Identity Resolution

The Power of Permission in Privacy

August 19, 2020  |   Tim Geenen

Privacy and identity are intrinsically related; there isn’t one without the other. Privacy enables individuals to draw boundaries across their public and private identities and take control of how they present themselves in different scenarios. For example, Tim Geenen, GM of Privacy & Consumer Experiences at LiveRamp, is very different from Tim Geenen, house DJ and dad. However, due to the rise of the Internet and how our digital personas blur the lines between public and private, the link between privacy and identity is more relevant than ever, especially in digital advertising. The unfortunate truth is that previously, many companies played fast and loose with their customer data, whether it was data they were entrusted with or data that individuals didn’t even know was being shared in the first place. Because of that, we’ve come to this world where there are growing trends of only being able to access data on individuals with their consent and permission, or after notifying them of data collection and usage practices that they can typically opt out of. As such, the true importance of consent and permission is that they are a fundamental requirement for being able to utilize identity while respecting privacy online.

Before we unpack that sentiment, let’s dig into the reality of where we are today and how we got here. Privacy regulation is what started the need for permissions in digital advertising, and as more countries pass laws, privacy regulation will be different across the globe. We’ll see regional, national, and federal laws along with their subsequent interpretations—not just from government data protection authorities, but also from individual corporate legal teams as they each interpret the regulations based on the information available. Further, as technology advances and grows more powerful, the potential for abuse increases as well. As such, the odds are good that we’ll eventually be facing increasingly stringent laws and consumer protections over time. 

New privacy laws exist today because businesses failed in their duty as stewards of personal data. As a result, these laws represent an opportunity to do right by the people and establish a new foundation of trust between businesses and individuals.

That opportunity comes in using transparency to communicate a value exchange with individuals. Soon, consent and preference management will no longer be a bar to reach, but a baseline expectation for businesses the world over. As the broad populace becomes more familiar with the ins and outs of the digital world and their data subject rights, they’ll begin to scrutinize their relationships with businesses and who exactly they share data with. Increasingly, people want to know what they’re getting back in exchange for their data and what they’re saying yes or no to. By establishing the value exchange up front, we can build trust and educate individuals on how we use their data to enhance their online experiences.

So we’ve come full circle—consent is a baseline requirement to bridge privacy and identity. To manage these consents and permissions safely and effectively, there’s a need for a specialized product that not only captures consent but can also transmit it to your most valuable partners to continue empowering and enabling the marketing use cases we see today, i.e., a CMP (consent management platform). Because it’s not just you and your business that needs consent, it’s you and everyone you work with. Every single vendor on your page that so much as assigns a unique cookie ID or people-based identifier needs to respect individual choices and preferences over data processing. Not to mention that this is further complicated because not all consent is made equal. Even if two companies use the same interface to collect consent, one of them could be non-compliant because their disclosures weren’t clear enough. Moreover, even if both had the same UI and disclosures, one could still be non-compliant because they failed to properly set up how they pass consent to their downstream vendors or didn’t log every change. The guidelines as to what constitutes “valid” consent can be extremely stringent, e.g., under GDPR. So even though consent seems innocuous on its face—and perhaps because of that—it is incredibly easy to get wrong. And that’s where things start falling apart.

In certain jurisdictions, without consent, critical use cases like measurement and targeting can’t be done. As such, while individuals don’t necessarily need to be familiar with each partner you work with, to continue being able to use these powerful tools to iterate and optimize, giving the customer the ability to dig in, learn about the partners, and even choose whether or not they’re willing to share data with them goes a long way.

So what does an effective CMP need? Aside from the straightforward need to customize it to fit your site and create a seamless user and brand experience, CMPs also need:

  1. Flexibility: It’s not just the authorities who will interpret privacy regulation, but also individual businesses, based on how their legal teams read the laws. This means a solution that provides the flexibility to accommodate your organization’s specific needs and requirements is fundamental to success.
  2. Interoperability: a CMP is a tool you use for permission management, but there’s so much more that goes into it. Every page view and even every session can be different, based on the permissions and choices of a consumer. It’s essential to do conditional firing flawlessly to avoid any compliance risks and ROI loss. As such, your CMP must be compatible with all your on-page or in-app partners that rely on the CMP to provide the appropriate red and green lights for data processing.
  3. Auditability: companies are required to keep track of every permission and need to be able to prove that. An extensive audit trail needs to be maintained, and automation here is key, because at the end of the day, even if you did everything right, it doesn’t matter if you can’t prove it.  

LiveRamp’s CMP, Privacy Manager, can help you address those needs to bridge the gap between privacy and identity to establish the foundation for a trusted value exchange. Further, our approach to implementation is always focused on creating a seamless transition and set up. 

We believe that Privacy Manager, in conjunction with other solutions like the Authenticated Traffic Solution and LiveRamp Safe Haven, represents a means to provide marketers with the tools they need to facilitate data connectivity and the ability to reach and interact with their audiences while still respecting the individual’s privacy.

If you want to continue this conversation now—our team is available to answer any questions. Please reach out to privacy-manager@liveramp.com.