Privacy Chain Overview & Update

From IIW

Privacy Chain Overview & Update


Wednesday 8F

Convener: Wendell Baker

Notes-taker(s): Wendell Baker & Michael Becker


Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


1. Notes received from Wendell Baker:


IAB Privacy Chain Working Group – link to presentation:

https://docs.google.com/presentation/d/14op9-wsNqXOvZt65PrVs_-kgoKvzbGaZAzhDoWzVi5c/edit?ts=5cccbc5d#slide=id.p


2. Notes received from Michael Becker:


Michael Plumber @GroupM is leading commercial end of the PrivacyChain discussion, 

Wendell Baker @Verison is spearheading tech discussion (note: Verizon has its own implementation to manage consent receipts for over 20 million consumers; however, it is also supporting the development of an interoperable standard so that consent receipts can work across companies.)


We discussed the IAB Privacy Chain, a blockchain-based protocol and ‘system of record’ that allows companies to track users’ privacy consents across complex data supply chains. IAB released the protocol Oct. 2, 2018. 


According to the IAB "PrivacyChain was designed to solve for a major industry problem: as the data ecosystem has fragmented and companies collect or update hundreds of millions of consents a year, it has become incredibly difficult to ensure that all members of a data supply chain have the most current consents. The protocol will allow companies to more easily manage and control how they handle and share users’ personal data, while providing users control over opt-in and opt-out."


See IAB Release, https://www.exchangewire.com/blog/2018/10/05/iab-tech-lab-releases-privacy-chain-for-public-comment-interbrand-releases-2018-best-global-brands-report/

The PrivacyChain code is on GitHub, https://github.com/InteractiveAdvertisingBureau/PrivacyChain

Similar topic, IAB Transparency and Consent Framework (TCF), see https://iabtechlab.com/standards/gdpr-transparency-and-consent-framework/. 


IAB has had success in development these type of standards, e.g. IAB Open RTB Standard.


Challenge

  • It is difficult for publishers to manage consent receipts; ideally find some standardization amongst CMPs. 
  • Manage legitimate interests for access to data 
  • Solicit and manage positive consent and identifiers across companies that can be verified and audited
  • Managing different tracker methods: cookies, Digiturst IDs, IDFA, GPSAID, Universal Id
  • Develop standardized agreements across verticals 
  • Industry needs organization to run the hyperrledger to mange consents 
  • Addressing fraud issues (Brands lose $6~$19B lost every year to ad fraud)
  • Understand business model - how much would a brand pay for consent compliant traffic


Other Consent Receipt Frameworks

  • Kantra
  • JLINC 
  • Other CMPs, consent management platforms 

PrivacyChain to role out in phases - V1: Consent, V2: handle context and data attributes; key features: Write consent, verify consent, revoke consent. 


User visits publisher site, provides consent>>Publisher SSP (Supply Side Platform) signals that it has audience member that has given consent, places “receipt” in hyprledger<>Brand/Agency DSP (Demand Side Platform) checks PrivacyChain to verify const consents, if there is consent bids on ad and delivers content. 


Initially there is no plan to integrate PrivacyChain with personal data stores; would be useful to discuss how personal data stores play in this process so that individuals can also have a record of their consent.