Ad industry finally embraces privacy rules

After years of preaching self-regulation, the world's biggest advertising companies are suddenly getting behind the idea of national regulation on privacy.

Why it matters: The ad industry realizes it can't avoid regulation forever — especially in light of increased data breaches and scandals over the past year — so its best bet is to support federal rules now rather than face dozens of different state regulations down the line.

The latest: Four of the biggest advertising trade bodies (ANA, IAB, ARF and CIMM) introduced a "Data Transparency Label" Monday at Advertising Week NYC, which is like a nutrition label for audience data that discloses the sources of data and segmentation.

• Eventually, the thought is that these labels will be housed in participating platforms, such as Google or Facebook, so that when a marketer goes to purchase an audience segment, they can see the data label alongside it.

Perhaps the biggest signal that the ad industry taking privacy regulation seriously comes from the Interactive Advertising Bureau (IAB), which for the first time ever last week said it supported "sensible" national privacy legislation to avoid state-by-state solutions. In response to a new proposed privacy bill from the state of New Jersey, IAB said Monday:

"The panoply of disparate, overlapping, and often contradictory state privacy laws is increasingly making operating in the online space, including the digital advertising industry, complicated at best and untenable at worst."

Ad giants including Google, Apple and AT&T told lawmakers at a hearing last week that they generally support federal policy rules while pushing back on state-led efforts.

Yes, but: These companies are wary of some of the biggest policy proposals backed by privacy advocates, per Axios' David McCabe, including:

• Mandatory opt-in: Obtaining affirmative "opt-in" consent to collect user data.
• Allowing the FTC to set rules: Currently, it can only enforce Congressional law rather than create rules of its own.

Meanwhile, their ad businesses continue to become even more reliant on data-based targeting. There have been calls for a national privacy framework in the U.S. to mimic the one implemented this year in Europe — the General Data Protection Rule (GDPR).

• Case-in-point: Facebook's latest data breach — impacting 50 million users — could cost the company upwards of $1.63 billion, per WSJ, under the highest possible GDPR penalty in Europe.
• But while FTC commissioners are expressing concern over the breach, it's unclear how seriously they plan to probe or penalize the tech giant. A Facebook spokesperson says they haven't been contacted about an investigation yet.
• The FTC hasn't concluded its investigation into Facebook's Cambridge Analytica scandal in March, nor has it levied any fines.
• Until data is misused, Facebook's breach will be forgotten, TechCrunch's Josh Constine predicts.

Sound smart: Even though ad giants believe that supporting a national framework will stave off state approaches, federal regulation is still unlikely.

"We're skeptical of passage given the complexity of issue and potential House-Senate split in 2019-20. We see only a 35% chance of Congress passing privacy legislation in the next two years."