Home Privacy As GDPR Looms, Privacy Tech Is On The Rise

As GDPR Looms, Privacy Tech Is On The Rise

SHARE:

The May deadline to comply with Europe’s General Data Protection Regulation (GDPR) is swiftly approaching, and ad tech and security startups are forming a new industry: privacy tech.

Companies like PageFair, Evidon, Prifender, Tealium and Segment hope to capitalize with GDPR compliance solutions for brands, publishers and even other ad tech vendors.

The International Association of Privacy Professionals and Ernst & Young estimate that members of the Fortune 500 alone will spend just shy of $8 billion on GDPR compliance efforts.

But before 2015, when it became clear that the EU would adopt GDPR, the privacy tech industry didn’t exist, said Sagi Leizerov, chief data solutions officer at Prifender, a privacy technology company that opened that same year.

“GDPR’s been a real boost,” said Leizerov, who spent 16 years as global privacy lead at EY before joining Prifender in May.

GDPR compliance tech, however, comes in many different flavors.

Block It All

PageFair, for example, an Irish company known primarily for its anti-ad-blocking technology, launched a solution on Tuesday that helps publishers manage data leakage and third-party tracking, both of which are major compliance tripwires under GDPR.

Dubbed Perimeter, the offering neutralizes all GDPR risk by blocking everything, then whitelists trusted partners and enables RTB using segments that aren’t reliant on personal data.

Perimeter automatically removes data-leaking JavaScript from ads before they’re rendered and prevents unauthorized third parties from accessing personal data. Ads are intercepted server-side by PageFair, which strips out anything executable, and then rendered in the browser as a PNG or JPEG.

The solution might sound drastic, but it’s the only way for a publisher to ensure it complies with GDPR by May, said Johnny Ryan, PageFair’s head of ecosystem.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

“Asking for consent is meaningless if users have no idea where their data is showing up,” he said.

Managing Consent

Digital governance provider Evidon, however, is taking a very different tack with a solution that aims to help companies obtain consent with enough transparency to satisfy the requirement for clear, concise language and ease of use under GDPR.

Evidon’s universal consent platform lets companies deploy a tag that automatically provides site visitors with notice and choice disclosures and a place where they can opt in to data collection, see what’s being collected and modify what’s being tracked.

“Any form of third-party cookies now count as personal data, so anonymization will be essential to how the ecosystem works, but you still need consent if you don’t have legitimate interest,” said Scott Meyer, founder of Evidon and president of digital governance at Evidon’s parent company, Crownpeak.

Meeting Your Match

How many John Smiths are there in the world? Doubtlessly quite a lot, Prifender’s Leizerov said, and it can be difficult to tell the difference between them within a single system, let alone millions of identities spread out across multiple networks.

Prifender uses what the company calls “identity-aware software” and artificial intelligence to map and match personal data from multiple places within an enterprise and tie it together with the right identity and any related opt-outs or preferences. That gives Prifender the ability to handle GDPR requirements, like cross-border data transfers and the deletion of data.

“When we stumble on a John Smith, we can identify whether it’s John Smith No. 5,847 or if it’s a new John Smith altogether,” Leizerov said. “We then associate those identifiers with the right restrictions.

The profiles also contain information on where each data point is housed within a particular system, where the copies are located, when the data was last updated, how the data is being maintained and which people within an organization have access to and use this data, whether that’s employees or vendors.

Protection Through Consolidation

Tealium is developing a GDPR offering that hinges on tag management, the company’s historical bread and butter.

Because Tealium helps manage customer data across multiple platforms, it can serve as a “central repository for everything that’s known about a consumer,” said Mike Anderson, the company’s CTO and founder.

From that vantage point, Tealium can help its customers manage opt-outs across channels, Anderson said.

Data platform Segment launched a conceptually similar compliance solution in November, the purpose of which is to help its clients honor the rights of data subjects under GDPR, including the right to be forgotten and the right to restrict data processing.

Segment’s main tech acts as what CEO and co-founder Peter Reinhardt calls “a data layer” that allows brands to combine their data from multiple sources into a single spot. The compliance feature Segment added to its platform enables brands to easily delete a customer’s data across all of their systems at once and automatically suppress a user from being tracked in future.

Eighty-two percent of European data subjects plan to exercise their rights under GDPR to limit, view or erase the information that businesses collect about them, according to a December report from Pegasystems.

“GDPR is a really big piece of legislation with a lot of different surface areas and quite a few gaps,” said Chris Sperandio, a product manager at Segment. “The biggest thing I’ve heard echoed across our customer base is a desire to minimize their risk profile.”

Expect the privacy tech industry to answer that call as the clock ticks down to GDPR implementation in May. Some of the solutions will be legit and others will bubble up from the snake oil pit of ambulance chasers, Prifender’s Leizerov said. That’s just inevitable.

And what’s also sure is that “we’ll be in this GDPR phase for a while – it’s not over in 2018,” Leizerov said. “We’re just in the early implementation stage, and I don’t see it plateauing or going back to normal until at least 2020.”

Must Read

Comic: Always Be Paddling

The Trade Desk Maintains Its High Growth Rate And Touts New Channels

“It’s hard not to be bullish about CTV when it’s both our largest channel and our fastest growing,” said The Trade Desk Founder and CEO Green during the company’s earnings report on Thursday.

After The Election, News Corp Has Harsh Words For Advertisers Who Avoided News

News Corp’s chief exec blasted “the blatant biases of ad agencies and ad associations,” which are “boycotting certain media properties” due to “personal political prejudices.”

LiveRamp Outperforms On Earnings And Lays Out Its Data Network Ambitions

LiveRamp reported an unexpected boost to Q3 revenue, from $160 million last year to $185 million in 2024, during its quarterly call with investors on Wednesday.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Google in the antitrust crosshairs (Law concept. Single line draw design. Full length animation illustration. High quality 4k footage)

Google And The DOJ Recap Their Cases In The Countdown To Closing Arguments

If you’re trying to read more than 1,000 pages of legal documents about the US v. Google ad tech antitrust case on Election Day, you’ve come to the right place.

NYT’s Ad And Subscription Revenue Surge As WaPo Flails

While WaPo recently lost 250,000 subscribers due to concerns over its journalistic independence, NYT added 260,000 subscriptions in Q3 thanks largely to the popularity of its non-news offerings.

Mark Proulx, global director of media quality & responsibility, Kenvue

How Kenvue Avoided $3 Million In Wasted Media Spend

Stop thinking about brand safety verification as “insurance” – a way to avoid undesirable content – and start thinking about it as an opportunity to build positive brand associations, says Kenvue’s Mark Proulx.