Privacy is coming to the internet and cookies are going away. Many argue this is long overdue; those of us in the advertising industry are challenged by what happens next.  We don’t have much consensus on what online privacy means and what’s on the table conflicts fundamentally with competition.

Can we achieve the underlying economic aims of online advertising in a private way? Advertisers don’t necessarily want (or at least need) to know who you are as an individual. Advertisers don’t really want to know who you are – they want to show diaper ads to people who have babies, not to show them to people who don’t, and to have some sense of which ads drove half a million sales and which ads drove a million sales. Targeting ads per se doesn’t seem fundamentally evil, unless you think putting car ads in car magazines is also evil. But the internet became able to show car ads to people who read about cars yesterday, somewhere else – to target based on the user rather than the context. This is both the same and completely different.

The answer seems to be whether advertisers disclose whatever they’re doing and get consent. Sounds good but in practice we’ve discovered, ‘get consent’ means endless cookie pop-ups full of endless incomprehensible questions that no normal consumer should be expected to understand and just train consumers to click ‘stop bothering me’. Meanwhile, Apple’s on-device tracking doesn’t ask for permission, and opts you in by default, because, of course, Apple thinks that if it’s on the device it’s private. Perhaps ‘consent’ is not a complete solution after all.

But the bigger issue with consent is that it’s a walled garden, which takes me to a third question – competition. Most of the privacy proposals on the table are in absolute, direct conflict with most of the competition proposals on the table. If you can only analyze behavior within one site but not across many sites, companies that have a big site where people spend lots of time have better targeting information and make more money from advertising. If you can only track behavior across lots of different sites if you, do it ‘privately’ on the device or in the browser, then the companies that control the device or the browser have much more control over that advertising.

These are all unresolved questions, and the more questions you ask the less clear things can become. Apple clearly thinks that scanning for CSAM on the device is more private than the cloud, but a lot of other people think the opposite. You can see the same confusion in terms like ‘Facebook sells your data’ (which, of course, it doesn’t) or ‘surveillance capitalism’ – these are just attempts to avoid the discussion by reframing it and moving it to a place where we do know what we think, rather than engaging with the challenge and trying to work out an answer.  The problem is we can’t even agree on the questions so we can come up with the best answer to what exactly online privacy is.