SlideShare a Scribd company logo

Presentation to FTC technology taskforce

Johnny Ryan
Johnny Ryan

Deck covering RTB privacy problems, online media and advertising market problems, and solutions. Washington, DC, early June 2019.

Law
1 of 111
Download to read offline
RTB€13B in Europe $19.6B in US
“Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
The Daily Bugle
The Daily Bugle ExchangeExchange Exchange Exchange
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
? ? The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ? ? ? ? ADVERTISEMENT ?
? ? The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ? ? ? ? ADVERTISEMENT ?
Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
French regulator caught it with 68 million illegal RTB records. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
Is 68 million just 30%?
Is 68 million just 30%? Then this small company was sent personal data ¼ BILLION times via RTB (in just one year)
website.com This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server website.com Ad server javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP website.com Ad server javascript SSP javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange website.com Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Step 6. Exchange serves winning bid Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of data leakage Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
WHAT’S IN A BID REQUEST?
IAB OpenRTB Google Authorized Buyers
The website this specific person is currently viewing Various ID codes that identify this specific person, and can tie them to existing profiles Distinctive characteristics of this specific person This specific person’s IP address Distinctive information about this specific person’s device Distinctive information about this specific person’s device This young woman’s GPS coordinates!
HUNDREDS OF BILLIONS OF RTB BID REQUESTS, EVERY DAY. Index Exchange 50 billionii OpenX 60 billion+i Rubicon Project Claims to reach 1 billion people’s devicesiii PubMatic 70 billion+iv Oath/AOL 90 billionv AppNexus 131 billionvi Smaato 214 billionvii Google DoubleClick Unknown, but live on 8.4 million websites. i. “Tour IX’s Amsterdam and Frankfurt Data Centers”, Index Exchange, 2 July 2018 (URL: https:// www.indexexchange.com/tour-ix-amsterdam-frankfurt-data-centers/). ii. "OpenX Ad Exchange", OpenX (URL: https://www.openx.com/uk_en/products/ad-exchange/). iii. “Buyers”, Rubicon Project, (URL: https://rubiconproject.com/buyers/). iv. "How PubMatic Is Learning Machine Learning", PubMatic, 25 January 2019 (URL: https://pubmatic.com/ blog/learning-machine-learning/) v. "Maximize yield with Oath's publisher offerings", Oath, 3 April 2018 (URL: https://www.oath.com/insights/ maximize-yield-with-oath-s-publisher-offerings/) vi. 500 Billion / 29.6 = 18.6 billion impressions per day. Using AppNexus 1:11.5 ratio, this is 214 auctions per day. 500+ impressions figure cited in “Optimize your mobile strategy”, Smaato, (URL: https:// www.smaato.com/). vii. “Transacting at a peak of 11.4 billion daily impressions, our marketplace handles more traffic each day than Visa, Nasdaq, and the NYSE combined” at https://www.appnexus.com/sell. Note that in 2017, AppNexus said in “AppNexus Scales with DriveScale”, 2017, (URL: http://go.drivescale.com/rs/451-ESR-800/images/ DRV_Case_Study_AppNexus-final.v1.pdf) that 10.7 billion "impressions transacted" came as a result of running 123 billion auctions. The impressions transacted to auctions ratio appears to be roughly 1:11.5. Therefore, the 11.4 daily impressions reported in 2018 equates to 131 billion auctions per day. Leading RTB exchanges, daily bid request estimates
“broadcast”
Everybody can be profiled
GDPR, Article 5 (1) (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
WITHOUT SECURITY, TRANSPARENCY & ACCOUNTABILITY ARE IMPOSSIBLE.
EVERY ONLINE PERSON CAN BE PROFILED
Consent (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
Non-compliant GDPR consent (IAB Europe website)
[Site] and our partners set cookies and collect information from your [browser] [device] to provide you with [website] content, deliver relevant advertising and understand [web] audiences. [View partner info] We use technology such as cookies on our site to collect and use personal data to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our partners who also use technologies such as cookies to collect and use personal data to personalise content and ads, to provide social media features and to analyse our traffic on our site and across the internet. View info on our partners and their use of this data. You can always change your mind and revisit your choices. OK Manage use of your data Appears to be hard to not give consent breach of the GDPR, Article 4, paragraph 11, and Recital 42, and Recital 32 No mention of the duration for which data are stored. breach of the GDPR, Article 13, paragraph 2, a No precise description of a purpose of processing, and no notification of profiling. breach of the GDPR, Article 4, paragraph 11, and Article 13, paragraph 1, c, and paragraph 2, f, and Recital 60 Conflation of multiple purposes breach of the GDPR, Article 5, paragraph 1, b, Recital 32, and Recital 43. Non-compliant GDPR consent (IAB “Framework")
Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. Viewing 2 of 251 partners Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 View details View details Next Purpose of processing, and notification of profiling. Article 4, paragraph 11, and Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Granular opt-in for several purposes Recital 32, and Article 29 Working Party Guidance November 2017 Details of rights to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Unambiguous, specific affirmative action. Not yes by default. Article 4, para 11, and Recital 32. Contact details of the data controller, and list of categories of processor. Article 13, para 1, a, and Recital 42. Compliant: an opt-in for each processing purpose
Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. Viewing 2 of 251 partners Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 View details View details Next Purpose of processing, and notification of profiling. Article 4, paragraph 11, and Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Granular opt-in for several purposes Recital 32, and Article 29 Working Party Guidance November 2017 Details of rights to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Unambiguous, specific affirmative action. Not yes by default. Article 4, para 11, and Recital 32. Contact details of the data controller, and list of categories of processor. Article 13, para 1, a, and Recital 42. Compliant: an opt-in for each processing purpose
Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Your Rights & Safeguards Data may be processed in the United States. Data Protection Officer Dr Sachiko Scheuing datenschutz@acxiom.com +49 89 857090 Contact Back to list Item 1 of 9 Next contact details of data protection officer. 
 Article 13, para 1, b. Details of international transfers, and related safeguards and rights. 
 Article 13, para 1, f. Compliant: an opt-in for each processing purpose
Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Your Rights & Safeguards Data may be processed in the United States. Data Protection Officer Dr Sachiko Scheuing datenschutz@acxiom.com +49 89 857090 Contact Back to list Item 1 of 9 Next contact details of data protection officer. 
 Article 13, para 1, b. Details of international transfers, and related safeguards and rights. 
 Article 13, para 1, f. Compliant: an opt-in for each processing purpose
Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly Compliant: explicit consent for special categories of personal data OFF “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.
Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly Compliant: explicit consent for special categories of personal data OFF “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.
Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next CONFIRM? Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a. Compliant: explicit consent for special categories of personal data
Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.ON Compliant: explicit consent for special categories of personal data
OFF CONFIRM? Before First Action ON After First Action After Second Action click / tap click / tap Two tap / click / drag actions to signal “explicit consent” Compliant: explicit consent for special categories of personal data
Document: The EU’s proposed new cookie rules Author: IAB Europe Date: June 2017
Document: Pubvendors.json Author: IAB Tech Lab Date: May 2018 (This is the current text, live today)
Document: “Transparency & Consent Framework FAQ” Author: IAB Europe Date: 21 June 2018 (This is the current text, live today)
Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
GDPR, Article 5 (1) (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
European privacy regulators are like ents: Terrifying, once awoken. European privacy regulators are like ents: Terrifying, once awoken.
MARKET CRISIS
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John Worthy sites lose their unique audience, and feed a business model for the bottom of the Web. John
The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot/// Fake How RTB enables to steal from publishers and advertisers. fraudsters
The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad Step 7. De5troyTru5t.com is paid €0.01 to show ad to Bot The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
THE STARVATION OF THE WORTHY PUBLISHER.
INNOVATION
Conventional “Broadcast” Behavioral
Conventional “Broadcast” Behavioral “Local” Behavioral ///
Conventional “Broadcast” Behavioral “Local” Behavioral /// Safe data “Broadcast” Behavioral
Faraday
Personal data in bid requests • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you.* • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. *Depending on the version of “real time bidding” system
• What you are reading, or watching, or listening to. • Categories of the content. • Your approximate location. • General description of your device. • Your approximate IP address. • Impression ID for buyer transparency. Non-Personal data in bid requests Person is in Etterbeek in Brussels. Reading an article about Tesla motors on TechCrunch. Using Safari on a Mac.
This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. -GDPR, Article 2 (1)
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Buyer Seller Extracts 70-55% of buyer’s media budget. Distribution Marketer $ DMP DSP Ad Exchange SSP Site Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB Victims of massive fraud. 2019 estimates range from $5.7B (ANA) - $42B (Juniper Research).
Buyer Seller Extracts much lower % of buyer’s media budget. Distribution Unique audience become immune to commodification and arbitrage. No opportunity for untrustworthy sites. Bot fraud reduced. Bot fraud opportunity reduced. MARKET OVERVIEW (POST-FIX) NON-PERSONAL DATA IN IAB / GOOGLE RTB Marketer $ DMP DSP Ad Exchange SSP Site
N20 C02
Fossil Fuel Renewable Energy N20 C02 Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY
Ads (Ethical Data)Ads (Conventional Data) Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY Personal data Non-personal data Fossil Fuel Renewable Energy N20 C02
Ads (Ethical Data)Ads (Conventional Data) Ads (Ethical Data) Personal data (protected & lawful) // + Classic Cars + Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY Fossil Fuel Renewable Energy N20 C02 Personal data Non-personal data
Cascading monopolies
Ring-fenced data. Each purpose for which you use my personal data requires a separate legal basis Purpose limitation As easy to withdraw as it was to give, and can be withdrawn without detriment. Consent+ = Freedom The market of users will decide when to “break up" the companies, and when to “un-break” them up. Big tech companies “cross-use” personal user data from one part of their business to prop up others. This stifles competition and innovation. But, data protection law can be an anti-trust tool…
EXAMPLE
1. To display your posts on your Newsfeed 2. To display posts on tagged friends’ Newsfeeds 3. To display friends posts that tag you on your Newsfeed 4. To identify untagged people in your posts 5. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make our Newsfeed more relevant to you. 6. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make ads relevant to you. 7. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, for advertising fraud prevention. “Purposes” when you post on the Newsfeed
Facebook is Hal 9000. Its users are Dave. Facebook is Hal 9000. Its users are Dave.
1 General Data Protection Regulation (2016) 2 Personal Information Security Specification (2017) 3 Act on the Protection of Personal Information 3 Personal Data Protection Bill 4 General Data Protection Act (2017) 5 Personal Information Protection Act (2011) 6 Draft Data Protection Act 7 California Consumer Protection Act (2018) 21% European Union1 15% China2 6% Japan3 3% India3 3% Brazil4 2% South Korea5 Argentina6 1% GDPR emerging as defacto standard for 51% of global GDP US FIPPs EU GDPR
johnny@brave.com @johnnyryan For updates, sign up to Brave Insights, a mailing list for analysts, researchers, and regulators at https://brave.us18.list-manage.com/subscribe?u=e38d85b519352e2b40c9b899e&id=4384bd4cba

Recommended

Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationJohnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 

Recommended

Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationJohnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...Johnny Ryan
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing Johnny Ryan
 
KliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display SolutionKliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display SolutionKliKKi Group
 
Daniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in SingaporeDaniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in SingaporeDanielYen
 
Understanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad BuyingUnderstanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad BuyingIpsos in North America
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...Marketing Festival
 
Bmm aformationdigitale2014
Bmm aformationdigitale2014Bmm aformationdigitale2014
Bmm aformationdigitale2014BMMA - Belgian Management and Marketing Association
 
Welcome DSPs and RTB!
Welcome DSPs and RTB!Welcome DSPs and RTB!
Welcome DSPs and RTB!Conversion Thursday
 
Overview RTB ecosystem
Overview RTB ecosystemOverview RTB ecosystem
Overview RTB ecosystemDheeraj Agrawal
 
Overview RTB ecosystem
Overview RTB ecosystemOverview RTB ecosystem
Overview RTB ecosystemDigital Training Courses in Noida
 
ANTS Programmatic Agency - Credential
ANTS Programmatic Agency - CredentialANTS Programmatic Agency - Credential
ANTS Programmatic Agency - CredentialANTS
 
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...Karunakar Ravirala
 
Progmmatic Buying
Progmmatic Buying Progmmatic Buying
Progmmatic Buying Centre for Digital Marketing & Communication
 
Programmatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel GolubevProgrammatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel GolubevJessica Tams
 
Matiro event rubicon keynote
Matiro event rubicon keynoteMatiro event rubicon keynote
Matiro event rubicon keynoteMatiro
 
The Art & Science of Ad Optimization
The Art & Science of Ad OptimizationThe Art & Science of Ad Optimization
The Art & Science of Ad OptimizationUpsight
 

More Related Content

What's hot

Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...Johnny Ryan
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
KliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display SolutionKliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display SolutionKliKKi Group
 
Daniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in SingaporeDaniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in SingaporeDanielYen
 
Understanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad BuyingUnderstanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad BuyingIpsos in North America
 

What's hot (10)

Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018Brief for World Federation of Advertisers Digital Executive Group, December 2018
Brief for World Federation of Advertisers Digital Executive Group, December 2018
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
KliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display SolutionKliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi ASX (TM) - The Next Generation Online Display Solution
 
Daniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in SingaporeDaniel Yen's Hitwise 2008 Iptv Conference in Singapore
Daniel Yen's Hitwise 2008 Iptv Conference in Singapore
 
Understanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad BuyingUnderstanding Programmatic Digital Ad Buying
Understanding Programmatic Digital Ad Buying
 

Similar to Presentation to FTC technology taskforce

Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...Marketing Festival
 
ANTS Programmatic Agency - Credential
ANTS Programmatic Agency - CredentialANTS Programmatic Agency - Credential
ANTS Programmatic Agency - CredentialANTS
 
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...Karunakar Ravirala
 
Programmatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel GolubevProgrammatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel GolubevJessica Tams
 
Matiro event rubicon keynote
Matiro event rubicon keynoteMatiro event rubicon keynote
Matiro event rubicon keynoteMatiro
 
The Art & Science of Ad Optimization
The Art & Science of Ad OptimizationThe Art & Science of Ad Optimization
The Art & Science of Ad OptimizationUpsight
 
Thomvest Advertising Technology overview - Sept 2014
Thomvest Advertising Technology overview - Sept 2014Thomvest Advertising Technology overview - Sept 2014
Thomvest Advertising Technology overview - Sept 2014andrewtweed1
 
카카오의 광고지능 (Intelligence on Kakao Advertising)
카카오의 광고지능 (Intelligence on Kakao Advertising)카카오의 광고지능 (Intelligence on Kakao Advertising)
카카오의 광고지능 (Intelligence on Kakao Advertising)if kakao
 
Traffic & Conversion Sumit 2018 10X Business Growth
Traffic & Conversion Sumit 2018 10X Business GrowthTraffic & Conversion Sumit 2018 10X Business Growth
Traffic & Conversion Sumit 2018 10X Business GrowthRoland Frasier
 
Digital Advertising & Marketing Entrepreneurship: current building blocks and...
Digital Advertising & Marketing Entrepreneurship: current building blocks and...Digital Advertising & Marketing Entrepreneurship: current building blocks and...
Digital Advertising & Marketing Entrepreneurship: current building blocks and...Elias Gagas
 
Broadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight
 
Broadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight
 
ISS Barcelona 2019: 5 false assumptions about your online traffic
ISS Barcelona 2019: 5 false assumptions about your online trafficISS Barcelona 2019: 5 false assumptions about your online traffic
ISS Barcelona 2019: 5 false assumptions about your online trafficRed Orbit digital marketing
 

Similar to Presentation to FTC technology taskforce (20)

Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)
 
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
 
Bmm aformationdigitale2014
Bmm aformationdigitale2014Bmm aformationdigitale2014
Bmm aformationdigitale2014
 
Welcome DSPs and RTB!
Welcome DSPs and RTB!Welcome DSPs and RTB!
Welcome DSPs and RTB!
 
Overview RTB ecosystem
Overview RTB ecosystemOverview RTB ecosystem
Overview RTB ecosystem
 
Overview RTB ecosystem
Overview RTB ecosystemOverview RTB ecosystem
Overview RTB ecosystem
 
ANTS Programmatic Agency - Credential
ANTS Programmatic Agency - CredentialANTS Programmatic Agency - Credential
ANTS Programmatic Agency - Credential
 
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
 
Progmmatic Buying
Progmmatic Buying Progmmatic Buying
Progmmatic Buying
 
Programmatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel GolubevProgrammatic Ad Mediation | Pavel Golubev
Programmatic Ad Mediation | Pavel Golubev
 
Matiro event rubicon keynote
Matiro event rubicon keynoteMatiro event rubicon keynote
Matiro event rubicon keynote
 
The Art & Science of Ad Optimization
The Art & Science of Ad OptimizationThe Art & Science of Ad Optimization
The Art & Science of Ad Optimization
 
Thomvest Advertising Technology overview - Sept 2014
Thomvest Advertising Technology overview - Sept 2014Thomvest Advertising Technology overview - Sept 2014
Thomvest Advertising Technology overview - Sept 2014
 
An introduction to RTB in the UK
An introduction to RTB in the UKAn introduction to RTB in the UK
An introduction to RTB in the UK
 
카카오의 광고지능 (Intelligence on Kakao Advertising)
카카오의 광고지능 (Intelligence on Kakao Advertising)카카오의 광고지능 (Intelligence on Kakao Advertising)
카카오의 광고지능 (Intelligence on Kakao Advertising)
 
Traffic & Conversion Sumit 2018 10X Business Growth
Traffic & Conversion Sumit 2018 10X Business GrowthTraffic & Conversion Sumit 2018 10X Business Growth
Traffic & Conversion Sumit 2018 10X Business Growth
 
Digital Advertising & Marketing Entrepreneurship: current building blocks and...
Digital Advertising & Marketing Entrepreneurship: current building blocks and...Digital Advertising & Marketing Entrepreneurship: current building blocks and...
Digital Advertising & Marketing Entrepreneurship: current building blocks and...
 
Broadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo Presentation
 
Broadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo PresentationBroadsight - Web 2.0 Expo Presentation
Broadsight - Web 2.0 Expo Presentation
 
ISS Barcelona 2019: 5 false assumptions about your online traffic
ISS Barcelona 2019: 5 false assumptions about your online trafficISS Barcelona 2019: 5 false assumptions about your online traffic
ISS Barcelona 2019: 5 false assumptions about your online traffic
 

More from Johnny Ryan

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Johnny Ryan
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slidesJohnny Ryan
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Johnny Ryan
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Johnny Ryan
 

More from Johnny Ryan (14)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back.
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park.
 

Recently uploaded

如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书SD DS
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 

Recently uploaded (20)

如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
如何办理(GWU毕业证书)乔治华盛顿大学毕业证学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 

Presentation to FTC technology taskforce

  • 1.
  • 3. “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 4. Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 5. Request segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 6. Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 7. Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 8. Serve page Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 9. Serve page Request page Request segment Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 10. Serve page Request page Request segment Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 11. Serve page Request page Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 12. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 13. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 14. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 15. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 22. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
  • 23. French regulator caught it with 68 million illegal RTB records. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
  • 24.
  • 25.
  • 26. Is 68 million just 30%?
  • 27. Is 68 million just 30%? Then this small company was sent personal data ¼ BILLION times via RTB (in just one year)
  • 28. website.com This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 29. Ad server website.com Ad server javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 30. Ad server SSP Step 2. Ad server selects an SSP website.com Ad server javascript SSP javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 31. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange website.com Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 32. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 33. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 34. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 35. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Step 6. Exchange serves winning bid Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 36. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 37. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 38. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of data leakage Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 39. WHAT’S IN A BID REQUEST?
  • 40. IAB OpenRTB Google Authorized Buyers
  • 41.
  • 42.
  • 43. The website this specific person is currently viewing Various ID codes that identify this specific person, and can tie them to existing profiles Distinctive characteristics of this specific person This specific person’s IP address Distinctive information about this specific person’s device Distinctive information about this specific person’s device This young woman’s GPS coordinates!
  • 44.
  • 45. HUNDREDS OF BILLIONS OF RTB BID REQUESTS, EVERY DAY. Index Exchange 50 billionii OpenX 60 billion+i Rubicon Project Claims to reach 1 billion people’s devicesiii PubMatic 70 billion+iv Oath/AOL 90 billionv AppNexus 131 billionvi Smaato 214 billionvii Google DoubleClick Unknown, but live on 8.4 million websites. i. “Tour IX’s Amsterdam and Frankfurt Data Centers”, Index Exchange, 2 July 2018 (URL: https:// www.indexexchange.com/tour-ix-amsterdam-frankfurt-data-centers/). ii. "OpenX Ad Exchange", OpenX (URL: https://www.openx.com/uk_en/products/ad-exchange/). iii. “Buyers”, Rubicon Project, (URL: https://rubiconproject.com/buyers/). iv. "How PubMatic Is Learning Machine Learning", PubMatic, 25 January 2019 (URL: https://pubmatic.com/ blog/learning-machine-learning/) v. "Maximize yield with Oath's publisher offerings", Oath, 3 April 2018 (URL: https://www.oath.com/insights/ maximize-yield-with-oath-s-publisher-offerings/) vi. 500 Billion / 29.6 = 18.6 billion impressions per day. Using AppNexus 1:11.5 ratio, this is 214 auctions per day. 500+ impressions figure cited in “Optimize your mobile strategy”, Smaato, (URL: https:// www.smaato.com/). vii. “Transacting at a peak of 11.4 billion daily impressions, our marketplace handles more traffic each day than Visa, Nasdaq, and the NYSE combined” at https://www.appnexus.com/sell. Note that in 2017, AppNexus said in “AppNexus Scales with DriveScale”, 2017, (URL: http://go.drivescale.com/rs/451-ESR-800/images/ DRV_Case_Study_AppNexus-final.v1.pdf) that 10.7 billion "impressions transacted" came as a result of running 123 billion auctions. The impressions transacted to auctions ratio appears to be roughly 1:11.5. Therefore, the 11.4 daily impressions reported in 2018 equates to 131 billion auctions per day. Leading RTB exchanges, daily bid request estimates
  • 48. GDPR, Article 5 (1) (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  • 51. Consent (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • 52. Non-compliant GDPR consent (IAB Europe website)
  • 53. [Site] and our partners set cookies and collect information from your [browser] [device] to provide you with [website] content, deliver relevant advertising and understand [web] audiences. [View partner info] We use technology such as cookies on our site to collect and use personal data to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our partners who also use technologies such as cookies to collect and use personal data to personalise content and ads, to provide social media features and to analyse our traffic on our site and across the internet. View info on our partners and their use of this data. You can always change your mind and revisit your choices. OK Manage use of your data Appears to be hard to not give consent breach of the GDPR, Article 4, paragraph 11, and Recital 42, and Recital 32 No mention of the duration for which data are stored. breach of the GDPR, Article 13, paragraph 2, a No precise description of a purpose of processing, and no notification of profiling. breach of the GDPR, Article 4, paragraph 11, and Article 13, paragraph 1, c, and paragraph 2, f, and Recital 60 Conflation of multiple purposes breach of the GDPR, Article 5, paragraph 1, b, Recital 32, and Recital 43. Non-compliant GDPR consent (IAB “Framework")
  • 54. Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. Viewing 2 of 251 partners Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 View details View details Next Purpose of processing, and notification of profiling. Article 4, paragraph 11, and Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Granular opt-in for several purposes Recital 32, and Article 29 Working Party Guidance November 2017 Details of rights to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Unambiguous, specific affirmative action. Not yes by default. Article 4, para 11, and Recital 32. Contact details of the data controller, and list of categories of processor. Article 13, para 1, a, and Recital 42. Compliant: an opt-in for each processing purpose
  • 55. Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. Viewing 2 of 251 partners Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 View details View details Next Purpose of processing, and notification of profiling. Article 4, paragraph 11, and Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Granular opt-in for several purposes Recital 32, and Article 29 Working Party Guidance November 2017 Details of rights to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Unambiguous, specific affirmative action. Not yes by default. Article 4, para 11, and Recital 32. Contact details of the data controller, and list of categories of processor. Article 13, para 1, a, and Recital 42. Compliant: an opt-in for each processing purpose
  • 56. Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Your Rights & Safeguards Data may be processed in the United States. Data Protection Officer Dr Sachiko Scheuing datenschutz@acxiom.com +49 89 857090 Contact Back to list Item 1 of 9 Next contact details of data protection officer. 
 Article 13, para 1, b. Details of international transfers, and related safeguards and rights. 
 Article 13, para 1, f. Compliant: an opt-in for each processing purpose
  • 57. Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Help keep Example.com profitable Learn about your data rights here. OFF Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Your Rights & Safeguards Data may be processed in the United States. Data Protection Officer Dr Sachiko Scheuing datenschutz@acxiom.com +49 89 857090 Contact Back to list Item 1 of 9 Next contact details of data protection officer. 
 Article 13, para 1, b. Details of international transfers, and related safeguards and rights. 
 Article 13, para 1, f. Compliant: an opt-in for each processing purpose
  • 58. Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly Compliant: explicit consent for special categories of personal data OFF “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.
  • 59. Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly Compliant: explicit consent for special categories of personal data OFF “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.
  • 60. Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next CONFIRM? Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a. Compliant: explicit consent for special categories of personal data
  • 61. Help keep Example.com profitable Learn about your data rights here. Let these companies combine your browsing habits for 6 months with data they already have collected about you to improve their profile of you, including by inferring insights, to show you relevant advertising. (This profile may include your income bracket, age and gender, habits, social media influence, ethnicity, sexual orientation, religion, political leaning, etc.). Item 1 of 20 Next Gordon House, Barrow St, Dublin 4, Ireland Acxiom GmbH Martin Behaim Strasse 12, 63263 Neu-Isenburg, Germany Google Ltd. View details View details Viewing 2 of 251 partners This design requires Two tap / click / drag actions to signal consent explicitly “Explicit consent” (to process special categories of data)
 Article 9, paragraph 2, a.ON Compliant: explicit consent for special categories of personal data
  • 62. OFF CONFIRM? Before First Action ON After First Action After Second Action click / tap click / tap Two tap / click / drag actions to signal “explicit consent” Compliant: explicit consent for special categories of personal data
  • 63. Document: The EU’s proposed new cookie rules Author: IAB Europe Date: June 2017
  • 64. Document: Pubvendors.json Author: IAB Tech Lab Date: May 2018 (This is the current text, live today)
  • 65. Document: “Transparency & Consent Framework FAQ” Author: IAB Europe Date: 21 June 2018 (This is the current text, live today)
  • 66. Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
  • 67. Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
  • 68. GDPR, Article 5 (1) (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  • 69.
  • 70.
  • 71. European privacy regulators are like ents: Terrifying, once awoken. European privacy regulators are like ents: Terrifying, once awoken.
  • 73. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle
  • 74. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John
  • 75. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John John
  • 76. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about John John
  • 77. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  • 78. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  • 79. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John John
  • 80. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John Worthy sites lose their unique audience, and feed a business model for the bottom of the Web. John
  • 81. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 82. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot/// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 83. The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 84. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 85. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 86. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 87. Step 4. The Daily Bugle is paid €1 to show ad Step 7. De5troyTru5t.com is paid €0.01 to show ad to Bot The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 88. THE STARVATION OF THE WORTHY PUBLISHER.
  • 94. Personal data in bid requests • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you.* • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. *Depending on the version of “real time bidding” system
  • 95. • What you are reading, or watching, or listening to. • Categories of the content. • Your approximate location. • General description of your device. • Your approximate IP address. • Impression ID for buyer transparency. Non-Personal data in bid requests Person is in Etterbeek in Brussels. Reading an article about Tesla motors on TechCrunch. Using Safari on a Mac.
  • 96. This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. -GDPR, Article 2 (1)
  • 97. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 98. Buyer Seller Extracts 70-55% of buyer’s media budget. Distribution Marketer $ DMP DSP Ad Exchange SSP Site Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB Victims of massive fraud. 2019 estimates range from $5.7B (ANA) - $42B (Juniper Research).
  • 99. Buyer Seller Extracts much lower % of buyer’s media budget. Distribution Unique audience become immune to commodification and arbitrage. No opportunity for untrustworthy sites. Bot fraud reduced. Bot fraud opportunity reduced. MARKET OVERVIEW (POST-FIX) NON-PERSONAL DATA IN IAB / GOOGLE RTB Marketer $ DMP DSP Ad Exchange SSP Site
  • 100.
  • 102. Fossil Fuel Renewable Energy N20 C02 Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY
  • 103. Ads (Ethical Data)Ads (Conventional Data) Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY Personal data Non-personal data Fossil Fuel Renewable Energy N20 C02
  • 104. Ads (Ethical Data)Ads (Conventional Data) Ads (Ethical Data) Personal data (protected & lawful) // + Classic Cars + Regulatory incentive CLEAN INDUSTRY Regulatory disincentive DIRTY INDUSTRY Fossil Fuel Renewable Energy N20 C02 Personal data Non-personal data
  • 106. Ring-fenced data. Each purpose for which you use my personal data requires a separate legal basis Purpose limitation As easy to withdraw as it was to give, and can be withdrawn without detriment. Consent+ = Freedom The market of users will decide when to “break up" the companies, and when to “un-break” them up. Big tech companies “cross-use” personal user data from one part of their business to prop up others. This stifles competition and innovation. But, data protection law can be an anti-trust tool…
  • 108. 1. To display your posts on your Newsfeed 2. To display posts on tagged friends’ Newsfeeds 3. To display friends posts that tag you on your Newsfeed 4. To identify untagged people in your posts 5. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make our Newsfeed more relevant to you. 6. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make ads relevant to you. 7. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, for advertising fraud prevention. “Purposes” when you post on the Newsfeed
  • 109. Facebook is Hal 9000. Its users are Dave. Facebook is Hal 9000. Its users are Dave.
  • 110. 1 General Data Protection Regulation (2016) 2 Personal Information Security Specification (2017) 3 Act on the Protection of Personal Information 3 Personal Data Protection Bill 4 General Data Protection Act (2017) 5 Personal Information Protection Act (2011) 6 Draft Data Protection Act 7 California Consumer Protection Act (2018) 21% European Union1 15% China2 6% Japan3 3% India3 3% Brazil4 2% South Korea5 Argentina6 1% GDPR emerging as defacto standard for 51% of global GDP US FIPPs EU GDPR
  • 111. johnny@brave.com @johnnyryan For updates, sign up to Brave Insights, a mailing list for analysts, researchers, and regulators at https://brave.us18.list-manage.com/subscribe?u=e38d85b519352e2b40c9b899e&id=4384bd4cba