The Fight to Keep Personally Identifiable Information Private on Mobile
By Jed Wheeler, Director of Solutions Engineering
One of the fundamental tenants of today’s digital advertising environment is that a line must be drawn between the use of information that is helpful for delivering targeted, personally relevant ad campaigns and the use of information that invades a consumer’s privacy. Over time Cookies have become the standard way to build user interest profiles without personally identifying the user, with the added bonus that end users can easily erase them at any time. The industry switch to mobile presents new challenges that the industry is still wrestling with.
Most activity on mobile takes place within apps as opposed to web browsers, rendering cookies all but meaningless. Both Google (through GAID) and Apple (through IDFA) have introduced their own versions of mobile identifiers, but if someone wanted to merge IDFA or GAID data with a set of Personally Identifiable Information (PII), all anonymity and privacy would fly out the window. Unfortunately, in a complex ecosystem that involves app developers, ad networks, analytics providers and other platform companies, this scenario happens all too often.
One particularly dangerous scenario is brands piping data from their analytics solutions to their advertising tools to target consumers based on the goldmine of data these solutions collect, without first sanitizing the data and removing PII. Using app analytics to drive mobile advertising makes a lot of sense. Analytics tells us a lot about user behavior and therefore can help deliver better, more targeted ads, but we have to respect user privacy in the process. Unfortunately, most analytics solutions were never intended to be used to power advertising, and therefore they don’t have proper measures in place to control the flow of PII to parties that might not treat it with the respect it deserves.
For example, at a recent industry conference, a C-level executive at a major analytics company spoke at length about how advertisers should get over their “fear” of PII and just use it — apparently unaware that what he was advocating was illegal. Even in cases where there is no overt intent to share customer PII, it is far too easy for Brands to accidentally include it in data exports from common analytics tools. This is a problem.
RadiumOne is clear on this point. We do not collect PII and we do not allow clients or their agencies to send it to us. We’ve built our entire global data infrastructure around the EU standards — the strictest in the world — to make sure that we are fully compliant with privacy laws everywhere.
As an industry, it is imperative that we protect PII. Consumers don’t mind sharing their data with an app or service if they get something of value in return, but they don’t expect their personally identifiable data will end up in some anonymous third party’s data warehouse as a result, and they definitely expect that data to be treated with respect. We hope our peers in the mobile analytics world will follow our lead.