This year, we find ourselves firmly in the information age where data sharing is a common and expected practice across all sectors and facets of our lives — from banking to health care, government, marketing, and more. Literally every aspect of our current and expected future world involves the collection and sharing of data. As such, most, if not all, technology companies, like Cuebiq, collect, process, and share data as a part of their products and services.

Cuebiq’s approach to privacy is grounded in four key pillars: consent, transparency, control, and accountability. In this blog I won’t go into deep detail on our approach to named consent, but in summary, our users are provided a clear consent option to share their data with Cuebiq (as a “named” entity) for an express list of purposes — and users have the option to say “yes” or “no” to that consent request. To learn more about our approach to consent and all of the core privacy pillars at Cuebiq, please visit our Privacy Center and Privacy Policy. In this blog I would like to review our data-sharing practices and the transparency, control, and accountability we bring to support those efforts.

In many of our data-sharing activities we only share a hashed or obfuscated device ID, but in some cases we may also share an anonymous “advertising ID” provided by Apple and Google’s mobile operating systems. The user has full control of this Mobile Advertising ID with the ability to opt out of its being shared, to “rotate the ID” and be assigned a new ID going forward, or to zero-out the ID altogether (iOS only). Cuebiq also offers additional pathways for user opt-out control, beyond OS settings, and offers all users the option to get a copy of the data collected about them in portable form and to request that all of their data be deleted — at any time, from anywhere in the world.

Some of the key elements of our data sharing approach include:

• Transparency: Cuebiq only shares location information where an anonymous advertising ID may be present with a select list of partners. We make this list public and we’re the only company in our space that is fully transparent about our data partners. Our partner page is easily accessible and we allow anyone to subscribe to receive email notifications anytime this page is updated.  
  • As you can see from our list of partners, Cuebiq does not enter commercial contracts with government agencies or law enforcement for these types of data products. We do work with government agencies with highly aggregated data in our “Index” based products, which analyze how users move in mass with the lowest level of granularity being Census Block Group (600 to 3000 people in each group). 

• Limitations on Use: Cuebiq was among the first in our industry to develop and publicly post our Sensitive Points of Interest (SPOI) Policy, with which we, and any partner using our data, must comply. We prohibit the use of our data for purposes we feel are not ethical or are not proportionate to the consent we have received from users.  

• • For example, we do not allow our data to be used for any kind of analysis, even aggregated, around a number of location types, including government buildings or social demonstrations.
• Strict Contracts and Compliance Audits: All of our partners not only agree to strict contractual terms that prohibit any attempt to merge our data with personally identifiable information, but we also require that they undergo an annual third-party audit of their compliance with those terms. We have created a dedicated Compliance team focused on these efforts. 
• Privacy-Enhancing Technologies (PETs): It's important to note that Cuebiq's location-data sharing is generally limited only to visits to commercial whitelisted POIs (Points of Interest — like stores or restaurants) with no additional location data, or it undergoes differential-privacy processing to obfuscate the suspected home location of the device and eliminate potentially sensitive POIs not already removed by our location blacklist. Bundled with our Sensitive POI Policy, as well as location whitelists and blacklists, differential privacy is another emerging technique we leverage to more strongly anonymize data.

As Cuebiq’s Chief Privacy Officer I can’t overstate how proud I am of our commitment to privacy and our thoughtful and layered approach to handling sensitive data like precise geolocation data. I hope this blog provides a good picture into the depth and commitment to privacy we’ve architected into everything we do at Cuebiq.

Please check out our Privacy Center and Privacy Policy and don’t hesitate to reach out to us if you have any questions at privacy@cuebiq.com.

The post Consumer Privacy: Cuebiq’s Outlook on Data Sharing appeared first on Cuebiq.

After almost a year of anticipation, Apple has released its latest software update, iOS 14.5, along with its new privacy tool, AppTrackingTransparency (ATT). All apps must now use this framework to obtain consent from users to access their location information. We sat down with Lawrence Chan, EVP, Business Development at Cuebiq, to get his take on this change. Continue reading to learn about his views on why Cuebiq is well-positioned for this change and why Named Consent is so important right now. 

What is Cuebiq doing to comply with Apple’s IDFA opt-in enforcement?

We worked with our app partners to increase IDFA opt-ins where possible, leveraged first-party identifiers to offset the loss of IDFA grants, and we worked with partners to innovate the user flow to meet future updates to mobile operating systems. We’re confident that our direct relationships with apps and experience navigating previous OS updates (e.g. iOS 13 and Android X) will help our app partners mitigate some of the risk of losing users not opting into the IDFA. We believe that Named Consent and our privacy framework, along with our direct app relationships, will allow us to effectively avoid any significant changes to our scale or quality of location data.

What did the delay of Apple's IDFA opt-in enforcement mean for Cuebiq?

The delay had no impact on Cuebiq, as we’ve been fully prepared for IDFA opt-in enforcement for months. That said, with the delay we had some more time to build out processes we put in place and refined them even more.

Will Cuebiq be employing identifiers outside the IDFA?

Yes, but this is nothing new for us. We have always employed identifiers outside the IDFA, such as hashed-IDs and cookies. What’s more, we are increasing our device linkages by adding more cross-device partners.

As the industry creates standards for ID resolution, we’re in constant talks with the industry groups and technology partners that will be driving this new reality.

Why is Named Consent so important right now?

In a post-CCPA-and-GDPR world, Named Consent is the only way to prove that a location provider has consent rights to location data as well as prove how, when, what, and where that consent was created and captured. Proving consent is paramount — if a location provider can’t prove consent, they should not be using that data. Cuebiq is the only location provider with Named Consent for all of our app partners. Cuebiq takes a global approach to privacy and meets GDPR explicit consent requirements. This approach exceeds compliance in every U.S. state law and regulation, including the CCPA. In order for the consumer’s consent to meet this bar, we include specific use cases in the consent language so that the user knows exactly what uses they are consenting to share their data for prior to continuing. And of course, users can easily opt out of our data collection at any time.

What is Cuebiq’s stance on consumer privacy?

Consumer privacy is a global issue, and we believe that a future-proof approach to privacy and transparency is beneficial to all stakeholders, users, marketers, data and tech partners alike. At Cuebiq, we hold privacy as a core tenet and take a principled approach to ensure our products, services, and relationships reflect this. Privacy at Cuebiq can be described in four powerful principles: Consent, Transparency, Control, and Accountability.

Cuebiq has end-to-end tech to support privacy management and consent, and we will continue to invest in this.

Connect with our team to learn more.

The post The Inside Scoop: What IDFA Opt-In Enforcement Really Means appeared first on Cuebiq.

Offline intelligence can be incredibly powerful. At Cuebiq, we’ve seen firsthand how our mobility data insights can be used for everything from helping public health officials manage crises like COVID-19 to generating insights on economic segregation. We also recognize the great responsibility that comes with protecting user privacy, and that is why we consider some data too sensitive to process for certain purposes. In accordance with our core value of Transparency, we want to make everyone aware of how and why we go to these lengths.

We Think Before We Act

What we refer to as the Sensitive Points of Interest (SPOI) Policy has formed a touchstone for us internally as we evaluate whether to engage in partnerships or activities based upon our privacy-first ethos. The concept is simple — before we determine if we could share data about a particular location, we stop to think about whether we should. While we fully support unlocking the wealth of information that can be gained from measuring the mobility of the world around us, we are also in a unique position to enhance consumer privacy and protect the sanctity of individuals’ private lives. This is just one of many industry-leading steps that we take to protect individual privacy, and we thought it was time that we share it publicly.

We’ve put a great deal of thought into what may make a location sensitive and in what contexts. Some examples of sensitive points of interest include locations where predatory lending may occur, social demonstrations, religious facilities, and military bases. The nature of what makes a location or type of location sensitive is constantly evolving, and so is our approach to the SPOI policy. That is why we regularly review and update the policy to ensure that it remains relevant and reflective of cultural and individual sensitivities.

It’s About Accountability

Does all this mean that we sometimes turn down business opportunities because they don’t meet the standards that we’ve set for our culture and values? Absolutely. We believe that the commitment we’ve made to preserving the privacy of our users is paramount and that the best outcome for everyone is to create an environment where data can be shared in a thoughtful and privacy-compliant manner.

We view the use of location data as a partnership with our users. That is why we go further than our peers in explaining what data we collect, how we will use it, and with whom we will share that data. Ultimately, the user's informed consent is a handshake deal that we honor by considering how to care for and use their data in respectful ways. The SPOI Policy is one more way that we fulfill that promise. We invite you to review the SPOI Policy and to explore our Privacy Center for additional information.

The post Privacy and Accountability: Why We Created a Sensitive Points of Interest Policy appeared first on Cuebiq.

Published: 12/18/2019

We sat down with Shane Wiley, Cuebiq’s Chief Privacy Officer, to discuss the regulatory changes marketers should be on the lookout for and what they can do to prepare for the next few years.

As we look to 2020, which new privacy regulations should marketers be preparing for?

First and foremost, all marketers should be preparing for CCPA, which goes into effect on January 1, 2020. While enforcement of CCPA won’t begin until July 2020, enforcement can be applied retroactively on activities that have taken place from January 1 onward. 

After January, marketers should be prepared for additional state laws to come out in 2020. Some feel that there are as many as eight states that have made meaningful progress toward privacy legislation in 2019 but can’t possibly cross the finish line until 2020. However, given the upcoming presidential election cycle, federal privacy legislation isn’t expected in the United States in 2020. More likely, it will come to fruition in 2021, with strong drafts such as The Consumer Online Privacy Rights Act (COPRA) coming out in the closing weeks of 2019.

How have changes in consent management affected companies who collect precise  location data?

The biggest shift that we will see in 2020 is that the Network Advertisers Initiative (NAI) code of conduct will require an independent, explicit consent event for a third party to collect and use a user’s precise location data. To be more specific, the default operating system consent will not suffice. While Cuebiq implemented a consent event outside the operating system in 2018 for GDPR, this code of conduct may have significant effects on location-centric companies that, unlike Cuebiq, do not currently have a consent model that is independent of the operating system. Adhering to this code of conduct will prove even more complex for companies that don’t have direct first-party relationships with users like Cuebiq and instead rely on third-party location data from highly questionable data sources like real-time bidding transactions in which user consent for use of the data is not easily demonstrated. 

How is user consent tracked currently and how does consent tracking affect marketers?

Today, consent management is a “trust us” proposition. Typically, a company says that they have a user’s consent, and you are supposed to trust that they are being honest. Clearly, this is not a reliable consent management method. This past year, Cuebiq took steps to make consent verifiable, launching a Consent Management and Data Providence (CMDP) platform in partnership with the NASDAQ in June 2019. 

The CMDP offers organizations the option for consent to be recorded in a blockchain ledger and then confirmed, viewed, and validated by a third party. This allows marketers to verify that they are only using data that has been gathered in a way that is compliant with current and future regulation.

What can marketers do to prepare themselves for future privacy regulation?

Every business must decide if they are going to be reactive to each state’s privacy laws or if they are going to attempt to get in front of the rapidly evolving situation. What Cuebiq has done, and we encourage marketers to do as well, is to look at the trajectory of where privacy regulation is going and start to build their privacy program to meet those needs today. 

Be proactive instead of reactive. You can do this by putting your end user at the center of your privacy management policy. Once you orient your data handling approach around the concept that the user is part owner of their information in your system, it moves you into a consent-based paradigm that naturally supports user privacy rights such as access and erasure. 

For those marketers who don’t have the ability or bandwidth to shift their entire approach just yet, we’ve compiled five things to focus on:

1. Be legally compliant at the federal level — Study the past 20 years of FTC Consent Decrees, COPPA, and other laws that may affect your specific business vertical.
2. Be legally compliant at the state level — California, Nevada, and Vermont all have regulations with which you should become familiar.
3. Look to self-regulation groups for guidance — such as the NAI, MMA, IAB, and DAA
4. Iterate and evolve your approach as new laws come forward — Even a future-looking program may require “tweaking” as new laws emerge with highly prescriptive elements such as links that specifically say “Do Not Sell My Personal Information.”
5. Require partners to not only prove compliance, but also maintain forward-looking privacy policies — Leverage third-party audits to help you manage partner risk exposure.

How can marketers ensure that their partners will continue to be compliant in 2020 and beyond?

There are four key areas that marketers should look to their partners for when it comes to a privacy approach that goes beyond bare-bones compliance. 

1. Consent — Does the partner have a digital consent record on every single device that they are collecting data from, with the language for which that consent was given? Does that language name all parties that may be receiving the user’s data, have clear directions on how to retract consent, and allow the user to access the partner’s privacy policy prior to giving consent?
2. Transparency — Does the partner have a privacy center that explains privacy concepts to end users in nonlegal terms? Does the partner require its partners to be equally transparent through user interactions and their privacy policy?
3. Control — Does the partner provide users with an easy path to opt out? Do they honor not only direct opt-outs but also those communicated through the operating system or web browser? Do they allow access to, portability of, and erasure of user data upon request?
4. Accountability — Does the partner subject themselves to and successfully pass third-party audits? Do they require their partners to do the same? Are they members in good standing with vertically relevant self-regulatory groups?

About Shane Wiley

With almost 30 years of experience in software engineering, product management, and policy-related responsibilities, Shane is a recognized leader in developing sound policy solutions to cutting-edge technology challenges. As Chief Privacy Officer, Shane advances Cuebiq’s commitment to their “gold standard” of privacy, including applying a GDPR-like framework for user information and consent across all app partnerships. Shane also spearheads Cuebiq’s privacy technology project, leveraging blockchain to create an open data marketplace to bring economic value not just to data companies and their clients, but to end users as well.

Prior to joining Cuebiq, Shane was Vice President of Privacy at Oath and also led the Privacy and Data Governance team at Yahoo supporting over 1.4 billion users across hundreds of products, services, and platforms in over 80 markets in 40+ languages operating across PC, mobile devices, and cutting-edge consumer electronics. 

For more Cuebiq blogs, subscribe to our newsletter to receive all our latest content.

The post Data Privacy Regulation: What Comes After CCPA? appeared first on Cuebiq.

Cuebiq's Data for Good initiative is being continued with support from the Spectus.ai data cleanroom and their Social Impact professionals. Their commitment to positive social impact through the ethical and responsible use of location-based data makes further insights possible. We invite you to visit https://spectus.ai/social-impact/ for more on contributions to academia and research partners.

We had the pleasure of sitting down with Brennan Lake, Cuebiq’s Senior Director of Research Partnerships and Data, to ask him a few questions about Cuebiq’s Data for Good program. Read on to learn about some exciting new Data for Good initiatives he’s working on, as well as how he interfaces with Cuebiq’s Data Science and Engineering teams to effect positive social change.

Can you tell us about your background and how you came to work at Cuebiq?

My background has traditionally been in international relations and international development. I also worked abroad in tech — I went to Argentina and co-founded an e-commerce software-as-a-service startup, which introduced me to the world of tech and SaaS platforms. After that, I moved back to Boston to run an international development NGO, as social-impact oriented work has always been a passion of mine. I worked there and grew that NGO for five years, and then started looking for a new challenge to give me the opportunity to merge my backgrounds at the intersection of tech and social impact work. 

In my work at the NGO, we were constantly being told to be more data-driven; but in developing countries, a lot of data collection consists of paper-based surveys in communities that are hard to reach. So, I  was really interested in the power of big data and location data to answer sociological questions in these areas at a greater scale. I was also really drawn to the fact that at such an early stage of the company, Cuebiq was already thinking about giving back and creating social value from its data assets.

What is Cuebiq’s Data for Good initiative and how does it work?

Data for Good is our program through which we seek to improve lives through the novel use of location data. We do that in order to provide benefits to the millions of anonymous users who are sharing their location data with us every day. Specifically, we pursue and achieve that mission by supporting academic research and humanitarian initiatives related to mobility. We work with academia and researchers — for example, we’ve done work with MIT Media Lab looking at the impact of economic segregation on the development of urban neighborhoods. We also work with University of Washington and other universities to understand evacuation patterns before, during, and after natural disasters.

Together, we develop research projects where we think our data can make an impact. We seek out projects where the results are actually going to create positive social impact and inform policy. 

What is a Data for Good initiative you’ve worked on that’s been particularly rewarding?

We’ve done a lot of work in disaster response in the past. Through working with academia, we’ve used our data to map evacuation patterns and forecast behaviors for future natural disasters. But now we’re starting to build our capabilities in house to process information on evacuations closer to real time, so that we can provide emergency managers and first responders with insights to help them gain mission-critical awareness on the ground. We’re really excited to be building this out with our Data Science and Engineering teams.

Can you tell us about Cuebiq’s partnership with Politecnico di Milano?

Our relationship with Politecnico di Milano developed organically, since a lot of our data scientists and management team came from Politecnico. As a result of this, researchers at the university were able to see what their alumni were graduating to go off and build using Cuebiq data, and recognized the potential value for different research around the world.

In one such project, Cuebiq is collaborating with Politecnico di Milano to assess “transport poverty” in Maputo, using high-precision location data, with the goal of creating more accessible and inclusive transportation systems in Mozambique. This collaboration is part of the Safari Njema project, funded by the Polisocial Award 2018 by Politecnico di Milano.

How do you interface with Data Science and Engineering to make Data for Good a reality? 

Data for Good would not be possible without our amazing Data Science and Engineering teams. Specifically, we see in them a really strong ethical imperative and enthusiasm for participating in Data for Good projects, whether it be creating new data sets for specific use cases like mapping evacuations, or figuring out how we can better deliver data for population-sparse areas of the world. These teams are always really proactive about problem-solving, to make sure our partners have the data they need to do research that will deliver a high impact downstream.

Our Data Science and Engineering teams are also developing cutting-edge techniques related to differential privacy in order to better prevent misuse while preserving the data's utility for aggregate analyses of human mobility.

What has been the most challenging part of building out Cuebiq’s Data for Good program?

We’re a fast-growing startup, so making sure we have the human resources to work on Data for Good initiatives could potentially be a problem. However, we’ve been lucky to have a very dedicated team supporting Data for Good, not only in Data Science and Engineering, but across the board, from the executive team throughout the entire organization. This will only improve as we expand our technical human resources — we’re always looking for new Data Science and Engineering talent who are interested in contributing to these initiatives.

What do you see as the future of Cuebiq’s Data for Good program? How do you anticipate it will grow or change?

I would say I think that Data for Good is most successful when we’re bringing diverse groups of stakeholders to the table, not only on the researcher or Data Science side, but also on the practitioner side. That’s why we’re excited to be working with partners like the World Bank and UNICEF — it takes the work we’ve been doing on the research side and puts it into practice, to help inform policy-making. At the end of the day, the data is most powerful when it’s put in the hands of people on the front lines of these issues.

Interested in working at Cuebiq? If so, be sure to check out our careers page for new job openings.

The post Data for Good: Providing Social Value Through Location Data appeared first on Cuebiq.

A few years ago, we hosted a pivotal company-wide retreat in Nassau, Bahamas. Company culture is integral to working at Cuebiq, and the theme was “Cuebiq Connect.” All the events we participated in were grounded in this concept, including various workshops, games, and dinners. One of the main exercises of the retreat was brainstorming and developing Cuebiq’s core values. The goal was to establish values that everyone in the company could agree on and embody in the workplace. 

We spent hours discussing what different ideas meant to us, presenting our thoughts to coworkers, and voting on which values were our favorite. In the end, the leadership team selected five values based on our conversations, and these have become intrinsic to life at Cuebiq. This process allowed every employee to have a say, and so it resulted in a set of values that feel authentically us. Here at Cuebiq, we live by these five values and let them guide our beliefs, decisions, and actions.

1. Connectivity

Just as Cuebiq connects data to create insights, Cuebiqers connect to each other to increase operational empathy, better ourselves and our clients, and achieve more as a team. We strive for open dialogue across the company and do all of our work on interactive platforms like Slack and Google Drive. Connectivity is an elemental part of our collaborative company culture. We empower our employees to think outside the box and use active listening to affirm their ideas. We also place importance on bonding outside work — there are weekly happy hours in the office; softball, soccer, and bocce teams; as well as a book club and Italian language lessons, just to name a few.

Our retreats are a great example of how Cuebiq stays connected, especially with offices around the world. It’s crucial to communicate frequently and effectively between Milan and New York so that everyone is on the same page. In the Bahamas, the entire company came together, and we got to know our coworkers from NYC, Milan, Washington DC, and Chicago. This was an excellent opportunity to have conversations face-to-face, without time zones and an ocean between us.

2. Transparency

Transparency is critical at Cuebiq and involves being honest, providing feedback, and ensuring clear communication in order to instill trust among coworkers and clients. Internally, teams are encouraged to talk openly about problems, challenges, priorities, and goals. We share our projects with each other and make them easily digestible and accessible to establish a common understanding across departments. There is a delicate balance between privacy and transparency, and we aspire to maintain the highest level of integrity both internally and externally in how we manage this balance in our projects and relationships. 

Transparency has played a massive role in our growth as well as in our data collection strategy. This past June, we launched our Consent Management and Data Provenance (CMDP) solution, which enables users, partners, and customers to provide proof of consent and data provenance across all Cuebiq solutions. This blockchain-based solution promotes transparency, so that Cuebiq customers making an information or product request can be fully assured that the data they use is always compliant with GDPR and CCPA.

3. Customer Centricity

At Cuebiq, our customers are our priority. We power long-term relationships with them (as well as partners, internal stakeholders, and data subjects) by building trust, solving problems, and adding value to their investment. All of our actions are aligned with customer needs based on feedback and analysis. We keep customers constantly informed and pride ourselves in anticipating issues before they happen. We tackle complex customer challenges with comprehensive solutions and always aim to provide the most positive customer experience we can.

4. Innovation

Innovation is key in our fast-paced, data-driven world. At Cuebiq, we value ideas that challenge the status quo, disrupt the market, and provide thought leadership. We cherish intellectual curiosity and we learn from our mistakes. We have a bold, “fail fast” approach to what we do, which creates an environment conducive to creativity and respect. We are also always forward-thinking, and we consider our current privacy policy “future-proof.”

One way in which we’re innovating outside the typical scope of our business is by using our data to support nonprofits and universities. We call this our Data For Good initiative, and through it we’ve contributed to hurricane relief assistance and natural disaster planning. In one of our most recent projects, we partnered with MIT to use our offline first-party location data to understand spatial economic inequality in Boston. 

5. Get Shit Done

This value is all about putting our ideas into action, and it showcases who we are — passionate, resourceful, accountable, and committed. Our objective is to achieve our common goals and deliver measurable results at the right pace with excellent quality. This mindset keeps us innovative and easily adaptive to change. We don’t take “no” for an answer and we don’t give up until we find a solution.

Strong core values guide how an organization thinks and behaves, and they result in the most successful business decisions and the strongest relationships because they are authentic to who we are. Core values should be visible in every aspect of company operations, and at Cuebiq, they are apparent in everything we do, from groundbreaking nonprofit research to fun after-work softball games.

If you’re interested in learning more about Cuebiq and our company culture, be sure to check out our current job openings.

Cuebiq's Data for Good initiative is being continued with support from the Spectus.ai data cleanroom and their Social Impact professionals. Their commitment to positive social impact through the ethical and responsible use of location-based data makes further insights possible. We invite you to visit https://spectus.ai/social-impact/ for more on contributions to academia and research partners.

The post Cuebiq’s Values: How We Created Them and What They Mean to Us appeared first on Cuebiq.

Originally posted by IAB on 1/22 here.

The recently released IAB guide “Defining the Data Stack” provides a framework for both advertisers and publishers to build or enhance their data stack, depending on where they are in their data capabilities journey. They can gain a baseline understanding of their needs and resources through this guide, as well as learn how each different type of data can enhance business performance when used properly.

Regardless of how your data stack looks or will look, and no matter whether you collect the data directly or leverage second or third-party providers, it is paramount to ensure that the data in your stack be privacy compliant. Given the importance of this topic, we thought it would be valuable to expand upon the information shared in the guide.

How Privacy Impacts Brand Safety

User privacy has moral and ethical implications, which should be key drivers for all players in the ecosystem. But, user privacy is also a business imperative for brands and agencies as they identify the data sets and data partners for their stacks. In fact, in today’s data-driven landscape, brand safety is no longer just about the environment in which ads run, it is also tied to the origin of the data that brands use for their initiatives. For this reason, it is vital that both brands and agencies be aware of and screen their partners’ data collection practices to ensure that they themselves are in a safe position. Consumers  must be satisfied that their rights to understand how their data are used and to protect their privacy are being upheld. The data, after all, is theirs and it belongs to them.  They are asking – rightfully so – for practices that may go beyond existing regulations and grant them the transparency, control, and access to data that they deserve, along with data provider accountability.

The same applies to the advertiser counterparts on the other side of the aisle: publishers. It has been said over and over that data is the new oil, and this is true not just for the brand marketer looking to drive higher campaign ROI, but also for publishers looking to improve the user experience — from content to advertising. Publishers today have an unprecedented opportunity to set the tone of the conversation with their users in the spirit of transparency and accountability, while giving users control and access over the data being collected and used.

Key Privacy Principles for Your Data Stack

So where to start? As you build your data stack, whichever combination of first, second or third-party data you choose to have, you’ll want to ensure that the data was collected in a privacy-compliant manner. Going beyond the formal vetting for privacy compliance, you’ll want to make sure that all data in your stack are subject to four key principles: consent, transparency, control, and accountability — which are essential privacy pillars to achieve a healthy data stack.

Let’s take a closer look at each one of them.

Consent entails ensuring that the user provided consent to collect and utilize their information. To legally qualify as consent in the EU and/or for certain types of sensitive information, such a precise geolocation data, it must be specific, informed, freely given, and unambiguous. Consent is the baseline of the relationship between the user and the entity collecting the data; no data exchange should happen if the owner (aka the user) did not agree to it.

Transparency requires that the user be clear on which information is collected, its uses, and what options they have. This very topic is currently at the center of most data discussions today, because the amount of data that can be collected has grown exponentially over the past decade, thanks to technology. This has caused a shift in the relationship between the user and the entity collecting the data. As a result, users are rightfully asking to be made aware of what data is being collected about them and how it is being used in an easily understandable manner.

With the term control, we refer to the consumer having the ability to opt out of data collection and use, and even erase the information previously collected, if they so desire. It is an important standard because it contributes to the creation of a principled ecosystem that honors user rights.

And last but not least, accountability is an organization’s ability to demonstrate its privacy program and the steps taken to ensure compliance. Accountability is crucial in establishing a trusting relationship with both the end user and prospective business partners, as privacy scrutiny increases across the board.

In December 2018, the Business Roundtable (BRT), a leading industry advocacy organization comprised of over 200 corporate CEOs, released a framework for a national consumer data privacy law. Interestingly, the document calls for federal regulation to protect consumer rights regarding personal data, focusing on the key pillars discussed above. Whether or not we’ll move in such direction, privacy is a global issue, and a principled approach to privacy centered on consent, transparency, control and accountability will be beneficial to all stakeholders—end users, brands, publishers, and data companies alike—ultimately leading to a more productive brand-consumer and publisher-consumer relationship.

The post Privacy: What to Keep in Mind as You Build Your Data Stack appeared first on Cuebiq.

Privacy is at the center of most data discussions today. The General Data Protection Regulation (GDPR) is set to go into effect in the EU at the end of May, which is a key first step toward ensuring end-user privacy and transparency in data collection processes. However, there is more that can — and should — be done to champion users’ rights, in addition to embracing a GDPR-compliant framework. With new technologies, there’s a new solution possible to alleviate privacy concerns, and that is to create an economy based on data.

How To Achieve a Safe Data Environment

Data is a major asset to companies and society as a whole, with the power to drive business and also have a positive impact on the community. Given the importance of data to our ecosystem, it’s paramount that individuals who elect to share their data be able to do so securely. Professor Alex “Sandy” Pentland, the Toshiba Professor of Media Arts and Sciences at MIT, offers a solution to achieve this safe data environment, in the form of a set of rules he’s coined “The New Deal on Data.” His idea is to redistribute the ownership of data in favor of the individuals whose data is collected. This way, end users not only have agency over their own data but can also derive value from it.

In order to achieve this paradigm, data must be treated as an asset and regulated as such. In an interview with Harvard Business Review, Sandy Pentland posits, “People say personal data is the new oil of the internet. What they mean is that it’s a new asset class, a new value, a new money. And we don’t have the regulations to treat it like the value class it is. We need data banks. We need data auditing.” As with any currency in our society, data must be regulated. Without regulation, data disasters can occur and cause end users to revolt, provoking regulators to outlaw data collection altogether — which would be a major setback for innovation.

How We Handle Data at Cuebiq

Here at Cuebiq, we embrace Pentland’s vision and think it would enable the data-driven ecosystem to provide economic value not just for data companies and their clients, but also for end users. All parties involved must derive value from the data-driven ecosystem in order for it to grow and prosper.

But how can we realize a system that both regulates data collection and creates value for end users? The answer is through new technology such as blockchain, which has the capacity to create an open data marketplace. Since blockchain technology functions in a decentralized manner, transactions no longer require intermediaries, so users can make their own choices and retain control of their data. Through smart contracts, which automatically enforce the conditions of an agreement, users can be sure all transactions are credible. Blockchain also offers absolute security, using cryptography to record transactions chronologically and publicly, creating a completely transparent ledger. In this way, end users can see who is leveraging their data and to what end.

Now for the value creation piece. Blockchain technology also has the ability to create cryptocurrencies, such as Bitcoin. It’s possible for end users to benefit from sharing their data by receiving cryptocurrency in exchange. Thus, end users — the true data owners — can license the IP of their own data. This vision is a next-generation economic model that effectively incentivizes all parties in the data-driven ecosystem, ensuring that everyone both adds and derives value.

How Everyone Benefits from Consumer Buy-In

When users benefit from sharing their data in a safe way, a chain reaction occurs. More users will share their data, which will create a better quality big-data ecosystem, thus improving AI developments, and ultimately leading to major advances for society as a whole. For example, let’s consider the healthcare industry. If users were guaranteed privacy and some kind of benefit for sharing their data, more users would share data, creating a massive pool of health-related data, which could expedite health care developments such as discovering new drugs and ultimately save lives. This positive feedback loop applies not only to health care but to pretty much any industry.

An open data marketplace would benefit data companies, publishers and end users alike. Not only would it provide a solution to the recent privacy issues surrounding transparency and IP asset security, but it would create much-needed value for the end user.

To find out more about how we handle data at Cuebiq, contact us today.

The post How an Open Data Marketplace Would Benefit Consumers and Companies appeared first on Cuebiq.

If you’ve been keeping up with the news lately, you’ve probably heard a lot about the General Data Protection Regulation (GDPR). This regulation has far-ranging implications for companies, so it’s critical for anyone involved in data collection and usage to understand it. We know this regulation can seem convoluted, so we’ve compiled answers to some of the most common questions about the GDPR below.

What exactly is the GDPR?

The GDPR is a new set of rules around data privacy, set to go into effect in the EU on May 25, 2018. The main objective of the regulation is to give end users greater control over their data. While consumers are often prepared to allow companies to access their data in order to improve their user experience, they expect their data to remain private and secure. Some consumers may not want to share their data at all. The GDPR provides a comprehensive set of data collection rules that require companies to obtain user consent and exhibit transparent processes when collecting data from users.

Why does the GDPR matter?

The GDPR is important because it establishes much-needed rules on data privacy. Not only will this regulation benefit marketers in the long term, but it will also benefit end users and ultimately society as a whole. For marketers, the GDPR will enhance transparency between brands and consumers. Transparency often leads to greater trust, and to a more productive brand-consumer relationship.

For end users, the GDPR will ensure all personal information is kept private and secure, and that the end users are informed at every stage of the data collection process. For society at large, the GDPR will promote a healthy data environment, also enabling organizations to use anonymous, privacy-compliant data and analytics for the good of the community.

An example of how data can help drive innovation and enhance the quality of life around the globe is through not-for-profit initiatives, such as our Data for Good program, which we launched in 2017. Through Data for Good, we partner with 25+ universities and nonprofit organizations to support causes such as natural disaster planning and relief, quality of life improvement in underserved communities, prevention of epidemic spreading, and smart city development.

How is Cuebiq preparing for the GDPR?

Cuebiq has been committed to protecting users’ privacy from day one. We strive to be at the forefront of global industry privacy standards, and we have taken specific measures to do so. To start, we have a direct relationship with our partner apps, which means we give users full control over whether they share their location or not. We also work closely with and are certified by industry privacy associations such as NAI, which stipulates that all data Cuebiq collects and manages must meet specific privacy regulations, and TrustArc, which provides users with an additional opportunity to opt out from our location data gathering.

As for GDPR preparation, we have been working tirelessly over the past nine months to get ready for the regulation to take effect and ensure we will be 100% compliant when it does. We’ve been pouring resources not only into our own technology to make sure it’s compliant but also into working with our partner apps to support them as they prepare for the regulation.

We can help you prepare for the GDPR. Contact us.

Here’s a breakdown of each of the key GDPR compliance steps, along with the actions we’ve taken to ensure we will be ready when it goes into effect:

1. User Consent

The GDPR requires businesses to request and receive consent from users in order to collect and utilize their data, to clearly inform users about data collection, and to enable users to withdraw consent just as easily as they were able to give it.

Thanks to our proprietary data collection methodology, we only process de-identified data from users who opted in to share location with our partner apps, and we allow users to easily opt out through device settings. 

2. User Rights

Under the GDPR, European nationals have the right to access and control their data.

We will manage and protect users’ rights through a proprietary mobile application, which will be available for both Android and iOS, and will empower users to exercise their rights by establishing a one-to-one communication channel to make sure all requests are properly documented and addressed.

3. Privacy by Design and Security

Under the GDPR, privacy and data protection will be required at the start and throughout all projects’ life cycle. Companies will have to ensure that private information is properly encrypted and that they appoint a Data Protection Officer.

We already implemented technical, administrative, and physical measures and safeguards to guarantee compliance of our data security systems, and we identified a Data Protection Officer who will enforce all security requirements.

Why should a GDPR-compliant framework be embraced beyond the EU?

We believe the GDPR is the gold standard for user privacy, and we hope that the entire mobile apps ecosystem will embrace a GDPR-compliant framework, giving end users greater control and transparency over their data. To this end, Cuebiq has started and will continue working with all of our partner apps, not just the ones with users in the EU, to adopt such a framework.

Privacy compliance is a global issue, and we believe that this approach to privacy and transparency will be beneficial to all stakeholders: end users, app developers and data companies alike.

Do you have questions about preparing for the GDPR? Lets talk. Fill out this form and we'll be in touch.

Cuebiq's Data for Good initiative is being continued with support from the Spectus.ai data cleanroom and their Social Impact professionals. Their commitment to positive social impact through the ethical and responsible use of location-based data makes further insights possible. We invite you to visit https://spectus.ai/social-impact/ for more on contributions to academia and research partners.

The post Embracing a GDPR-Compliant Framework on a Global Scale appeared first on Cuebiq.

This article was written before Cuebiq deprecated our SDK, which you can learn more about in this blog. We've left the following information up as it may offer offer additional insights and context.

Cuebiq has embraced privacy as a core value from the very start.  As we continue to evolve our approach to privacy with each new regulatory advance, such as with GDPR and CaCPA, it’s important to ground ourselves in several central principles to guide our efforts. Cuebiq’s privacy program revolves around 4 key principles: Consent, Transparency, Control, and Accountability.

Let’s focus on two of these today: Consent and Transparency - which often go hand-in-hand to legitimize the other.

Consent is the most privacy compliant method to gain a legal basis for the collection and processing of a user’s data but it must be specific, informed, freely given, and unambiguous to qualify.  

When it comes to precise location collection, there is some debate if the default operating system consent language qualifies as “specific and informed” if data is shared with 3rd parties, such as Cuebiq, for further use in areas such as interest based advertising. Even when these disclosures are provided in the App’s privacy policy. Fortunately pure analytics use cases are rarely caught up in this argument and are the foundation of Cuebiq’s purposes for data collection.

To address these concerns, Apple now offers App Publishers the ability to alter the default precise location language to add more detail.  This is a great opportunity to include third parties that App Publisher may be working with but there are other options as well. A more natural consent flow for bundled consent (meaning third party and first party data collection is tied to the same consent) is to offer greater transparency as to the scope and purpose of data collection, which includes third party partners, prior to then asking for precise location consent.

How does this look?  Upon opening an app the user is told in a modal dialogue what information is about to be collected and for what purposes if they select the “Allow” option when the precise location consent appears.  Once the user selects “Proceed” the next modal dialogue shown is the default one from the OS. Now when the user selects “Allow” they have the full context of what this permission entails.

Another approach would be to unbundle the consents and simply provide an independent consent dialogue for the collection and use of precise location data by a 3rd party partner.  Cuebiq supports both options natively in our latest SDK and further supports all 26 official languages in the EEA (European Economic Area). It’s important that App Publishers consult with their legal teams on their options as EU regulators have strong opinions as to the legitimacy of bundled consent approaches.

While the consent flow addresses many questions about how “specific” a consent is, any consent would not be deemed valid if it is not also “informed”.  This is where the “say what you do; do what you say” principle of transparency comes into play.

While Cuebiq’s privacy policy goes into incredible detail about our data collection and use practices, it is vital that our App Publishing partners support this within their own Privacy Policies as well.  This way users always have a quick, contextual location in which to learn (or remember from their initial consent) the scope and purposes of precise location and related data that may be collected by Cuebiq.  This is foundational to support the consents we receive as “informed” and therefore, valid under the law. Cuebiq offers our App Publishers with model language but are always open to this being expanded, especially when an App Publisher is attempting to cover multiple partners in as compact a privacy policy they can manage.

I’ll be back to discuss these principles more and the others, Control and Accountability, in future blogs.  

It’s important to stress that we’re all in this together. The entire app ecosystem, 1st parties and 3rd parties alike, are under constant and growing pressure to focus on privacy matters.  We invite our partners to join Cuebiq in our principled approach to privacy fundamentals so we can collectively rise above the chatter and be easily identified as those that embrace privacy best practices.

The post A Principled Approach to Privacy appeared first on Cuebiq.