“Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Tim Webster, chief strategy officer and co-founder at The Exchange Lab.
Consumer data collection and privacy are increasingly hot topics as the world becomes more entwined with the technology and data that connects every part of our lives.
Consumers are undoubtedly data-driven, with many aspects of our daily lives progressively reliant on it. From Uber to in-store Wi-Fi, consumer data is increasingly collected in return for a data-driven service.
The ongoing debate on the privacy trade-off will likely intensify. As more studies look to gauge public sentiment around online privacy, I believe advertisers and publishers must take the proper steps to handle personal data just as carefully as banks handle financial data. They must also create an independent body to enforce the protection of consumer data.
It Begins With PII
At the heart of the privacy debate is personal identifiable information (PII). PII is any information about an individual obtained by a company, including information that can distinguish, trace or link an individual’s identity. What constitutes PII differs by country; for example, Germany classifies IP addresses as PII, whereas many other countries don’t.
PII is used in deterministic advertising, where a user’s device is matched by stitching data together from multiple points. This method is often mentioned in privacy cases and is also used to identify a user across devices using social and email logins. Consumers agree to the parameters upon accepting the data policy of each provider.
Most advertising companies don’t use PII in its raw form; instead it is sent over from publishers in encrypted code form. This makes it difficult – but not impossible – for anyone to identify an individual online.
Fundamental Problems With The Internet
IP addresses are numbers assigned to each device on a computer network that were developed back in the ’70s and took off quicker than any security technology could keep up with. As a result, small amounts of personal information are available each time you access the web and, as this information is gathered, it is open to abuse. Supposedly non-PII data, such as a cookie ID or IP address, can help a company identify a user with little trouble. One way to alleviate data leakage would be to stop cookie drops. However, if this protocol was tightened, it would be a major setback for the digital advertising industry. So what is the solution?
Advertising Needs A Financial-Style Data Regulation Body
The digital advertising industry needs an independent advertising body with the ability to see who has been affected by data loss when it happens and ensure companies follow strict investigation procedures. In the financial world, if this type of regulation wasn’t in place, no one would report data loss and fraud. Why should it be any different in advertising?
Within investment banking there are strict rules for moving PII data. Data is always encrypted and there are granular Internet security checks with annual reviews. There are also independent regulation bodies that ensure standards are upheld, with sanctions and fines in place when regulation is not met.
Advertiser And Publisher Responsibility
Ultimately, given the potential for abuse of the system, advertisers and publishers need to accept responsibility and ensure that data is held securely and legally. They must treat PII with the same level of importance as financial data.
Data breaches are no longer a single organization’s failure. Taking a look at a LUMAscape chart, which is by no means the full picture of the scale of the industry, you can see how many companies are involved in the advertising supply chain. From marketer to publisher and consumer, there could be five to 10 companies involved in the delivery of an ad.
Any one of these companies could keep IP addresses to link PII with non-PII data to get individual user profiles. It is the publishers’ responsibility to ensure they work with supply-side platforms (SSPs) that demand a high level of scrutiny of how they handle the data chain.
While we still have a long way to go until we see the types of data collection of the financial industry, advertising needs to start thinking about creating an independent body to safeguard consumer data. Only through openness and reassurance will companies be able to maintain consumer trust.