Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech
GDPR Recommended Technology Safeguards Enable Democratized Digital Marketing
Anonos, the leading data privacy and enablement technology provider, Acxiom, the data and technology foundation for the world’s best marketers; and the Information Accountability Foundation (IAF), the preeminent global information policy think tank, announced the formation of a ‘5th Cookie’ working group that supports exploration of using GDPR recommended technical and organisational safeguards to enforce greater accountability and ethics across the AdTech real-time bidding (RTB) ecosystem.
The ICO issued a June 2019 report highlighting shortcomings of the RTB industry in complying with data protection requirements under the GDPR. In follow up to the ICO report, two principal alternatives have evolved to solve the AdTech problem:
- Closed Platform (often termed a ‘Walled Garden’) approach proposed by Google
- An Internet Advertising Bureau (IAB) UK led proposal primarily involving improvements to and tightening-up of contractual terms and conditions
While these alternatives have merit, the founding participants in the 5th Cookie working group believe that a third alternative, supporting a democratized cooperative model, should also be evaluated. If a decision is made to go one of the other directions outlined above, members of the 5th Cookie working group believe it should be a conscious decision after evaluating the merits of all alternatives, including consideration and evaluation of a GDPR influenced model.
Gary LaFever, CEO and General Counsel at Anonos, said: “The GDPR highlights pseudonymisation as a recommended technical safeguard. Pseudonymisation – legally defined for the first time at the EU level in the GDPR, with a heightened standard relative to past practices – is a new state-of-the-art process that substantially improves privacy protections, that when coupled with proper legitimate interest assessments, could expand the potential uses of personal data beyond those relying on consent alone. In more than a dozen places, the GDPR links pseudonymisation to express statutory benefits. Under the GDPR, pseudonymisation is an established legal standard that allows all sides to ‘win’ by balancing data protection and innovation. The 5th Cookie model embraces GDPR compliant pseudonymisation and data protection by design and by default to support GDPR compliant Legitimate Interest processing as a complement to consent.”
Dr. Sachiko Scheuing, European Privacy Officer for Acxiom, said: “Augmenting the options of so-called walled gardens and contract-focused solutions with GDPR pseudonymisation-enabled micro segmentation techniques is consistent with the principles embodied in Acxiom’s Data Ethics by Design framework. The 5th Cookie model could provide consumers with enhanced privacy while allowing effective marketing for brands. Acxiom is committed to helping ensure data flows around the AdTech space in a way that complies with legislation and achieves ethical use, enabling data to be used to provide both maximum value for brands and privacy for consumers.”
Martin Abrams, Chief Strategist at the Information Accountability Foundation (IAF), said: “There is a growing sense that observation, while necessary for many applications to work, is out of control, creating new dangers for individuals and society. The 5th Cookie model provides a metaphor for policymakers to differentiate between the underpinnings required for lawful targeted marketing of products and services and improper persuasive communications that can become potentially toxic. In today’s data-driven world, new technical measures are necessary, working hand-in-glove with clear policies, to balance data innovation and the assurance of the full range of individual rights. Consent by itself is no longer enough. This can be achieved by delivering ‘demonstrable accountability’ leveraging auditable and documented technical safeguards that regulators can use to verify compliance.”
The 5th Cookie model provides strong support that Legitimate Interest based AdTech processing is possible. As a result, everyone committed to ethical data stewardship, from the smallest players to the largest brands, can participate in digital marketing. Data subjects could be reached by advertisers as members of small, dynamically changing groups called micro-segments. Each micro-segment would represent the individuals included within the group, and based on individual characteristics, data subjects could be included in multiple micro-segments. The composition of micro-segments would change dynamically to reflect the individuals, corresponding to the specified characteristics associated with the micro-segment.
Advertisers could reach groups of people representing the segments in which they are interested. However, data subjects would be approached as members of groups and not as individuals. It would be up to each data subject to ‘raise their hand’ and identify themselves if they want to respond to an advertisement. Crucially, at any time, they could opt out of being included in further micro-segments-based marketing and outreach.
Three Steps or Stages:
- The first step is consent to Data Collection. There are three different categories of data that a data subject can consent to the processing of:
- Provided data
- Inferred data
- Observed data
- The second step involves the processing of data using legitimate interest-based processing leveraging GDPR pseudonymisation and data protection by design and by default to create dynamically allocated micro segments
- The third step involves reaching out to consumers as members of micro segments
This article originally appeared in MARTECHSERIES. All trademarks are the property of their respective owners. All rights reserved by the respective owners.
CLICK TO VIEW CURRENT NEWS