SlideShare a Scribd company logo

Summer school data leakage in online advertising

Johnny Ryan
Johnny Ryan

Deck from IVIR summer school

Law
1 of 34
Download to read offline
Ivir summer school
@johnnyryan
Article 8 Cookie walls
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Everybody you have ever known can be profiled
IAB Europe
“The ePrivacy Directive clarifies that access to ‘website content may still be made conditional on the well-informed acceptance of cookies’ and use of similar tracking technologies. Digital services, such as websites or apps are generally permitted to require users to consent to the collection their personal data through cookies or similar technologies before allowing them to use a service.” IAB Europe, November 2017
ePrivacy Directive, Recital 25
ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still
GDPR, Article 95
“Article 95 GDPR on the relationship of the GDPR with the ePrivacy Directive establishes that the ePrivacy Directive's more specific rules prevail over rules of the GDPR” IAB Europe, November 2017
GDPR, Article 95 This Regulation shall not impose additional obligations … in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC. .
GDPR, Article 95 This Regulation shall not impose additional obligations … in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC. .
ePrivacy Directive, Recital 25
ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still
ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still This is an allowance, not an obligation
ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still This is an allowance, not an obligation This is a recital, not an article
25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB)
to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25
to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25 Article 29 WP (2013):
 not “general access”
to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25 Article 29 WP (2013):
 not “general access”
any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. For the purposes of this definition: ... "at the individual request of a recipient of services" means that the service is provided through the transmission of data on individual request. Directive 98/34/EC, Article 1(2) .
IAB Europe website
European privacy regulators are like ents: Terrifying, once awoken. European privacy regulators are like ents: Terrifying, once awoken.
Article 10 Privacy by design and by default
MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Default, per LIBE Recital 23. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences
MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Default, per LIBE Recital 23. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences LIBE test proposes this in Recital 23, though Recital 21 as amended appears to make it unnecessary”.
Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences 56% 20%19% 5% Thinking of yourself as a visitor to websites, what would you select if shown this message?
“Behavioural”
Conventional “Broadcast” Behavioral “Local” Behavioral Safe data “Broadcast” Behavioral ///
@johnnyryan

Recommended

Consumer protection Bulgaria
Consumer protection BulgariaConsumer protection Bulgaria
Consumer protection BulgariaJaromir Novak
 
201310_Mvn os and regulation in international roaming
201310_Mvn os and regulation in international roaming 201310_Mvn os and regulation in international roaming
201310_Mvn os and regulation in international roaming CNMC (Comisión Nacional de los Mercados y la Competencia)
 
WORLDPIPE Brochure
WORLDPIPE BrochureWORLDPIPE Brochure
WORLDPIPE BrochureAndrew J. Polcha
 
BICS Company Presentation (PDF) (1)
BICS Company Presentation (PDF) (1)BICS Company Presentation (PDF) (1)
BICS Company Presentation (PDF) (1)Daniel Kurgan
 
New telecom policy
New telecom policyNew telecom policy
New telecom policyRS P
 
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUK
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUKINCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUK
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUKIndependent Networks Co-operative Association
 
Claire Bury - A New Telecoms Regulatory Framework
Claire Bury - A New Telecoms Regulatory FrameworkClaire Bury - A New Telecoms Regulatory Framework
Claire Bury - A New Telecoms Regulatory FrameworkFSR Communications and Media
 
EU Media Policy - MS Directive: Quo Vadis?
EU Media Policy - MS Directive: Quo Vadis? EU Media Policy - MS Directive: Quo Vadis?
EU Media Policy - MS Directive: Quo Vadis? Centre for Media Pluralism and Media Freedom
 

Recommended

Consumer protection Bulgaria
Consumer protection BulgariaConsumer protection Bulgaria
Consumer protection BulgariaJaromir Novak
 
201310_Mvn os and regulation in international roaming
201310_Mvn os and regulation in international roaming 201310_Mvn os and regulation in international roaming
201310_Mvn os and regulation in international roaming CNMC (Comisión Nacional de los Mercados y la Competencia)
 
WORLDPIPE Brochure
WORLDPIPE BrochureWORLDPIPE Brochure
WORLDPIPE BrochureAndrew J. Polcha
 
BICS Company Presentation (PDF) (1)
BICS Company Presentation (PDF) (1)BICS Company Presentation (PDF) (1)
BICS Company Presentation (PDF) (1)Daniel Kurgan
 
New telecom policy
New telecom policyNew telecom policy
New telecom policyRS P
 
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUK
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUKINCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUK
INCA-BDUK Seminar - Tony Edge & Matthew Cunningham, BDUKIndependent Networks Co-operative Association
 
Claire Bury - A New Telecoms Regulatory Framework
Claire Bury - A New Telecoms Regulatory FrameworkClaire Bury - A New Telecoms Regulatory Framework
Claire Bury - A New Telecoms Regulatory FrameworkFSR Communications and Media
 
EU Media Policy - MS Directive: Quo Vadis?
EU Media Policy - MS Directive: Quo Vadis? EU Media Policy - MS Directive: Quo Vadis?
EU Media Policy - MS Directive: Quo Vadis? Centre for Media Pluralism and Media Freedom
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingAndrew Tibber
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookiesPeter McClymont
 
Licensing and Access to Content in the EU
Licensing and Access to Content in the EULicensing and Access to Content in the EU
Licensing and Access to Content in the EULawScienceTech
 
Aturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni EropaAturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni EropaTeddyIswahyudi1
 
Browser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinBrowser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinNapier University
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookiesdbaillieu
 
Digital resale what does the future now hold?
Digital resale what does the future now hold?Digital resale what does the future now hold?
Digital resale what does the future now hold?Gareth Dickson
 
Virtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesVirtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesSigal Biran-Nagar
 
Virtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesVirtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesECI – THE ELASTIC NETWORK™
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveGoogle Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveDavid Erdos
 
Protection from-online-falsehoods-and-manipulation-bill10-2019
Protection from-online-falsehoods-and-manipulation-bill10-2019Protection from-online-falsehoods-and-manipulation-bill10-2019
Protection from-online-falsehoods-and-manipulation-bill10-2019Дзвенислава Карплюк
 
eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) Cosetta Masi
 
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...FSR Communications and Media
 
Patents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) ArchitecturePatents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) ArchitectureAlex G. Lee, Ph.D. Esq. CLP
 
IPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVESIPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVESpattok
 
Data Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveData Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveDavid Erdos
 
Net neutrality 2021
Net neutrality 2021Net neutrality 2021
Net neutrality 2021Chris Marsden
 
CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 

More Related Content

Similar to Summer school data leakage in online advertising

The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingAndrew Tibber
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
 
Licensing and Access to Content in the EU
Licensing and Access to Content in the EULicensing and Access to Content in the EU
Licensing and Access to Content in the EULawScienceTech
 
Aturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni EropaAturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni EropaTeddyIswahyudi1
 
Browser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinBrowser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinNapier University
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookiesdbaillieu
 
Digital resale what does the future now hold?
Digital resale what does the future now hold?Digital resale what does the future now hold?
Digital resale what does the future now hold?Gareth Dickson
 
Virtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesVirtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesSigal Biran-Nagar
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveGoogle Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveDavid Erdos
 
eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) Cosetta Masi
 
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...FSR Communications and Media
 
Patents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) ArchitecturePatents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) ArchitectureAlex G. Lee, Ph.D. Esq. CLP
 
IPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVESIPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVESpattok
 
Data Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveData Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveDavid Erdos
 

Similar to Summer school data leakage in online advertising (20)

The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance Marketing
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibber
 
The EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie LawThe EU ePrivacy Directive - Navigating the UK Cookie Law
The EU ePrivacy Directive - Navigating the UK Cookie Law
 
120119 ukgc12-cookies
120119 ukgc12-cookies120119 ukgc12-cookies
120119 ukgc12-cookies
 
Licensing and Access to Content in the EU
Licensing and Access to Content in the EULicensing and Access to Content in the EU
Licensing and Access to Content in the EU
 
Aturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni EropaAturan penerapan Digital-Service-Act Uni Eropa
Aturan penerapan Digital-Service-Act Uni Eropa
 
Browser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F MondscheinBrowser-based Crypto M, C. F Mondschein
Browser-based Crypto M, C. F Mondschein
 
Bootlaw Cookies
Bootlaw CookiesBootlaw Cookies
Bootlaw Cookies
 
Digital resale what does the future now hold?
Digital resale what does the future now hold?Digital resale what does the future now hold?
Digital resale what does the future now hold?
 
Virtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesVirtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing Services
 
Virtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing ServicesVirtualized Transport for Edge Computing Services
Virtualized Transport for Edge Computing Services
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulation
 
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR PerspectiveGoogle Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
Google Spain and its Aftermath 2014-2023: An EU and UK GDPR Perspective
 
Protection from-online-falsehoods-and-manipulation-bill10-2019
Protection from-online-falsehoods-and-manipulation-bill10-2019Protection from-online-falsehoods-and-manipulation-bill10-2019
Protection from-online-falsehoods-and-manipulation-bill10-2019
 
eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014)
 
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
Expression on Platforms: Freedom of Expression and ISP Liability in the Frame...
 
Patents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) ArchitecturePatents for the IoT (Internet of Things) Architecture
Patents for the IoT (Internet of Things) Architecture
 
IPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVESIPTV IN INDIA SOME LEGAL PERSPECTIVES
IPTV IN INDIA SOME LEGAL PERSPECTIVES
 
Data Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical PerspectiveData Protection and "Intermediary" Responsibility: An Historical Perspective
Data Protection and "Intermediary" Responsibility: An Historical Perspective
 
Net neutrality 2021
Net neutrality 2021Net neutrality 2021
Net neutrality 2021
 

More from Johnny Ryan

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationJohnny Ryan
 

More from Johnny Ryan (20)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and Disinformation
 

Recently uploaded

Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfDrNiteshSaraswat
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideillinoisworknet11
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 

Recently uploaded (20)

Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
SecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdfSecuritiesContracts(Regulation)Act,1956.pdf
SecuritiesContracts(Regulation)Act,1956.pdf
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Illinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guideIllinois Department Of Corrections reentry guide
Illinois Department Of Corrections reentry guide
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 

Summer school data leakage in online advertising

  • 2.
  • 5. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 6. Everybody you have ever known can be profiled
  • 8. “The ePrivacy Directive clarifies that access to ‘website content may still be made conditional on the well-informed acceptance of cookies’ and use of similar tracking technologies. Digital services, such as websites or apps are generally permitted to require users to consent to the collection their personal data through cookies or similar technologies before allowing them to use a service.” IAB Europe, November 2017
  • 10. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still
  • 12. “Article 95 GDPR on the relationship of the GDPR with the ePrivacy Directive establishes that the ePrivacy Directive's more specific rules prevail over rules of the GDPR” IAB Europe, November 2017
  • 13. GDPR, Article 95 This Regulation shall not impose additional obligations … in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC. .
  • 14. GDPR, Article 95 This Regulation shall not impose additional obligations … in relation to processing in connection with the provision of publicly available electronic communications services in public communication networks in the Union in relation to matters for which they are subject to specific obligations with the same objective set out in Directive 2002/58/EC. .
  • 16. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still
  • 17. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still This is an allowance, not an obligation
  • 18. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB) 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device., if it is used for a legitimate purpose. website content may still This is an allowance, not an obligation This is a recital, not an article
  • 19. 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose. ePrivacy Directive, Recital 25 (as selectively quoted by the IAB)
  • 20. to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25
  • 21. to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25 Article 29 WP (2013):
 not “general access”
  • 22. to facilitate the provision of information society services ... 25.Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose … such as ePrivacy Directive, Recital 25 Article 29 WP (2013):
 not “general access”
  • 23. any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. For the purposes of this definition: ... "at the individual request of a recipient of services" means that the service is provided through the transmission of data on individual request. Directive 98/34/EC, Article 1(2) .
  • 25.
  • 26. European privacy regulators are like ents: Terrifying, once awoken. European privacy regulators are like ents: Terrifying, once awoken.
  • 27. Article 10 Privacy by design and by default
  • 28. MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Default, per LIBE Recital 23. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences
  • 29. MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Default, per LIBE Recital 23. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences LIBE test proposes this in Recital 23, though Recital 21 as amended appears to make it unnecessary”.
  • 30. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking Tracking Preferences 56% 20%19% 5% Thinking of yourself as a visitor to websites, what would you select if shown this message?
  • 31.