February 3, 2020

Triumvirate proposes new solution to adtech issue

Three organisations have joined forces to set up a working group in an effort to tackle one of the biggest conundrums of the adtech world; how to ensure GDPR compliance when using real-time bidding systems.

The issue has been vexing data regulators from the UK and Ireland since complaints were lodged with both the UK Information Commissioner’s Office and the Irish Data Protection Commissioner just weeks after GDPR came into force.

The official complaints – on behalf of tech start-up Brave, the Open Rights Group and University College London – called for an EU-wide investigation into the practice.

However, it was not until June 2019 that the ICO issued its first report into the issue, in which it claimed the ad industry’s “immature” understanding of data protection is triggering the mass unlawful use of consumer data, leaving millions of consumers at risk of potential harm.

The regulator has been criticised in recent weeks for its lack of action but, since its initial report, two principal alternatives have evolved to solve the problem: a "walled garden" approach proposed by Google and an Internet Advertising Bureau UK led proposal, involving improvements and tightening-up contractual terms and conditions.

However, now technology firm Anonos, data giant Acxiom and think tank the Information Accountability Foundation (IAF) have set up the “5th Cookie” working group, that will study how GDPR recommended technical and organisational safeguards will be able to enforce greater accountability and ethics across the adtech industry.

The trio believes its third alternative, supporting a democratised co-operative model, should be evaluated. If a decision is made to go in one of the other directions outlined above, members of the 5th Cookie working group believe it should be a conscious decision, after evaluating the merits of all alternatives, including consideration and evaluation of their model.

Anonos general counsel and CEO Gary LaFever said: "GDPR highlights pseudonymisation as a recommended technical safeguard. Pseudonymisation - legally defined for the first time at the EU level in the GDPR, with a heightened standard relative to past practices - is a new state-of-the-art.

“In more than a dozen places, GDPR links pseudonymisation to express statutory benefits. Under GDPR, pseudonymisation is an established legal standard that allows all sides to ’win’ by balancing data protection and innovation.

“The 5th Cookie model embraces GDPR compliant pseudonymisation and data protection by design and by default to support GDPR compliant legitimate interest processing as a complement to consent."

The organisations claim the 5th Cookie model is proof that legitimate interest-based adtech processing is possible. As a result, everyone interested in ethical data stewardship, from the smallest players to the largest brands, can participate in digital marketing.

Data subjects could be reached by advertisers as members of small, dynamically changing groups called micro-segments. Each micro-segment would represent the individuals included within the group, and based on individual characteristics, data subjects could be included in multiple micro-segments.

The composition of micro-segments would change dynamically to reflect the individuals, corresponding to the specified characteristics associated with the micro-segment.

IAF executive director and chief strategist Martin Abrams said: “In today’s data-driven world, new technical measures are necessary to balance data innovation and the assurance of the full range individual rights because consent by itself is no longer enough."


This article originally appeared in dataIQ.  All trademarks are the property of their respective owners. All rights reserved by the respective owners.


Are you facing any of these 4 problems with data?

You need a solution that removes the impediments to achieving speed to insight, lawfully & ethically

to Insight
Are you unable to get desired business outcomes from your data within critical time frames? 53% of CDOs cannot achieve their desired uses of data. Are you one of them?
Lack of
Do you have trouble getting access to the third-party data that you need to maximise the value of your data assets? Are third-parties and partners you work with worried about liability, or disruption of their operations?
Inability to
Are you unable to process data due to limitations imposed by internal or external parties? Do they have concerns about your ability to control data use, sharing or combining?
Are you unable to defend the lawfulness of your current data processing activities, or data processing you have done in the past?
Traditional privacy technologies focus on protecting data by putting it in “cages,” “containers,” or limiting use to centralised processing only. This limitation is done without considering the context of what the desired data use will be, including decentralised data sharing and combining. These approaches are based on decades-old, limited-use perspectives on data protection that severely minimise the kinds of data uses that remain available after controls have been applied. On the other hand, many other new data-use technologies focus on delivering desired business outcomes without considering that roadblocks may exist, such as those noted in the four problems above.
Anonos technology allows data to be accessed and processed in line with desired business outcomes (including sharing and combining data) with full awareness of, and the ability to remove, potential roadblocks.