AdTech and Digital Marketing - 5th Cookie Working Group

Use Pseudonymisation-Enabled Legitimate Interest processing to:

  • Resolve Conflicts Between Data Use and Data Privacy.
  • Complement Consent to Support Sophisticated Data Science.
  • Enable Demonstrable Accountability with Auditable Technical Safeguards.

Key Business Considerations

The problems arising with AdTech and the digital marketing industry are some of the most poignant examples of the limitations of traditional approaches to data protection. The ways in which solutions to the AdTech problem have been approached are premised on the notion that data use and data privacy are necessarily in conflict with one another, when this is in fact not the case.

The AdTech industry engages in a significant amount of data sharing and data collaboration, as well as processing using Big Data analytics and AI tools. These methods can:

  • Make advertising and marketing more accurate.
  • Increase customer reach and refine targeting strategies.
  • Help to separate customers with more-efficient segmentation.
  • Support product and service personalisation.

However, when using these approaches, in many cases it can seem that they are in contrast to the privacy of data subjects.

Key Legal Considerations

In fact, to support individual privacy, GDPR-compliant technical and organisational safeguards in the form of digitally-enforced Pseudonymisation controls can be embedded in the data. This helps to enforce risk-based data protection policies, which resolves conflicts between maximising data value and protecting fundamental personal rights to privacy in the AdTech industry.

In addition, GDPR-compliant Pseudonymisation requires that re-linking and re-identifying should not be possible without access to additional information kept separately and used only for authorised purposes. The AdTech industry faces issues with the Mosaic Effect with large amounts of data sharing between third parties for the sale and creation of advertisements.

Another important aspect of the GDPR is the requirement that consent must be specific and unambiguous to serve as a valid legal basis. Under the GDPR, for consent to serve as a lawful basis for processing personal data, it must be “freely given, specific, informed and unambiguous.” These requirements are impossible to satisfy when advanced analytics can not be described with the necessary specificity and unambiguity at the time of data collection.

This means that you need to rely on Legitimate Interests processing for conducting advanced analytics in the AdTech industry. Legitimate Interests processing provides benefits for data controllers wanting to lawfully use data for secondary processing and repurposing.

However, for Legitimate Interests processing to satisfy legal requirements, you must show that you are using “appropriate safeguards” to adequately reduce the risk of data misuse, such as GDPR-compliant Pseudonymisation.

Anonos Pseudonymisation Technology

The problem is that until now, no data protection technologies were capable of supporting Legitimate Interests processing, by reconciling the conflict between data protection and utility when processing the personal data of customers to maximise lawful data value.

For example, conventional data protection technologies that support anonymisation, encryption, static token allocation, and differential privacy:

  • Significantly degrade the utility of data, distorting the accuracy and predictability of the insights you need;
  • Fail to deliver effective protection against unauthorised re-identification; and
  • Limit the further use of valuable data for non-primary purposes.

Click here to learn what other global companies have proven – that it is possible to retain up to 100% of the accuracy of analytical value when processing datasets protected using patented Anonos Variant Twins®.

Anonos state-of-the-art Pseudonymisation technology is superior to other data protection techniques because it helps enable lawful repurposing, distributed secondary processing and data sharing while delivering data utility equivalent to processing unprotected cleartext versions of personal data.

5th Cookie Working Group

In addition, the 5th Cookie working group has also made large strides towards tackling the AdTech problem, leveraging GDPR principles of Pseudonymisation and Data Protection by Design and by Default to alleviate major issues in the AdTech industry. It is not intended as a “silver bullet,” “golden shield” or “magic wand” that works by itself, but rather complements other GDPR principles and obligations to support and build upon alternative solutions.

Read more about the 5th cookie working group here.