Home Privacy As GDPR Looms, Privacy Tech Is On The Rise

As GDPR Looms, Privacy Tech Is On The Rise


The May deadline to comply with Europe’s General Data Protection Regulation (GDPR) is swiftly approaching, and ad tech and security startups are forming a new industry: privacy tech.

Companies like PageFair, Evidon, Prifender, Tealium and Segment hope to capitalize with GDPR compliance solutions for brands, publishers and even other ad tech vendors.

The International Association of Privacy Professionals and Ernst & Young estimate that members of the Fortune 500 alone will spend just shy of $8 billion on GDPR compliance efforts.

But before 2015, when it became clear that the EU would adopt GDPR, the privacy tech industry didn’t exist, said Sagi Leizerov, chief data solutions officer at Prifender, a privacy technology company that opened that same year.

“GDPR’s been a real boost,” said Leizerov, who spent 16 years as global privacy lead at EY before joining Prifender in May.

GDPR compliance tech, however, comes in many different flavors.

Block It All

PageFair, for example, an Irish company known primarily for its anti-ad-blocking technology, launched a solution on Tuesday that helps publishers manage data leakage and third-party tracking, both of which are major compliance tripwires under GDPR.

Dubbed Perimeter, the offering neutralizes all GDPR risk by blocking everything, then whitelists trusted partners and enables RTB using segments that aren’t reliant on personal data.

Perimeter automatically removes data-leaking JavaScript from ads before they’re rendered and prevents unauthorized third parties from accessing personal data. Ads are intercepted server-side by PageFair, which strips out anything executable, and then rendered in the browser as a PNG or JPEG.

The solution might sound drastic, but it’s the only way for a publisher to ensure it complies with GDPR by May, said Johnny Ryan, PageFair’s head of ecosystem.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

“Asking for consent is meaningless if users have no idea where their data is showing up,” he said.

Managing Consent

Digital governance provider Evidon, however, is taking a very different tack with a solution that aims to help companies obtain consent with enough transparency to satisfy the requirement for clear, concise language and ease of use under GDPR.

Evidon’s universal consent platform lets companies deploy a tag that automatically provides site visitors with notice and choice disclosures and a place where they can opt in to data collection, see what’s being collected and modify what’s being tracked.

“Any form of third-party cookies now count as personal data, so anonymization will be essential to how the ecosystem works, but you still need consent if you don’t have legitimate interest,” said Scott Meyer, founder of Evidon and president of digital governance at Evidon’s parent company, Crownpeak.

Meeting Your Match

How many John Smiths are there in the world? Doubtlessly quite a lot, Prifender’s Leizerov said, and it can be difficult to tell the difference between them within a single system, let alone millions of identities spread out across multiple networks.

Prifender uses what the company calls “identity-aware software” and artificial intelligence to map and match personal data from multiple places within an enterprise and tie it together with the right identity and any related opt-outs or preferences. That gives Prifender the ability to handle GDPR requirements, like cross-border data transfers and the deletion of data.

“When we stumble on a John Smith, we can identify whether it’s John Smith No. 5,847 or if it’s a new John Smith altogether,” Leizerov said. “We then associate those identifiers with the right restrictions.

The profiles also contain information on where each data point is housed within a particular system, where the copies are located, when the data was last updated, how the data is being maintained and which people within an organization have access to and use this data, whether that’s employees or vendors.

Protection Through Consolidation

Tealium is developing a GDPR offering that hinges on tag management, the company’s historical bread and butter.

Because Tealium helps manage customer data across multiple platforms, it can serve as a “central repository for everything that’s known about a consumer,” said Mike Anderson, the company’s CTO and founder.

From that vantage point, Tealium can help its customers manage opt-outs across channels, Anderson said.

Data platform Segment launched a conceptually similar compliance solution in November, the purpose of which is to help its clients honor the rights of data subjects under GDPR, including the right to be forgotten and the right to restrict data processing.

Segment’s main tech acts as what CEO and co-founder Peter Reinhardt calls “a data layer” that allows brands to combine their data from multiple sources into a single spot. The compliance feature Segment added to its platform enables brands to easily delete a customer’s data across all of their systems at once and automatically suppress a user from being tracked in future.

Eighty-two percent of European data subjects plan to exercise their rights under GDPR to limit, view or erase the information that businesses collect about them, according to a December report from Pegasystems.

“GDPR is a really big piece of legislation with a lot of different surface areas and quite a few gaps,” said Chris Sperandio, a product manager at Segment. “The biggest thing I’ve heard echoed across our customer base is a desire to minimize their risk profile.”

Expect the privacy tech industry to answer that call as the clock ticks down to GDPR implementation in May. Some of the solutions will be legit and others will bubble up from the snake oil pit of ambulance chasers, Prifender’s Leizerov said. That’s just inevitable.

And what’s also sure is that “we’ll be in this GDPR phase for a while – it’s not over in 2018,” Leizerov said. “We’re just in the early implementation stage, and I don’t see it plateauing or going back to normal until at least 2020.”

Must Read

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.

Mozilla acquires Anonym

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Nope, We Haven’t Hit Peak Retail Media Yet

The move from in-store to digital shopper marketing continues, as United Airlines, Costco, PayPal, Chase and Expedia make new retail media plays. Plus: what the DSP Madhive saw in advertising sales software company Frequence.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: Ad-ception

The New York Times And Instacart Integrate For Shoppable Recipes

The New York Times and Instacart are partnering for shoppable recipe videos.

Experian Enters The Third-Party Data Onboarding Business

Experian entered the third-party data onboarder market on Tuesday with a new product based on its Tapad acquisition.

Albertsons Takes Its First Steps Into Non-Endemic Advertising, Retail Media’s Next Frontier

Albertsons is taking that first step into non-endemic advertising next week via a partnership with Rokt to serve ads to people who have already purchased groceries.