But as personal data plays an ever greater role in TV advertising, privacy is becoming a more prominent issue in the living room.
In any cases where personal data is used for personalisation or targeted advertising, data privacy laws like the EU’s General Data Protection Regulation (GDPR) apply, just as they do on mobile and web.
And we have seen cases where data collection by companies in the CTV advertising supply chain have been called into question. US TV manufacturer Vizio, for example, has been hit with multiple lawsuits around collection and use of viewing data on its smart TV sets. The company agreed a settlement of $17 million back in 2018, after having been caught tracking user viewing habits without consent.
The themes of the debate around privacy in the living room – of intransparent collection and use of data, and lack of user control – are largely the same as they are elsewhere. But privacy in the living room has its own specific nuances and challenges.
One major issue is collection of user consent for data collection and processing.
Device sharing, while not unique to TV, is much more common in the living room than it is elsewhere. So while one user in a household might have consented to data processing for a particular app or service, it’s likely others who haven’t consented will use those same services.
And the mechanisms by which consent is collected are somewhat more clunky on a TV set than on a web browser or in an app store. Which a cookie notification, or other consent form, can be easily navigated on mobile or the web, reading blocks of text and ticking consent boxes is less smooth via remote.
Plus, there’s generally less public awareness of how data is collected in the first place. An Ofcom report on privacy threats on connected living room devices found that while users may be aware that OTT services track the content they watch, they’re unaware of how and when their personal data is involved.
We’ve seen a number of approaches to tackling these issues. One is to simply avoid using specific personally identifiable information (PII) in the first place. Sky’s director of advanced advertising Graeme Hutcheson says its addressable advertising solution AdSmart only targets at the household level, and it will only target groups of 5,000 homes or more.
Sky collects consent for this household targeting when users sign up, and says users can adjust content preferences through their customer account. But steering clear of individual level targeting minimises risks around device sharing, since individual users aren’t being tracked anyway.
Some CTV apps meanwhile are enabling and encouraging use of different profiles within the same app, meaning users can manage consent individually.
But in Europe, GDPR places specific guidelines on consent collection. And IAB Tech Lab says many in the CTV and addressable TV advertising world currently fall short of these standards.
“The implications of global privacy efforts (GDPR / CCPA), and the use of Transparency Consent Framework (TCF) on CTV platforms is a topic that is not completely resolved and is being discussed in the Project Rearc working groups,” says Amit Shetty, senior director of product at IAB Tech Lab.
Ed Wale, MD EMEA at SpotX, outlined the issue. “In terms of targeted advertising that requires PII (typically IP address and Device ID), collecting consent preferences at the device or app level is common practise, and often leverages a binary “1/0” signal to denote consent,” he said. “The challenge for the living room environment, and specifically the TV device, will be evolving from the use of a binary signal to the ever-increasingly adopted IAB TCF String.”
Wale said adoption of TCF standards have been held back by the fact that most work on consent collection has been geared towards web browsers and mobile environments.
“Consent Management Platform (CMP) solutions were designed for browser based environments, and did not in the first instance, cater to a fragmented landscape of various device operating systems,” he said. “And the user experience and workflows of a CMP solution designed for a browser needed tailoring to the TV device and environment.”
An overall lack of standards
This struggle to make consent collection compliant with TCF is a symptom of a wider issue for living room privacy – an overall lack of standards.
While individual telcos, broadcasters and CTV publishers have their own approaches to privacy and data collection, these approaches often aren’t aligned. And the complexity of the ways in which TV content is delivered complicates things further.
Set-top boxes, smart TVs and additional connected devices (like an Amazon Fire TV stick or Roku box) might all play a role in delivering content and using data for personalisation. And the same broadcasters and publishers may reach the same users through a mix of these devices.
A lack of standardised identifiers in TV environments makes it harder to identify the same users across all these delivery points.
IAB Tech Lab has released guidelines for CTV identifiers, and says that progress is being made in driving adoption of these standards. These guidelines do, at least standardise some elements of consent collection, and definite categories of advertising identifier to help users understand how their data is being used.
But there is still plenty of work to do if broadcasters and CTV publishers want to avoid the mistakes made on the open web, and build a privacy safe infrastructure for targeted advertising from the ground up.