The ICO gives consent or pay the green light in the UK

Welcome to the latest edition of Spotlight, your monthly summary of the hottest headlines from the world of digital marketing.

What we have for you today: Where privacy may be heading in the US, the latest on AI privacy concerns, and more on Google’s opt-in for cookies.

Consent or pay gets the OK

The UK’s Information Commissioner’s Office (ICO) has made the somewhat surprising decision to give its OK to publishers’ “consent-or-pay” models. This is where web users either must consent for their data to be used for advertising or pay a fee to access content. The UK regulator has taken a more positive view than the EU on whether businesses can comply with data privacy laws when making free access to services conditional on accepting personalised advertising.

Publishers considering this approach should proceed with caution, however. A recent survey by the IAB demonstrated that nearly 80% of consumers would prefer to get more ads in turn for having to pay nothing for websites or apps and that 91% of consumers would react negatively if they had to start paying for the websites pr apps they currently use for free. Adopting a consent-or-pay approach could well come back to bite publishers.

Privacy in the USA

What will happen to privacy laws in the US now that the Trump administration is in charge? While the President is known to be in favour of “small government”, it’s also possible that emerging consensus over national security concerns could see more rather than less privacy regulation over the course of the next few years. According to Senator Ron Wyden, concerns over how data might be misappropriated by foreign hackers or state actors means that data privacy could be one of the few issues where coalitions form across the aisles. It remains to be seen to what extent this will happen, but the message is certainly clear: data privacy will likely remain an important theme in the US in the foreseeable future.

What next for cookies? Who knows

Google has put out another statement regarding its proposed opt-in model for third-party cookies on Chrome, and it doesn’t give much away. According to a Google spokesperson speaking at the IAB annual leadership meeting in Palm Springs in January, consent will be given over a “one-time global prompt.” Parsing these few words for some sort of meaning, it seems like Google’s approach will be like Apple’s opt-in model for its ID for advertisers, a move that decimated signals and threw many a publisher’s business model into disarray. The marketing industry should start reviewing alternative IDs and new personalisation strategies to prepare for a scenario in which third-party cookies all but dry up.

The AI privacy debate heats up

DeepSeek, the low cost and high-performing generative AI app from China may well have shaken Silicon Valley to the core and become the most downloaded free app on Apple’s app store, but it also appears to be a privacy nightmare. In its own privacy policy, the app warns that, amongst other things, user data may be sent to China, that DeepSeek may share information collected through your use of the service with third parties, and that the apps will collect personal information through cookies, web beacons and pixel tags, and payment information. In short, if you care about privacy, don’t use it.

Businesses planning to use AI tools should also take note that the EU AI Act is now in force. To avoid heavy non-compliance penalties, AI systems must be designed with privacy in mind and be regulated by strict data governance processes. Transparency in how personal data is used is central and the Act imposes strict obligations to inform users when interacting with AI systems. So, although AI is predicted to transform marketing and potentially other user focussed sectors as well, privacy remains a key concern that needs addressing with privacy-first AI approaches.

Giving publishers control

Finally, Digiday reports that a growing number of publishers are starting to take a firmer grip on the programmatic reins, whether by cracking down on resellers or loosening Google’s grip over the adtech stack. Another way publishers can take control is to replace third-party cookies with consented publisher IDs. Leveraging approaches such as telco verification, publishers can build 360-degree audience profiles and verify return visitors in an approach that is privacy compliant. Taking control of IDs in this way will help publishers better monetise their inventory and optimise ad revenues.

More from Novatiq

If you’re looking to learn more about the opportunity on offer for publishers with telco-verified IDs, then check out our new whitepaper on the topic. Here you will discover the future-proof identity strategies that safeguard publisher ad revenues in the era of signal loss.

If you’re a telco in search of some inspiration for new revenue generating initiatives, read our updated whitepaper on the topic. Our whitepaper will help you carve out a unique service vertical for your telco business.

Finally, a reminder that if you’re at MWC in Barcelona between 3-6 March, we would love to meet up. We’re there catching up with telcos to discuss the huge revenue opportunities on offer through telco-verification services. Let us know if this sounds of interest.

As always, you can also read more in our monthly blogs. Our latest looks at why ID interoperability is key for publishers in the post-cookie future.