30 January 2020, London - Anonos®, the leading data privacy and enablement technology provider, Acxiom®, the data and technology foundation for the world’s best marketers; and the Information Accountability Foundation (IAF), the preeminent global information policy think tank, today announced the formation of a ‘5th Cookie’ working group that supports exploration of using GDPR recommended technical and organisational safeguards to enforce greater accountability and ethics across the AdTech real-time bidding (RTB) ecosystem.
The ICO issued a June 2019 report highlighting shortcomings of the RTB industry in complying with data protection requirements under the GDPR. In follow up to the ICO report, two principal alternatives have evolved to solve the AdTech problem:
While these alternatives have merit, the founding participants in the 5th Cookie working group believe that a third alternative, supporting a democratized cooperative model, should also be evaluated. If a decision is made to go one of the other directions outlined above, members of the 5th Cookie working group believe it should be a conscious decision after evaluating the merits of all alternatives, including consideration and evaluation of a GDPR influenced model.
Gary LaFever, CEO and General Counsel at Anonos, said: “The GDPR highlights pseudonymisation as a recommended technical safeguard. Pseudonymisation - legally defined for the first time at the EU level in the GDPR, with a heightened standard relative to past practices - is a new state-of-the-art process that substantially improves privacy protections, that when coupled with proper legitimate interest assessments, could expand the potential uses of personal data beyond those relying on consent alone. In more than a dozen places, the GDPR links pseudonymisation to express statutory benefits. Under the GDPR, pseudonymisation is an established legal standard that allows all sides to ‘win’ by balancing data protection and innovation. The 5th Cookie model embraces GDPR compliant pseudonymisation and data protection by design and by default to support GDPR compliant Legitimate Interest processing as a complement to consent.”
Dr. Sachiko Scheuing, European Privacy Officer for Acxiom, said: “Augmenting the options of so-called walled gardens and contract-focused solutions with GDPR pseudonymisation-enabled micro segmentation techniques is consistent with the principles embodied in Acxiom’s Data Ethics by Design framework. The 5th Cookie model could provide consumers with enhanced privacy while allowing effective marketing for brands. Acxiom is committed to helping ensure data flows around the AdTech space in a way that complies with legislation and achieves ethical use, enabling data to be used to provide both maximum value for brands and privacy for consumers.”
Martin Abrams, Chief Strategist at the Information Accountability Foundation (IAF), said: “There is a growing sense that observation, while necessary for many applications to work, is out of control, creating new dangers for individuals and society. The 5th Cookie model provides a metaphor for policymakers to differentiate between the underpinnings required for lawful targeted marketing of products and services and improper persuasive communications that can become potentially toxic. In today’s data-driven world, new technical measures are necessary, working hand-in-glove with clear policies, to balance data innovation and the assurance of the full range of individual rights. Consent by itself is no longer enough. This can be achieved by delivering ‘demonstrable accountability’ leveraging auditable and documented technical safeguards that regulators can use to verify compliance.”
The 5th Cookie model provides strong support that Legitimate Interest based AdTech processing is possible. As a result, everyone committed to ethical data stewardship, from the smallest players to the largest brands, can participate in digital marketing. Data subjects could be reached by advertisers as members of small, dynamically changing groups called micro-segments. Each micro-segment would represent the individuals included within the group, and based on individual characteristics, data subjects could be included in multiple micro-segments. The composition of micro-segments would change dynamically to reflect the individuals, corresponding to the specified characteristics associated with the micro-segment.
Advertisers could reach groups of people representing the segments in which they are interested. However, data subjects would be approached as members of groups and not as individuals. It would be up to each data subject to ‘raise their hand’ and identify themselves if they want to respond to an advertisement. Crucially, at any time, they could opt out of being included in further micro-segments-based marketing and outreach.
The first step is consent to Data Collection. There are three different categories of data that a data subject can consent to the processing of:
The second step involves the processing of data using legitimate interest-based processing leveraging GDPR Pseudonymisation and Data Protection by Design and by Default to create dynamically allocated micro segments.
The third step involves reaching out to consumers as members of micro segments.
The ‘5th Cookie’ working group will publish more details regarding the 5th Cookie initiative over the next several weeks. Parties interested in potentially joining the working group can send their information to: questions@5thCookie.com
Anonos enables lawful analytics, AI and ML that preserves 100% of data accuracy while expanding opportunities to ethically share and combine data. Anonos Pseudonymisation and Data Protection by Design & by Default technology reconciles conflicts between protecting the rights of individuals and achieving business and societal objectives to use, share, combine and relink data in a lawful manner. Anonos patented Variant Twins® enable sharing, collaboration, and analytics of personal data by technologically enforcing dynamic, fine-grained privacy, security and data protection policies in compliance with the GDPR, CCPA and other evolving data privacy regulations. https://www.anonos.com
Acxiom provides the data and technology foundation for the world’s best marketers. We enable people-based marketing everywhere through a simple, open approach to connecting systems and data that drives seamless customer experiences and higher ROI. A leader in identity and ethical data use for more than 50 years, Acxiom helps thousands of clients and partners around the globe work together to create a world where all marketing is relevant. Acxiom is a registered trademark of Acxiom LLC. https://www.acxiom.com/
About Martin Abrams:
Martin Abrams, who serves as Chief Strategist for the Information Accountability Foundation (IAF), has 35 years of experience as an information and consumer policy innovator. Multi-stakeholder collaboration has been a key for Abrams in developing practical solutions to dilemmas in information policy. His most recent work has been on big data governance and privacy compliance driven by demonstrable data stewardship. His work is often reflected in new laws and regulatory guidance in jurisdictions from Asia, across Europe and in the Americas. He has been a key advisor to four International Conference of Data Protection and Privacy Commissioners. He has been deeply involved in the development of the APEC Cross Border Privacy Rules and has also been involved with the OECD Working Party on Information Security and Privacy. Abrams continues to seek practical solutions to assure information driven innovation with personal dignity. http://informationaccountability.org/executive-director/