Why, why, why do you need my PII?
May 30, 2023
May 30, 2023
It seems like every day we wake to a new and significant data breach in the news. Here, in Australia, in the past couple of months, we have witnessed large-scale attacks on the likes of Optus, Medibank and Latitude Financial. In each of these attacks, the perpetrators have taken the data and looked to on-sell the Personally Identifiable Information (PII) across the globe or held the businesses to ransom to not release the information publicly.
The question is ‘Why do these businesses need this information, how and where are they storing it and how secure is it?’ There is no simple answer here but, we can look at one area - how PII is used across the advertising ecosystem.
In a recent Consumer Policy Research Centre (CPRC) paper, they interviewed 1000 Australians and found that ‘There’s a major mismatch with how the digital economy currently works and what consumers want’.
Whole industries currently exist to trade in consumer data, yet 79% of Australians agree that a company should not sell people’s data under any circumstances. Even though companies commonly monitor what we do online, on their own websites as well as across the internet, 70% of people are not comfortable with companies monitoring their online behaviour.
They also commented: ‘It’s time for businesses to look at data and see how they can profit through positive outcomes for the community instead of monetising data in ways that cause community harm.’
The CPRC polled 1,000 people earlier this month (March, 2023) to inform its report. Key findings include:
CPRC Paper - ‘Not a fair-trade. Consumer views on how businesses use their data.’
All of your data has been stored away for the benefit of businesses. Have a look at: https://myaccount.google.com/dashboard to see what Google is tracking.
What you might not be aware of, is where and when businesses that you have never had a relationship with (third-parties) track you or, when they on-sell your data to additional companies so that they can target you or use your data.
The way to protect individuals and businesses alike is to implement new laws that are based on proven methods - such as those that apply within the offline world.
Entering a shop and providing information to the clerk, and then having them provide a recommendation, makes good sense. The clerk may use a third-party to help them provide this advice, yet the third-party does not obtain ownership of the information, the information is only shared with the clerk for use within the context of the services/products they provide.
However, going into a shop to find that the clerk from the previous shop or a shop you have never visited is there trying to sell you something out of context, or that the clerk has taken the information you provided and then sold it to another party, is simply not acceptable, and is equally not acceptable for the shop owner to ask you to sign a consent form that would allow them to do so.
In this instance, the right approach should be where the clerk can freely use the information provided to enable them to better service the individual within the context of the products and services they provide and can gain assistance from third-parties to achieve this. Yet, they are not permitted to give or sell this information to a third-party to use for a purpose outside of the context in which the information was provided.
Within the digital advertising space, it is widely accepted that this situation has gone too far. As an industry, slow-blocking of the third-party tracking solutions has been rolling out for a while now – with Google (i.e. Chrome) still reluctant to join Apple (i.e. Safari and Firefox) in blocking third-party cookies. Yes, Google doesn’t want to risk losing any of its $225B in annual ad revenue.
Others that have been using third-party cookies to their commercial gain are digital publishers who have found a way to combine and then segment these audiences out to market to monetise their traffic.
So, third-party cookies are disappearing, and businesses and publishers are having to adapt to the new landscape by using methods to connect individuals to advertising spots. Most businesses have moved to a first-party and PII methodology to tackle this. We have seen a rise in the hashing of PII data (email and/or mobile number) to obtain a view of matched audiences. These are either occurring directly e.g. Facebook Custom Audiences, or via a third-party solution like identity services providers. They all work by obtaining personal information, such as email, IP addresses and browser session information. They then take this information and use fingerprinting to create an identifier that can be shared for targeted advertising.
Back to the original statement – ‘Why, why, why do you need PII?’ This is the big question that is circulating at the moment and why governments across the globe are addressing the needs of their citizens to ensure that they are protected. Why does a publisher need to ‘know’ the individual? Why does a business need to use computational systems to infer a probabilistic match to an individual’s behaviour and identity? Why does the individual not have a say in the use of their data and how it is shared? As shown in the CPRC survey, consumers don’t want their data shared so something needs to change and with government policies being reviewed and in discussion it looks like change is coming and it will be enforced.
We, at AdFixus, are taking an active role in these wider government policy discussions. At AdFixus, we believe there is a better way to protect privacy whilst providing a seamless experience. Our Adfixus identity platform is decentralised, consumer-centric, and frictionless. Our approach is privacy-centric, meaning that we manage identities solely within the first-party context and exclusively for your brands. We allow you to match identities with other businesses (first-party to first-party) automatically, without ever sharing or exposing any information that would allow a third-party to identify one of your consumers. We also provide a ubiquitous framework for consumers to ‘opt out’, empowering them to take control of their personal data. This in turn, builds trust in your business and brand.
Do not settle for piecemeal solutions that increase privacy risks- Choose AdFixus for a reliable, comprehensive solution that puts individuals first.