Data Protection Project
Neutralize GDPR risk ahead of time.
Neutralize GDPR risk ahead of time.
PageFair announces work on a new Data Protection Platform project to prevent personal data leakage in online advertising, while enabling compliant programatic targeting, to protect advertising companies from legal liability under upcoming European data regulations.
Brands, publishers, and adtech will face legal risk when the General Data Protection Regulation (GDPR) and e-Privacy Regulation (e-PR) are enforced on 25 May 2018.
The data protection platform will integrate with publishers and ad tech partners to ensure compatibility with the new regulations. PageFair is welcoming partners to this new initiative.
Understand the risks
New European regulation will confront the digital media industry with fines of up to 4% of global annual turn over, and two big challenges to solve:
The advertising system must adapt to mixed states of consent, working with no personal data where data subjects have not given their consent, but enabling personal data where consent has been obtained.
Leakage of personal data will expose all businesses involved to the risk of potentially fatal lawsuits. This includes brands, agencies, publishers, and adtech.
What a user must be informed about under GDPR:
- Who is collecting the data, and how to contact them or their European representative.
- What the personal information are being used for, and the legal basis of the data processing.
- The “legitimate interest” of the user of the data (This refers to a legal basis that may be used by direct marketing companies).
- With whom the data will be shared.
- Whether the controller intends to transfer data to a third country, and if so has the European Commission deemed this country’s protections adequate or what alternative safeguards or rules are in place.
- The duration of storage, or the criteria used to determine duration.
- That the user has the right to request rectification to mistakes in this personal information.
- That the user has the right to withdraw consent.
- How the user can lodge a complaint with the supervisory authority.
- What the consequences of not giving consent might be.
- In cases of automated decision-making, including profiling, what the logic of this process is, and what the significance of the outcomes may be.
Reference: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Recitals 39, 58, 60-63, and Article 13 paras. 1-2, and Article 13 and Article 14.
Many companies interact to transact the online bidding that selects what ad will be shown to what person on a website. They coordinate with each other using third party cookies and a process known as cookie syncing, which cross-references their tracking cookies. This means that PII held by one party is shared with many other parties.
Ad exchanges coordinate the auctioning process that determines whose ad will be shown to a user on a website. The exchange shares what it knows about a website user (its own identifier on the user, the URL the user is on, the IP address and “user agent” details of the user’s browser and system) with several hundred prospective advertisers so that they can decide whether to place a bid for that user’s attention. When possible the exchange also sends prospective bidders their own identifier on the user, matched in a recent cookie sync, so that bidder can check what it knows about the visitor.
PageFair will protect brands, publishers, agencies, and adtech companies by stripping risk from online advertising data, while enabling targeting.
Chaperones 3rd party data
Blocks third party data obtained without permission or of unknown provenance.
Guard browser access and reject toxic targeting data of unknown provenance.
Interest Group Targeting
Target relevant ads to web users with no privacy trade-off.
Manages mixed states of consent
Enables all parties to switch between data modes as appropriate for each user.
Privacy by design to enable programmatic
A Data Protection Platform protects the entire ad supply chain by converting ad formats that leak data, managing 3rd party access at publisher level, and discarding hazardous data before storage (where consent is absent).
It also enables the ad supply chain to manage mixed states of user consent: it builds interest groups to enable programatic ad targeting without personal data. But it also helps publishers secure consent for partners via its membership platform.