Home Data-Driven Thinking Contrary To Popular Belief, There Are Restrictions On First-Party Data

Contrary To Popular Belief, There Are Restrictions On First-Party Data


garykibelData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Gary Kibel, a partner in the digital media, technology and privacy practice group at Davis & Gilbert.

Companies often proclaim that they “own” certain data because they are the first party that initially collected it, therefore giving them broad rights to use and exploit such data. The intuitive reaction is that it is much easier to use and exploit first-party data than third-party data, which has been licensed from another party and is subject to restrictions under that license.

However, the preoccupation with “owned vs. licensed” and “first-party vs. third-party” data is sometimes misplaced. The focus should instead be on the actual rights and restrictions that attach to all data sets and the permissible uses of the data in compliance with those rights and restrictions.

First-party data may not be as easy to use as believed.

Follow The Code

Much like a person, when data is first generated, it is born with certain attributes – a genetic code, if you will. These attributes attach to the data and follow it throughout its life. These attributes are created through the privacy policies, statements and other disclosures that were made at the time the data was initially generated. Once data has been collected under a set of disclosures, it must strictly live by those disclosures. The data cannot be used differently, unless a new set of disclosures are made in a legally compliant manner. Therefore, disclosing narrow uses results in limited use cases for the data.

However, overly broad disclosures can be vague and potentially run afoul of applicable law. Whether the data is in the possession of the original data owner or subsequent licensees, all uses must be consistent with those initial disclosures. So a first party must look into the future and ensure that its first bite at the apple includes all disclosures necessary for their current and future business needs. A third party receiving the data must query the first party to ensure that its intended uses of the data are permissible under those initial disclosures.

As a result, with poor initial disclosures, it is entirely possible that a first party may not be entitled to use its own data as desired. For example, if a first party wanted to use its own data with a matching service, such as Facebook Custom Audiences, it should not automatically assume that it can do so simply because it owns the data. The data owner needs to consider the rights that attached to such data when it was first collected. If the disclosures did not permit sharing personal information with third parties for matching purposes, then the fact that the data is first-party data and is owned by a party will do no good. The party can’t use its own data as it chooses because the data’s attributes omit such rights.

Old Data, New Services

As new services come to market and provide data owners with additional ways to exploit old data, the data owner or licensee must go back to the initial disclosures to determine if the old data can be used with the new services in a manner consistent with those past disclosures.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Data owners and licensees should carefully categorize their own first-party and licensed third-party data to ensure that they are always aware of the applicable attributes and the limitations on use. There should be a data audit trail to support any rights that accompany first-party data. And third parties should ask more questions.

Keep in mind that when it comes to data, ownership is not a blank check that entitles a party to use, disclose, share and otherwise exploit it for any purpose. One must always look back at the data’s genetic code.

Follow Gary Kibel (@GaryKibel_law), Davis & Gilbert LLP (@dglaw) and AdExchanger (@adexchanger) on Twitter.

Must Read

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.

Mozilla acquires Anonym

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Nope, We Haven’t Hit Peak Retail Media Yet

The move from in-store to digital shopper marketing continues, as United Airlines, Costco, PayPal, Chase and Expedia make new retail media plays. Plus: what the DSP Madhive saw in advertising sales software company Frequence.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: Ad-ception

The New York Times And Instacart Integrate For Shoppable Recipes

The New York Times and Instacart are partnering for shoppable recipe videos.

Experian Enters The Third-Party Data Onboarding Business

Experian entered the third-party data onboarder market on Tuesday with a new product based on its Tapad acquisition.

Albertsons Takes Its First Steps Into Non-Endemic Advertising, Retail Media’s Next Frontier

Albertsons is taking that first step into non-endemic advertising next week via a partnership with Rokt to serve ads to people who have already purchased groceries.