"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Victor Wong, CEO at Thunder Experience Cloud.
Some might not consider the US government to be a technological innovator. Yet as it arguably tracks more information about US citizens than any other tech company, the US Census Bureau is pioneering a new form of data privacy protection called “differential privacy.”
The tech industry has started to take notice, with Uber and Apple both implementing differential privacy into their technology. Perhaps it’s time for ad tech to follow.
So what is differential privacy?
At a basic level, differential privacy is a form of data encryption. It allows researchers to accurately analyze entire data sets while protecting the privacy of individual data points. Researchers can analyze particular trends within the data, such as examining citizenship of neighborhoods, without being able to re-identify individual data points.
To accomplish this feat, differential privacy goes beyond hashing IDs and obfuscates patterns that can link data points to individuals and identify them.
Apple describes it this way [PDF]: “The differential privacy technology used by Apple is rooted in the idea that statistical noise that is slightly biased can mask a user’s individual data before it is shared.”
Differential privacy trades a little inaccuracy for more privacy protection. Sophisticated algorithms can be built for more complex grouping of data and obfuscation of identity, creating data sets that allow for fairly accurate independent measurement without compromising individual privacy. This enables Apple to promise that its devices don’t track individuals, and yet it collects data across devices to feed into machine learning and analytics to improve its software.
This technique can protect sensitive data that needs to be shared with third parties for research and measurement. For example, a publisher with sensitive audience data may want to show advertisers that ads on its network were effective without allowing the brands to identify specific individuals who saw the ads. So the publisher can use differential privacy to provide granular data with accurate insights in a privacy-centric way. Demographic details, such as age, gender and location, which may be openly passed between parties today could become encrypted via differential privacy to increase the care with which ad tech handles personal data.
In ad tech today, the industry has worked to address fraud with initiatives such as ads.txt. Marketers are pushing for greater transparency to verify that these initiatives are working. At the same time, user privacy has become increasingly important in light of GDPR in Europe and similar laws under consideration in the United States. Google’s decision to stop sharing DoubleClick ID data outside of its walled garden has effectively turned the debate into one of transparency vs. privacy, but perhaps the question we ought to ask is, how do we do both?
By embracing forms of differential privacy, the industry can provide transparency while protecting consumer privacy. Bad actors and poor performance can be identified and eliminated while everyone remains compliant with privacy regulations. Those parties creating the most value can ensure that they get their fair share of the pie.
Traditionally, the tech sector loathes regulation and thinks of government as the group of elderly senators who treat Mark Zuckerberg like an employee of Geek Squad. Much ink is spilled begging the government to stay away. But in terms of differential privacy, Uncle Sam is ahead, and the rest of us need to catch up.