Brands, You May Be Using Privacy-Unsafe Audiences

Privacy safety is the name of the game in digital media these days. Brands rely on audience data in order to deliver efficient advertising across the web, and there’s never been a greater need for brands to adhere to strict compliance standards for that audience data.

With all of the regulation and laws that have gone on the books, along with ongoing consumer concerns and industry initiatives, buyers probably think that everything they buy at this juncture must be “safe,” in that it’s compliant, vetted, and fully legal. Unfortunately, that’s not the case. 

There are lots of readily available audiences for sale on the biggest data marketplaces that aren’t built on the up and up. While they may skirt some of the more overt privacy concerns that dominate the ad industry coverage today, these audiences in question are in clear violation of standard rules and practices and put brands in a potentially dangerous situation. As similar inventory auction mechanisms evolve for CTV and OOH, it’s critical that brands know what to look for to ensure the data at their disposal passes muster.

Bidstream leakage supplies privacy-unsafe audiences

The ad industry has seen a major crackdown on companies that illegally gather audience data or fail to disclose that they are using cookies and selling that data. One component that has not garnered much scrutiny from regulators and enforcement agencies is the bidstream and the practice of building audiences through bidstream access.

To back up a second, the bidstream is the data generated by programmatic ad buying auctions. It contains valuable data about user behaviors, demographics, and other characteristics. Critically, bidstream data can be seen by anyone who has access to the auction environment, regardless of whether they won an impression, bid and lost, or never put in a bid at all. Brands, publishers, and other tech companies can all see this data.

If this seems like a ripe source of information, that’s because it is. It’s also why it’s protected by the terms and conditions of the platforms that host the auctions and own the data. These terms and conditions – for every demand-side platform and supply-side platform – state that it is a direct violation to take this data and then develop and sell audience products, which are known as derivative works.

That’s where things get risky for brands. The marketplace is full of these derivative works illegally built off the bidstream, and some players in the space openly promote that their audience products are built this way. 

What could happen to brands using derivative works

It’s mystifying as to why data companies are exploiting the bidstream so brazenly, yet very little is happening in the way of enforcement. Again, building these derivative works is in clear violation of the most common terms and conditions to which data partners agree. But that doesn’t mean that this cash grab will continue forever. With more scrutiny around data than ever before, it’s a matter of if, not when, this deception will stop.

What brands need to know is that bidstream-derived audiences could disappear at any minute. This could kill long-term planning for brands that have grown to rely on these segments. Even worse, potential legal action could wipe out some data companies altogether. No brand wants to be left standing by themselves, without a targeting strategy, after their partner has been sued into bankruptcy.

Finally, there’s the very real potential for fines to get passed down to the brands using these unsafe audiences themselves. It’s best to be on the safe side as soon as possible to avoid any negative consequences.

What to watch for when verifying data for privacy compliance 

Does this mean that brands are completely out of luck when it comes to informative targeting insights? Absolutely not. The trick is identifying which data sets adhere to the rules and which are bending them in a potentially dangerous way.

To start, avoid any data providers that openly promote the fact that their products are built via access to the bidstream. I can say with a great deal of certainty that these companies will not continue operating in this fashion forever.

Of course, not all data providers are so kind as to advertise that they are selling unsafe derivative works. For other providers, it’s critical to evaluate the source of the data and understand how data drives insights.

This doesn’t necessarily require a great deal of technical understanding. A company selling purchase insights built around a retail-focused co-op is safe. In fact, data sourced through direct relationships with publishers — or from a group of publishers — is almost always safe. Be sure to ask which publishers a data provider works with, and get a satisfactory answer.

The data world is no longer the wild west that it once was, but the cleanup hasn’t reached all corners of the industry yet. Brands that perform their due diligence when evaluating data partners are in a good position to avoid non-compliant data and keep their ad strategies humming along.

Erik Matlick is CEO and co-founder of Bombora.

Tags: