Demonstrating Trust in Programmatic Advertising Part II: Data Privacy and Security

Posted on May 01, 2019
By Praveen Rajaretnam, Senior Product Marketing ManagerSenior Product Marketing Manager

An important aspect of trust is not to ask for it, but rather to be able to establish it through demonstrable measures and efforts. Trust is more than just talking about it on a website, or at a conference. It needs to be followed through with action.

We sincerely hope that all players - from publishers, ad exchanges and supply-side platforms to agencies and demand-side platforms - are willing or able to do this.

This is especially important in the context of increasing security incidents at adtech firms.

Trust includes transparency, data privacy and data security, measurement product partnerships and audits, including around fraud and brand safety.

We had discussed transparency in detail in our previous post. In this article, we will focus on data security and privacy.

How Data Security and Privacy Impact Programmatic

Demand-Side Platforms (DSPs) have access to massive amounts of advertiser data. This may include information from events such as registrations, purchases, search keywords, products visited, etc., which is further enriched (where permitted) with third-party data to get a complete picture of the user’s interaction with advertising and their browsing behavior and interests.

When such volume of user data, which under certain jurisdiction(s) may potentially be deemed to be personal data, is handled, two questions need to be answered:

  1. How is the data being processed and stored?
  2. How is the data being used to optimize campaigns?

Evaluating a DSP’s Data Governance Capabilities

The critical questions with regard to personal data include:

  1. Is the DSP’s data ingestion and storage endpoints secured? Do they have firewalls, intrusion prevention systems and other security measures in place?
  2. What industry standards and/or regulations do they adhere to? For example, are they GDPR compliant in respect of European Economic Area (EEA) user’s personal data?
  3. Is access to the data controlled (principle of least privileges)? Are access control mechanisms enabled and logged?
  4. How long does the DSP store data, and is it encrypted?
  5. Does the DSP have a policy on reporting data breaches?
  6. How is the data being used to optimize campaigns of other advertisers?
  7. Does the DSP have a fault-tolerant infrastructure to ensure continuous availability?

How does InMobi DSP Approach Data Security and Privacy

Here we will define our tech and explain our principles of processing and storing data, along with how we make it available to advertisers while adhering to the highest data privacy standards. How did we design a secure platform and how it is independently audited on a regular basis?

Data Security

All personal data of advertiser’s users along with other user data sets (if requested by advertisers) are maintained in silos, completely secure and confidential as per stringent requirements and processes, in accordance with internal privacy practices and policies which are based on privacy by design. Some of the measures typically undertaken are:

  1. Personal data of EEA users are collected and stored in compliance with GDPR regulations.
  2. Personal data is encrypted at rest.
  3. Personal data is transported over SSL/TLS.
  4. Personal data is deleted on request OR pre-specified time-to-live (TTL).
  5. Systems that consume personal data are enabled with access-controlled, limited and logged protocols.
  6. Offline access for campaign improvements will be logged.

Data Privacy

  1. All data ingested, stored, processed and shared is compliant with applicable international privacy laws.
  2. Personal data is never collected without user consent.
  3. Only non-Personal data is processed for marketing, data analytics and targeted advertising purposes.
  4. In cases where personal data can be collected as per legal requirements, it is one-way encrypted before being stored.
  5. All InMobi DSP data is stored on Microsoft’s secure Azure cloud platform. As a strategic Tier-I partner of Microsoft, periodic audits are conducted by Microsoft to ensure protection, control and management of all first, second and third party data.

It is imperative for all companies in the advertising ecosystem to increase transparency in their products and operations in a demonstrable fashion to earn and maintain the trust of advertisers. It is on ecosystem players to manifest this through tangible, practical steps implemented to raise the levels of transparency, trust and accountability.

LEARN MORE

About the Author

Praveen Rajaretnam has over a decade of experience in mobile marketing and growth marketing. He started his career as an engineer at a cybersecurity firm, working on automation and performance testing. Praveen also started a social commerce firm, running marketing and growth strategies there. He spends considerable time researching anti-fraud methodologies, attribution mechanisms and real-time bidding technologies.