Privacy

Privacy is a Journey

By Gerald Smith / 5 minutes

← Resource Center Home

The multi-faceted nature of privacy compliance demands a multi-pronged approach. Providing data services globally means compliance with numerous laws and regulations that do not align neatly – especially in the 20+ U.S. states that have passed their own flavor of comprehensive privacy law.

Beware of easy answers

Adtech companies are advertisers themselves. They need to differentiate their product in the market and communicate a value proposition that resonates with their customers and prospects. What those customers and prospects want is assurance that they are working with a data partner that understands and respects the complex privacy regulatory environment. Buyers will naturally be drawn to solutions that claim to have a ‘silver bullet’ for safely navigating the plethora of privacy constraints, and ‘anonymized’ data seems appealing at first glance. As the FTC highlighted and as seasoned companies in the location data space know, there is no single action that can make your data ‘privacy safe’, including ‘deidentification’ or ‘anonymization’ as those terms are commonly used in the data industry. Obfuscating identifiers such as the device ID using hashing techniques is a valuable step in the process, but on its own does not solve the problem. Hashed IDs, as has been widely reported, are only as robust as the hashing methodology used to generate them. If a commonly known and reversible hash is applied, the protection is about as strong as a removable decal. That’s not to say hashing doesn’t have its place in the privacy-preserving toolkit. A great way to apply hashing as a component of privacy is to utilize it to further obfuscate an ID that has already been hashed. For example, a non-derivative identifier can be generated by utilizing an internal hash that allows your customers to work with an ID that has no value outside of your system as only you can reverse it, not the marketplace. This brings control into your organization over its data products that in conjunction with other methods creates your privacy posture.

Providers of data analytics, especially those that may include sensitive data fields, must step outside their own silo in the ecosystem and examine the risk of data reidentification through a holistic lens. Data is not created or used in a vacuum, so focusing only on the reidentication risk based on your own assets is a mistake. Looking at the possible ways your data product can be used (and abused) out in the wild and building defenses against misuse requires action beyond just the device ID.

For example, data that reports on a device’s movement in raw form has the inherent ability to identify a user’s likely home location with some probability. Including contractual requirements prohibiting recipients of the data from identifying a user’s home location is a step in the right direction, but words on paper without technical controls are weak. A better approach is to acknowledge that even without inclusion of a plain device ID, the data can be made even less reidentifable by obscuring or removing certain data near a device’s likely residence. By providing the customer with data that has no finer GPS resolution around a device’s likely home location than a census block group, for example, reidentifcation is not just contractually prohibited but also technically controlled.

No Silver Bullet

Another tool adtech data providers have at their disposal is the ability to curate products that meet their customer’s specifications while simultaneously applying Privacy by Design principles, such as data minimization. The easiest way to sell data is to simply pass it down the line to customers without taking any action to enhance the safety or quality of the data. The easy way, as is often the case, is not nearly sufficient in today’s market. Adtech data providers have an opportunity to improve the marketplace while reducing their customers risk by putting actual thought into what their customer wants and needs. If there is a way to help the customer answer the questions they have while also reducing the reidentification risk of the underlying data, a true ‘positive-sum’ outcome can be achieved. How does this work? First, don’t simply pass a raw feed of location data to your customers. They don’t need this volume or level of fidelity in most cases to answer their questions, and they often are not equipped to properly preserve data privacy at this granularity – which is why they contacted you. Adtech providers add value by taking on this specialized work and finding creative solutions without compromising user privacy. Does your customer simply need to understand population movements around certain areas or locations? Device-level data can be replaced with aggregate data that reveals the desired insights while keeping device-level data inside the privacy-safe environment you have created. Don’t lose sleep over where your data is going or how it is being used. Put in the extra work to make your privacy claims more than mere words, and demonstrate their efficacy to your clients and the market.

About the Author

Gerald Smith, General Counsel and Chief Privacy Officer

Gerald has been building and leading global privacy and risk-management programs in the financial, automotive, and tech sectors for over a decade. He received his bachelor’s in Economics from the University of North Carolina and his law degree from Chapman University. He is an IAPP Fellow of Information Privacy.