TrustPid: Baking ad tracking into the internet infrastructure

A consortium of Europe’s largest telecommunications operators (telcos) has proposed a new kind of tracking ads system to challenge commercial surveillance heavyweights like Google and Facebook. The new tracking system, misleadingly dubbed ‘TrustPid’, would be baked into the internet’s network infrastructure – potentially with little recourse or defence for users.

By EDRi & Access Now (guest author) · February 10, 2023

Based on the limited publicly available information, TrustPid claims to implement a number of privacy-preserving principles while developing their ad-tracking system. Participating telcos say that no tracking will take place without people’s freely-given consent. For that, TrustPid even developed its own consent screen which aims at making it easy to say “No, thanks.”

Mock-up of TrustPid consent screen. Source: Vodafone

The consortium also suggests, it will not do any user profiling itself but instead plans to leave that type of work to the websites and apps that sign up to TrustPid. As a result, the new telco system might enable new opportunities for intrusive profiling but without direct responsibility. The telcos say TrustPid will impose on websites and apps the exact way of how they must ask for consent, and claim that their consent screen will be entirely GDPR compliant. However, as of yet there appears to be no public information about how the TrustPid consortium thinks it might enforce compliance with people’s consent choices by participating websites and apps.

One identifier to rule them all

According to industry documentation, the system is designed to create a persistent identifier for each smartphone that is connected to any of the participating mobile phone networks. The identifier would be based on a combination of the user’s IP address and telephone number, each of those constituting personal data. So far it remains unclear which legal basis under GDPR and the ePrivacy Directive the telcos will use to lawfully create that identifier.

The TrustPid consortium claims that the system protects user privacy because the persistent identifier is not shared with advertisers, websites, or app operators that display ads. Instead, when a person visits a participating website or opens an app, the user’s telco will derive a temporary ‘marketing token’ from the identifier and transmit it to the advertiser, website or app.

The token-based approach could limit the harmful cross-site tracking that is the industry default at the moment, where advertising firms like Google, Facebook and many others spy on you wherever you go online. But it unfortunately does nothing to limit the harvesting of personal data or its use for micro-targeting ads done by websites and apps themselves.

To the contrary: TrustPid appears to be just another first-party cookie system that incentivises advertisers, websites and apps to track people’s activities and behaviour themselves to micro-target them with ads. The system therefore does not change the current harmful tracking ads business. In an attempt to compete with Apple, Google and other dominant tracking ad firms, telcos merely shift the data collection to websites and app providers and could skilfully monopolise a user identifier as part of the internet’s network infrastructure.

Profiling remains at the heart of advertising

While TrustPid pitches itself as privacy-friendly alternative to the current tracking industry (and to be clear: it might indeed be slightly better than the status quo), it does not incentivise any reduction of profiling and spying on people online. By claiming that ad tracking can be done in a privacy-friendly manner, TrustPid’s public documentation downplays the potential for abuse their system could enable on the website and app level.

Individual websites and apps will continue to suck up huge amounts of personal data from people: reading habits, purchasing history, app usage patterns and contact metadata, to only name a few. TrustPid is supposed to be a pseudonymous system, but social media logins or the obligation to create an account will enable websites and apps to easily identify people and correlate identities with TrustPid marketing tokens.

To be sure, participating telcos say that contractual clauses will prohibit partnering websites and apps to do that and all kinds of other nasty stuff with the data they collect. We have been told that the onward sharing of marketing tokens will be prohibited, as well as the targeting based on sensitive data like sexual orientation or political views. What remains unclear is how the telco consortium is going to enforce those data misuse rules for potentially millions of websites and apps – should the system be commercially successful.

Somewhat better, yet not good at all

With the little technical information that is currently available, it is hard to judge just how much impact TrustPid would really have on the tracking ads market. Depending on its success it might indeed shift the power balance away from the worst data brokers out there that currently violate people’s privacy with every click they make.

What it does not seem to do is create a privacy-respecting alternative that incentivises data minimisation and protects people from micro-targeting. It looks like the only way to achieve this positive outcome remains a ban on tracking ads in Europe.

By: Jan Penfrat, Senior Policy Advisor, EDRi & Estelle Masse, Senior Policy Analyst and Global Data Protection Lead, EDRi member, Access Now.