As long as companies have the ability to track, collect and use consumer data for their advertising efforts, privacy issues will loom large. Consumers are being tracked online more than ever before, as opportunities abound for the display ad industry to turn data into dollars.


All of this opportunity, however, comes with a price (above and beyond money spent buying data). Advertisers must engage in a tricky balancing act between better-targeted ads and consumer privacy – all while navigating a landscape full of legal landmines.

Companies need to do certain things with data to optimize campaigns and ensure they deliver the most personally relevant ads, an increasingly important goal in this age of consumer-led marketing. However, this raises considerable privacy concerns and creates many dilemmas for advertisers to deal with.

Deduplication

In ad tech, removing duplicate data entries typically refers to audience deduplication. Running a campaign on multiple platforms (ad servers, networks, DSPs) or delivering to multiple devices (online and mobile) creates different cookie IDs for the same visitor. Deduplication stitches this data together and provides the true unique visitor reach of the campaign. The problem lies in storing multiple device/cookie IDs, which may continue to track consumers who intentionally deleted cookies. Ever-cookies (undeletable cookies) are forbidden and have been the root of several industry lawsuits.

  • One solution would be a universal “device graph” platform. In practice, companies like Facebook and Google won’t expose their data to other vendors for obvious reasons, and only they have large enough data sets that are deterministically mapping devices to consumers. My take is that for now, the best approach is to use first-party data and encourage your users to sign in. This will allow you to create a device graph for a particular visitor. You could also look to build partnerships for second-party data, which will enable you to enlarge your device graph.

    Data Usage & Sharing

    Most consumers know that their online activity is being tracked, usually via cookies, and used for advertising and marketing purposes – but that’s about all they know. A majority of these people don’t know just how much of their online data is being collected and is flowing through the online advertising ecosystem.

    Recent regulations, most significantly, last year’s EU General Data Protection Regulation requires advertisers to get “unambiguous” consent from consumers before using their data for marketing purposes. This is having a significant effect on data providers and the exchange of data between parties as large potential fines are at stake.

  • I believe it’s okay to give away a free Web or mobile app service in exchange for displaying ads. It’s also permissive to use the data for marketing – but the user has to be aware of and agree to it, as well as understand with whom you are going to share the data with and how to opt out in the future. Regulations mandate you make all of this clear, but go beyond the letter of the law and try to use the data to add value to your visitors and customers vs. strictly to add them into more audience segments, feed them more ads, or monetize the data. Think for a second if you would give consent yourself if you were in their shoes.

    Defining PII

    Although the meaning of “personal data” may seem self-explanatory, it’s more complex than that, affecting both the type and amount of information you’re allowed to collect, store, and process. There’s actually debate about what PII is and how it’s defined. PII stands for Personally Identifiable Information, and in general includes any data that may lead to identification of an individual. A single data point may not be PII, but combined with other data collected about the same user may become PII (e.g., year of birth, age and postal code). When collecting PII, you must abide by certain requirements.

    • Ensure users have a way to “reset” their identifier and start a new identity without being linked to earlier behavioral profile or user ID (e.g., email address, phone number).
    • Ensure that a set of data points you collect doesn’t identify a specific person (and by that I mean I can’t go out in the real world and find the person).
    • Ensure you have data retention policy and comply with privacy regulations (it’s never okay to keep the data forever).
    • Ensure you stay up-to-date with any new privacy regulations.

    Online data privacy will continue to be a hot topic. As more and more users go online through both Web and mobile devices, the opportunities for companies to target them with their ads is only going to increase. Regardless of your own view on data collection, it’s an area of online display advertising that has many challenges to overcome – both from the business and user side. I’m interested to see how things develop from both a practical and regulatory perspective in the years to come.

    This post was originally published on Website Magazine on May 17, 2016.