Originally posted by IAB on 1/22 here.
The recently released IAB guide “Defining the Data Stack” provides a framework for both advertisers and publishers to build or enhance their data stack, depending on where they are in their data capabilities journey. They can gain a baseline understanding of their needs and resources through this guide, as well as learn how each different type of data can enhance business performance when used properly.
Regardless of how your data stack looks or will look, and no matter whether you collect the data directly or leverage second or third-party providers, it is paramount to ensure that the data in your stack be privacy compliant. Given the importance of this topic, we thought it would be valuable to expand upon the information shared in the guide.
How Privacy Impacts Brand Safety
User privacy has moral and ethical implications, which should be key drivers for all players in the ecosystem. But, user privacy is also a business imperative for brands and agencies as they identify the data sets and data partners for their stacks. In fact, in today’s data-driven landscape, brand safety is no longer just about the environment in which ads run, it is also tied to the origin of the data that brands use for their initiatives. For this reason, it is vital that both brands and agencies be aware of and screen their partners’ data collection practices to ensure that they themselves are in a safe position. Consumers must be satisfied that their rights to understand how their data are used and to protect their privacy are being upheld. The data, after all, is theirs and it belongs to them. They are asking – rightfully so – for practices that may go beyond existing regulations and grant them the transparency, control, and access to data that they deserve, along with data provider accountability.
The same applies to the advertiser counterparts on the other side of the aisle: publishers. It has been said over and over that data is the new oil, and this is true not just for the brand marketer looking to drive higher campaign ROI, but also for publishers looking to improve the user experience — from content to advertising. Publishers today have an unprecedented opportunity to set the tone of the conversation with their users in the spirit of transparency and accountability, while giving users control and access over the data being collected and used.
Key Privacy Principles for Your Data Stack
So where to start? As you build your data stack, whichever combination of first, second or third-party data you choose to have, you’ll want to ensure that the data was collected in a privacy-compliant manner. Going beyond the formal vetting for privacy compliance, you’ll want to make sure that all data in your stack are subject to four key principles: consent, transparency, control, and accountability — which are essential privacy pillars to achieve a healthy data stack.
Let’s take a closer look at each one of them.
Consent entails ensuring that the user provided consent to collect and utilize their information. To legally qualify as consent in the EU and/or for certain types of sensitive information, such a precise geolocation data, it must be specific, informed, freely given, and unambiguous. Consent is the baseline of the relationship between the user and the entity collecting the data; no data exchange should happen if the owner (aka the user) did not agree to it.
Transparency requires that the user be clear on which information is collected, its uses, and what options they have. This very topic is currently at the center of most data discussions today, because the amount of data that can be collected has grown exponentially over the past decade, thanks to technology. This has caused a shift in the relationship between the user and the entity collecting the data. As a result, users are rightfully asking to be made aware of what data is being collected about them and how it is being used in an easily understandable manner.
With the term control, we refer to the consumer having the ability to opt out of data collection and use, and even erase the information previously collected, if they so desire. It is an important standard because it contributes to the creation of a principled ecosystem that honors user rights.
And last but not least, accountability is an organization’s ability to demonstrate its privacy program and the steps taken to ensure compliance. Accountability is crucial in establishing a trusting relationship with both the end user and prospective business partners, as privacy scrutiny increases across the board.
In December 2018, the Business Roundtable (BRT), a leading industry advocacy organization comprised of over 200 corporate CEOs, released a framework for a national consumer data privacy law. Interestingly, the document calls for federal regulation to protect consumer rights regarding personal data, focusing on the key pillars discussed above. Whether or not we’ll move in such direction, privacy is a global issue, and a principled approach to privacy centered on consent, transparency, control and accountability will be beneficial to all stakeholders—end users, brands, publishers, and data companies alike—ultimately leading to a more productive brand-consumer and publisher-consumer relationship.