assessments, makers of the technology will asses the everyday use of the tech before making it widely available.

The EU bloc, made up of 27 member states, will enforce the rules and could force companies to withdraw their products from the market. Proposed fines could reach $43 million or 7% of a company’s annual global revenue.

“It’s too early to tell if this act will have some real teeth to compel the tech companies to curb the harmful effects of AI,” said Chirag Shah, a professor at the Information School at the University of Washington. “What I see currently lacking, is a notion of accountability. Perhaps these details will emerge over time.”

What’s happening in the U.S.?

On this side of the Atlantic, Sen. Chuck Schumer (D-NY) is developing an AI framework and is hoping to move legislation at some point this year. In May, Sam Altman, the CEO of OpenAI, the maker of ChatGPT, urged legislators to act. “I think if this technology goes wrong, it can go quite wrong. And we want to be vocal about that,” Altman told members of the Senate subcommittee for privacy and technology.

The U.S. Copyright Office is also getting input from stakeholders on how to incorporate AI rules into the existing copyright framework.

“The big question is the extent to which copyright holders are entitled to compensation in the various use cases where AI systems are scraping content,” Pedigo added. “[The copyright office] may be waiting for Congress or the other agencies to provide guidance.”

If it feels like we’ve been talking about the death of the cookie for years, it’s because we have. Google’s first hint that the third party cookie would depart its popular chrome browser was in 2019. Now 2024, the current demise date, is fast approaching.

Yet many marketers still aren’t ready. Surveying 1,000 major brands and media agency executives, tech solutions provider Ogury found that 41% have a low awareness of cookieless ad-tech solutions.

“Targeting technologies that are independent of advertising identifiers tend to be complicated to understand from an outsider’s perspective,” said Geoffroy Martin, CEO of Ogury.

“The ever-increasing number of cookieless solutions that are emerging on the market—like contextual and semantic targeting, unified IDs and cohorts-based targeting—means advertisers find it difficult to grasp, let alone choose between the options at hand.”

Some marketers have bitten off pieces of cookieless solutions, such as data clean rooms, while others are hoping their agency partners will bring new solutions to the table.

Adoption of existing cookieless solution

Gartner surveyed 324 marketers last year and found all have at least one cookieless identifier deployed across their media buying capabilities. Data clean rooms are being utilized by 47% of those surveyed, while identity resolution is used by 30%, and consent and preference management is used by 48%.

Nearly 90% of the travel and hospitality industry adopted data clean rooms, while 10% were in the process of securing funds or deploying this technology. In the commerce space, more than 50% of retail brands have adopted data clean rooms.

Identity resolution within the travel and hospitality industry also remained high, where identity resolution providers use match keys—deterministic or probabilistic—to identify when two records refer to the same individual or household.

Meanwhile, consent and preference management platforms are a top choice in the IT and finance industries, followed by travel/hospitality and healthcare providers.

Increase in cookie alternative investment

33Across, a publisher monetization company, expects to see more of the pharmaceutical/OTC and travel industries increase their cookie alternative investments this year.

Recent research by the company analyzed programmatic spend for each vertical across cookie and cookie-alternative traffic in Q1 2023. It found marketers in programmatic buying within the tech, travel and pharma industries grew their cookie alternative share of voice investment (SOV) significantly in Q4 of last year.

Though insurance advertisers’ overall programmatic spend decreased, the industry finished a third consecutive quarter of non-cookie programmatic buys outpacing cookie-dependent buys.

In terms of content categories that monetized the most cookie alternative supply, 33Across found mixed results in Q1 of this year. Categories like cooking, tech and games saw growth as high as 41% while sports, news, and health & wellness cooled slightly from Q4 of 2022. To that, most media outlets saw lower revenue due to limited ad budgets and lesser tentpole events.

Brands pass the buck to agency partners

As the industry prepares for the death of the cookie, Ogury’s research found scalability remains a top concern for brands and agencies: 61% of brands said they were confident about being able to reach audiences at scale, while a lower percentage of agencies (51%) shared similar confidence. This is because agency executives are more acquainted with the pitfalls ahead and tend to take a more cautious view, the study found.