SlideShare a Scribd company logo

Presentation to European Political Strategy Centre at the European Commission

Johnny Ryan, profile picture
Johnny Ryan

The document discusses the mechanisms of real-time bidding (RTB) in online advertising, detailing the roles of different platforms such as supply-side platforms (SSP), demand-side platforms (DSP), and data management platforms (DMP). It highlights the extensive data leakage that occurs through this process, allowing advertisers to gather personal data from users without transparency. The document also emphasizes the implications of this data leakage on user privacy and trust in online advertising systems.

Government & Nonprofit
1 of 91
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
27 March 2019 13h00 - 14h00 with Johnny Ryan, Chief Policy & Industry Relations Officer at Brave Policy Briefing Disrupt the Disruptors: Challenging the Online Advertising Business Model
Presentation to European Political Strategy Centre at the European Commission
How “real-time bidding” (RTB) ad auctions work.
Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
Presentation to European Political Strategy Centre at the European Commission
The Daily Bugle
The Daily Bugle ExchangeExchange Exchange Exchange
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
? ? The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ? ? ? ? ADVERTISEMENT ?
French regulator caught it with 68 million illegal RTB records. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
Presentation to European Political Strategy Centre at the European Commission
website.com This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server website.com Ad server javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP website.com Ad server javascript SSP javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange website.com Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Step 6. Exchange serves winning bid Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of data leakage Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
WHAT’S IN A BID REQUEST?
• What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. Personal data in bid requests *Depending on the version of “real time bidding” system
Presentation to European Political Strategy Centre at the European Commission
“broadcast”
HUNDREDS OF BILLIONS OF RTB BID REQUESTS, EVERY DAY. Index Exchange 50 billionii OpenX 60 billion+i Rubicon Project Unknown. Claims to reach 1 billion people’s devices.iii PubMatic 70 billion+iv Oath/AOL 90 billionv AppNexus 131 billionvi Smaato 214 billionvii Google DoubleClick Unknown. DoubleClick is the dominant exchange. i. “Tour IX’s Amsterdam and Frankfurt Data Centers”, Index Exchange, 2 July 2018 (URL: https:// www.indexexchange.com/tour-ix-amsterdam-frankfurt-data-centers/). ii. "OpenX Ad Exchange", OpenX (URL: https://www.openx.com/uk_en/products/ad-exchange/). iii. “Buyers”, Rubicon Project, (URL: https://rubiconproject.com/buyers/). iv. "How PubMatic Is Learning Machine Learning", PubMatic, 25 January 2019 (URL: https://pubmatic.com/ blog/learning-machine-learning/) v. "Maximize yield with Oath's publisher offerings", Oath, 3 April 2018 (URL: https://www.oath.com/insights/ maximize-yield-with-oath-s-publisher-offerings/) vi. 500 Billion / 29.6 = 18.6 billion impressions per day. Using AppNexus 1:11.5 ratio, this is 214 auctions per day. 500+ impressions figure cited in “Optimize your mobile strategy”, Smaato, (URL: https:// www.smaato.com/). vii. “Transacting at a peak of 11.4 billion daily impressions, our marketplace handles more traffic each day than Visa, Nasdaq, and the NYSE combined” at https://www.appnexus.com/sell. Note that in 2017, AppNexus said in “AppNexus Scales with DriveScale”, 2017, (URL: http://go.drivescale.com/rs/451-ESR-800/images/ DRV_Case_Study_AppNexus-final.v1.pdf) that 10.7 billion "impressions transacted" came as a result of running 123 billion auctions. The impressions transacted to auctions ratio appears to be roughly 1:11.5. Therefore, the 11.4 daily impressions reported in 2018 equates to 131 billion auctions per day. Leading RTB exchanges, daily bid request estimates
WHAT HAPPENS NEXT? Seriously. Where do my data end up?
Document: The EU’s proposed new cookie rules Author: IAB Europe Date: June 2017
Document: Pubvendors.json Author: IAB Tech Lab Date: May 2018 (This is the current text, live today)
Document: “Transparency & Consent Framework FAQ” Author: IAB Europe Date: 21 June 2018 (This is the current text, live today)
Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
WITHOUT SECURITY, TRANSPARENCY & ACCOUNTABILITY ARE IMPOSSIBLE.
EVERY ONLINE PERSON CAN BE PROFILED
MARKET CRISIS
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John
How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John John
Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John Worthy sites lose their unique audience, and feed a business model for the bottom of the Web. John
The Daily Bugle How RTB enables to steal from publishers and advertisers. fraudsters
The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot/// Fake How RTB enables to steal from publishers and advertisers. fraudsters
The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
Step 4. The Daily Bugle is paid €1 to show ad Step 7. De5troyTru5t.com is paid €0.01 to show ad to Bot The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
serve page request page request bid request segment request bid cookie to SSP deliver ad sync deliver segment sync ad request store data /// VisitorSiteSSPDSPDMPMarketer $ “Demand side” “Supply side” Ad Exchange
Buyer SellerDistribution Marketer $ DMP DSP Ad Exchange SSP Site MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB Extracts 70-55% of buyer’s media budget. Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud.
GOOD PUBLISHERS STARVE
How to fix this(an easy fix)
IAB OpenRTB Google Authorized Buyers
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
Personal data in bid requests • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. *Depending on the version of “real time bidding” system
• What you are reading, or watching, or listening to. • Categories of the content. • Your approximate location. • General description of your device. • Your approximate IP address. • Impression ID for buyer transparency. Non-Personal data in bid requests Person is in Etterbeek in Brussels. Reading an article about Tesla motors on TechCrunch. Using Safari on a Mac.
This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. -GDPR, Article 2 (1)
id ext value tagid event ext maxseq ext ext live osv utcoffset 4 (Audit Status Codes) 1 (Creative Attributes) 12 ( Creative Subtypes - Audio/Video) 3 (Display Placement Types) 28 (DOOH Venue Types) 500+ (DOOH Venue Types) 1 (Native Data Asset Types) 14 (Operating Systems) 3 (Playback Cessation Modes) adomain img len ssai ext type linear id venue srcrel hwv ext 5 (Audit Status Codes) 2 (Creative Attributes) 1 (Creative Subtypes - Display) 4 (Display Placement Types) 29 (DOOH Venue Types) 1 (Event Tracking Methods) 2 (Native Data Asset Types) 15 (Operating Systems) 1 (Playback Methods) bundle link type sdk w method boxing name fixed len h id 6 (Audit Status Codes) 3 (Creative Attributes) 2 (Creative Subtypes - Display) 500+ (Display Placement Types) 30 (DOOH Venue Types) 2 (Event Tracking Methods) 3 (Native Data Asset Types) 16 (Operating Systems) 2 (Playback Methods) iurl ext ext sdkver h api comp pub etime lang w name 500+ (Audit Status Codes) 4 (Creative Attributes) 3 (Creative Subtypes - Display) 1 (DOOH Venue Types) 31 (DOOH Venue Types) 500+ (Event Tracking Methods) 4 (Native Data Asset Types) 17 (Operating Systems) 3 (Playback Methods) cat link type reward wratio jstrk comptype content dpi embed ppi segment 1 (Category Taxonomies) 5 (Creative Attributes) 4 (Creative Subtypes - Display) 2 (DOOH Venue Types) 32 (DOOH Venue Types) 1 (Event Types) 5 (Native Data Asset Types) 18 (Operating Systems) 4 (Playback Methods) cattax asset method wlang hratio wjs ext domain ext producer pxratio ext 2 (Category Taxonomies) 6 (Creative Attributes) 1 (Delivery Methods) 3 (DOOH Venue Types) 33 (DOOH Venue Types) 2 (Event Types) 6 (Native Data Asset Types) 19 (Operating Systems) 5 (Playback Methods) lang ext api secure expdir pxtrk delay cat id data js id 3 (Category Taxonomies) 7 (Creative Attributes) 2 (Delivery Methods) 4 (DOOH Venue Types) 34 (DOOH Venue Types) 3 (Event Types) 7 (Native Data Asset Types) 20 (Operating Systems) 6 (Playback Methods) attr id url admx ext wpx skip sectcat name ext lang name 500+ (Category Taxonomies) 8 (Creative Attributes) 3 (Delivery Methods) 5 (DOOH Venue Types) 35 (DOOH Venue Types) 4 (Event Types) 8 (Native Data Asset Types) 21 (Operating Systems) 1 (Production Qualities) secure req cdata curlx asset ext skipmin pagecat domain id ip value 0 (Click Types) 9 (Creative Attributes) 1 (Device Types) 6 (DOOH Venue Types) 36 (DOOH Venue Types) 5 (Event Types) 9 (Native Data Asset Types) 22 (Operating Systems) 2 (Production Qualities) mrating title ext display ext ptype skipafter cattax cat name ipv6 ext 1 (Click Types) 10 (Creative Attributes) 2 (Device Types) 7 (DOOH Venue Types) 37 (DOOH Venue Types) 500+ (Event Types) 10 (Native Data Asset Types) 23 (Operating Systems) 3 (Production Qualities) init image mime video id pos playmethod privpolicy cattax domain xff coppa 2 (Click Types) 11 (Creative Attributes) 3 (Device Types) 8 (DOOH Venue Types) 38 (DOOH Venue Types) 1 (Expandable Directions) 11 (Native Data Asset Types) 24 (Operating Systems) 1 ( Size Units) lastmod video api audio req delay playend keywords ext cat iptr gdpr 3 (Click Types) 12 (Creative Attributes) 4 (Device Types) 9 (DOOH Venue Types) 39 (DOOH Venue Types) 2 (Expandable Directions) 12 (Native Data Asset Types) 25 (Operating Systems) 2 ( Size Units) display data ctype ext title skip feed page id cattax carrier ext 4 (Click Types) 13 (Creative Attributes) 5 (Device Types) 10 (DOOH Venue Types) 40 (DOOH Venue Types) 3 (Expandable Directions) 500+ (Native Data Asset Types) 26 (Operating Systems) 3 ( Size Units) video link dur pos img skipmin nvol ref episode ext mccmnc bcat 1 (Companion Types) 14 (Creative Attributes) 6 (Device Types) 11 (DOOH Venue Types) 41 (DOOH Venue Types) 4 (Expandable Directions) 1 ( Native Image Asset Types) 27 (Operating Systems) >0 (Start Delay Modes) audio ext adm instl video skipafter mime search title id mccmncsim cattax 2 (Companion Types) 15 (Creative Attributes) 7 (Device Types) 12 (DOOH Venue Types) 42 (DOOH Venue Types) 5 (Expandable Directions) 3 ( Native Image Asset Types) 28 (Operating Systems) 0 (Start Delay Modes) audit url curl topframe data playmethod api mobile series buyeruid contype badv 3 (Companion Types) 16 (Creative Attributes) 10 (Display Context Types) 13 (DOOH Venue Types) 43 (DOOH Venue Types) 1 (Feed Types) 500+ ( Native Image Asset Types) 500+ (Operating Systems) -1 (Start Delay Modes) ext urlfb ext ifrbust ext playend ctype amp season gender geofetch bapp 1 (Connection Types) 17 (Creative Attributes) 11 (Display Context Types) 14 (DOOH Venue Types) 44 (DOOH Venue Types) 2 (Feed Types) 0 (Operating Systems) 1 (Placement Positions) -2 (Start Delay Modes) mime trkr mime clktype len clktype mindur ext artist keywords geo battr 2 (Connection Types) 18 (Creative Attributes) 12 (Display Context Types) 15 (DOOH Venue Types) 45 (DOOH Venue Types) 3 (Feed Types) 1 (Operating Systems) 2 (Placement Positions) 0 (Volume Normalization Modes) api ext api ampren ext mime maxdur domain genre consent ext ext 3 (Connection Types) 500+ (Creative Attributes) 13 (Display Context Types) 16 (DOOH Venue Types) 46 (DOOH Venue Types) 1 (IP Location Services) 2 (Operating Systems) 3 (Placement Positions) 1 (Volume Normalization Modes) ctype text ctype ptype type api maxext cat album geo type 1 (API Frameworks) 4 (Connection Types) 1 ( Creative Subtypes - Audio/Video) 14 (Display Context Types) 17 (DOOH Venue Types) 47 (DOOH Venue Types) 2 (IP Location Services) 3 (Operating Systems) 4 (Placement Positions) 2 (Volume Normalization Modes) w len dur context mime ctype minbitr sectcat isrc data lat 2 (API Frameworks) 5 (Connection Types) 2 ( Creative Subtypes - Audio/Video) 15 (Display Context Types) 18 (DOOH Venue Types) 48 (DOOH Venue Types) 3 (IP Location Services) 4 (Operating Systems) 5 (Placement Positions) 3 (Volume Normalization Modes) h ext adm mime w w maxbitr pagecat url ext lon 3 (API Frameworks) 6 (Connection Types) 3 ( Creative Subtypes - Audio/Video) 20 (Display Context Types) 19 (DOOH Venue Types) 49 (DOOH Venue Types) 4 (IP Location Services) 5 (Operating Systems) 6 (Placement Positions) 4 (Volume Normalization Modes) wratio url curl api h h delivery cattax cat type accur 4 (API Frameworks) 7 (Connection Types) 4 ( Creative Subtypes - Audio/Video) 21 (Display Context Types) 20 (DOOH Venue Types) 50 (DOOH Venue Types) 1 (Linearity Modes) 6 (Operating Systems) 7 (Placement Positions) hratio w ext ctype wmin unit maxseq privpolicy cattax ua lastfix 5 (API Frameworks) 1 (Content Contexts) 5 ( Creative Subtypes - Audio/Video) 22 (Display Context Types) 21 (DOOH Venue Types) 51 (DOOH Venue Types) 2 (Linearity Modes) 7 (Operating Systems) 1 ( Placement Subtypes - Video) priv h status w hmin mindur comp keywords prodq ifa ipserv 6 (API Frameworks) 2 (Content Contexts) 6 ( Creative Subtypes - Audio/Video) 30 (Display Context Types) 22 (DOOH Venue Types) 52 (DOOH Venue Types) 1 (Location Types) 8 (Operating Systems) 2 ( Placement Subtypes - Video) adm type feedback h wratio maxdur comptype bundle context dnt country 7 (API Frameworks) 3 (Content Contexts) 7 ( Creative Subtypes - Audio/Video) 31 (Display Context Types) 23 (DOOH Venue Types) 53 (DOOH Venue Types) 2 (Location Types) 9 (Operating Systems) 3 ( Placement Subtypes - Video) curl ext init unit hratio maxext ext storeid rating lmt region 500+ (API Frameworks) 4 (Content Contexts) 8 ( Creative Subtypes - Audio/Video) 32 (Display Context Types) 24 (DOOH Venue Types) 54 (DOOH Venue Types) 3 (Location Types) 10 (Operating Systems) 4 ( Placement Subtypes - Video) banner adm lastmod priv ext minbitr id storeurl urating make metro 1 (Audit Status Codes) 5 (Content Contexts) 9 ( Creative Subtypes - Audio/Video) 500+ (Display Context Types) 25 (DOOH Venue Types) 55 (DOOH Venue Types) 1 (Media Ratings) 11 (Operating Systems) 5 ( Placement Subtypes - Video) native curl corr displayfmt type maxbitr vcm ver mrating model city 2 (Audit Status Codes) 6 (Content Contexts) 10 ( Creative Subtypes - Audio/Video) 1 (Display Placement Types) 26 (DOOH Venue Types) 56 (DOOH Venue Types) 2 (Media Ratings) 12 (Operating Systems) 1 (Playback Cessation Modes) event ext ext nativefmt len delivery display paid keywords os zip 3 (Audit Status Codes) 7 (Content Contexts) 11 ( Creative Subtypes - Audio/Video) 2 (Display Placement Types) 27 (DOOH Venue Types) 57 (DOOH Venue Types) 3 (Media Ratings) 13 (Operating Systems) 2 (Playback Cessation Modes) 4%
Buyer Seller Extracts 70-55% of buyer’s media budget. Distribution Marketer $ DMP DSP Ad Exchange SSP Site Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud. MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB
Buyer Seller Extracts much lower% of buyer’s media budget. Distribution Unique audience become immune to commodification and arbitrage. No opportunity for untrustworthy sites. Bot fraud reduced. Bot fraud opportunity reduced. MARKET OVERVIEW (POST-FIX) NON-PERSONAL DATA IN IAB / GOOGLE RTB Marketer $ DMP DSP Ad Exchange SSP Site
The Brave Model
Faraday
Powerful but private profiles. If you opt-in, the Brave Browser learns from everything you read, watch, and do. But no profile data ever leaves your device. We at Brave never receive it. Targeting happens on your device.
Today’s ad catalog is sent to the device. Browser user visits various websites
Today’s ad catalog is sent to the device. Brave Browser on the device selects an ad based on profile on the device. 15% of ad revenue goes to user. Browser user visits various websites
Today’s ad catalog is sent to the device. Brave Browser on the device selects an ad based on profile on the device. 15% of ad revenue goes to user. All websites are paid 70% of ad revenue at the end of the month. This can not be attributed to the user. Browser user visits various websites
Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform.
Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform. 2. In the GDPR review, define extent of a “purpose” 1. In ePrivacy trilogue, protect the prohibition against “cookie/tracking walls” Three requests… 3. DG Comp and EDPB enforce purpose limitation.
Ring-fenced data. Each purpose for which you use my personal data requires a separate legal basis Purpose limitation As easy to withdraw as it was to give, and can be withdrawn without detriment. Consent+ = Freedom The market of users will decide when to “break up" the companies, and when to “un-break” them up. Big tech companies “cross-use” personal user data from one part of their business to prop up others. This stifles competition and innovation. But, data protection law can be an anti-trust tool…
Data processing purposes involved (there are probably more) To display your posts on your Newsfeed To display posts on tagged friends’ Newsfeeds To display friends posts that tag you on your Newsfeed To identify untagged people in your posts To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make our Newsfeed more relevant to you. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make ads relevant to you. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, for advertising fraud prevention. Facebook example: Posting on the Newsfeed
Presentation to European Political Strategy Centre at the European Commission
johnny@brave.com @johnnyryan For updates, sign up to Brave Insights, a mailing list for analysts, researchers, and regulators at https://brave.us18.list-manage.com/subscribe?u=e38d85b519352e2b40c9b899e&id=4384bd4cba

More Related Content

PDF
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
Johnny Ryan
 
PDF
The Adtech Crisis and Disinformation
Johnny Ryan
 
PDF
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Johnny Ryan
 
PDF
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Johnny Ryan
 
PDF
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Johnny Ryan
 
PDF
Presentation to ANFO, Norwegian Advertisers Association
Johnny Ryan
 
PDF
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan
 
PDF
Discussion starter at Future of Privacy Forum in Washington, DC.
Johnny Ryan
 
See updated slidedeck at https://www.slideshare.net/JohnnyRyan/brief-for-worl...
Johnny Ryan
 
The Adtech Crisis and Disinformation
Johnny Ryan
 
Brief for World Federation of Advertisers Digital Executive Group, December 2018
Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Johnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Johnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Johnny Ryan
 

What's hot (14)

PDF
Presentation to FTC technology taskforce
Johnny Ryan
 
PDF
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Johnny Ryan
 
PDF
Briefing for World Federation of Advertisers Media Buyers
Johnny Ryan
 
PDF
Presentation at CPDP
Johnny Ryan
 
PDF
Presentation to world news publishers, November 2020
Johnny Ryan
 
PDF
Judiciary Committee Senate staffer briefing 8 September 2019
Johnny Ryan
 
PDF
Ofcom briefing
Johnny Ryan
 
PDF
Bmm aformationdigitale2014
BMMA - Belgian Management and Marketing Association
 
PDF
KliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi Group
 
PDF
Understanding Real-Time Bidding (RTB) From the Publisher Perspective
stephsfo
 
PPTX
Header bidding - Everything you need to know
Automatad Inc.
 
PPTX
An introduction to RTB in the UK
Royal Holloway, University of London
 
PDF
RCS Business Messaging
Value First
 
PPTX
How your favorite retailers make money out of analytics
Sridhar Bollam
 
Presentation to FTC technology taskforce
Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Johnny Ryan
 
Presentation at CPDP
Johnny Ryan
 
Presentation to world news publishers, November 2020
Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Johnny Ryan
 
Ofcom briefing
Johnny Ryan
 
Bmm aformationdigitale2014
BMMA - Belgian Management and Marketing Association
 
KliKKi ASX (TM) - The Next Generation Online Display Solution
KliKKi Group
 
Understanding Real-Time Bidding (RTB) From the Publisher Perspective
stephsfo
 
Header bidding - Everything you need to know
Automatad Inc.
 
An introduction to RTB in the UK
Royal Holloway, University of London
 
RCS Business Messaging
Value First
 
How your favorite retailers make money out of analytics
Sridhar Bollam
 
Ad

Similar to Presentation to European Political Strategy Centre at the European Commission (20)

PDF
Ethical digital marketing (Trinity College Dublin)
Johnny Ryan
 
PPTX
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
Karunakar Ravirala
 
PDF
ANTS Programmatic Agency - Credential
ANTS
 
PPTX
Progmmatic Buying
Centre for Digital Marketing & Communication
 
PDF
Welcome DSPs and RTB!
Conversion Thursday
 
PPTX
Overview RTB ecosystem
Digital Training Courses in Noida
 
PPTX
Overview RTB ecosystem
Dheeraj Agrawal
 
PDF
The Art & Science of Ad Optimization
Upsight
 
PDF
Deconstructing the In-App Bidding Landscape [White Paper]
PubNative
 
PDF
A Brief Introduction of Real-time Bidding Display Advertising and Evaluation ...
Jun Wang
 
PDF
Deck at GDPR Summit at Croke Park.
Johnny Ryan
 
PDF
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Marketing Festival
 
PDF
Digiday Programmatic Marketing Summit | PMG
Digiday
 
PDF
Programmatic Ad Mediation | Pavel Golubev
Jessica Tams
 
PPTX
Mobile RTB Advertising - Megamadz
megamadzKim
 
PDF
Marketing Attribution by Rockerbox
Rockerbox
 
PDF
The Art & Science of Optimization by Fuse Powered
Fuse Powered
 
PDF
MODERN CUSTOMER JOURNEY
Barry R. Bossier
 
PDF
Fast Data for Competitive Advantage: 4 Steps to Expand your Window of Opportu...
VoltDB
 
PDF
Thomvest Advertising Technology overview - Sept 2014
andrewtweed1
 
Ethical digital marketing (Trinity College Dublin)
Johnny Ryan
 
All about Programmatic buying(RTB), DSP,SSP, DMP & DCT - A complete digital ...
Karunakar Ravirala
 
ANTS Programmatic Agency - Credential
ANTS
 
Progmmatic Buying
Centre for Digital Marketing & Communication
 
Welcome DSPs and RTB!
Conversion Thursday
 
Overview RTB ecosystem
Digital Training Courses in Noida
 
Overview RTB ecosystem
Dheeraj Agrawal
 
The Art & Science of Ad Optimization
Upsight
 
Deconstructing the In-App Bidding Landscape [White Paper]
PubNative
 
A Brief Introduction of Real-time Bidding Display Advertising and Evaluation ...
Jun Wang
 
Deck at GDPR Summit at Croke Park.
Johnny Ryan
 
Jiří Malý - How to optimize RTB campaigns – current possibilities of the Czec...
Marketing Festival
 
Digiday Programmatic Marketing Summit | PMG
Digiday
 
Programmatic Ad Mediation | Pavel Golubev
Jessica Tams
 
Mobile RTB Advertising - Megamadz
megamadzKim
 
Marketing Attribution by Rockerbox
Rockerbox
 
The Art & Science of Optimization by Fuse Powered
Fuse Powered
 
MODERN CUSTOMER JOURNEY
Barry R. Bossier
 
Fast Data for Competitive Advantage: 4 Steps to Expand your Window of Opportu...
VoltDB
 
Thomvest Advertising Technology overview - Sept 2014
andrewtweed1
 
Ad

More from Johnny Ryan (13)

PDF
CPDP 2022
Johnny Ryan
 
PDF
Brief presentation to UCD 17 December 2020
Johnny Ryan
 
PDF
Kryptonite, neglected
Johnny Ryan
 
PDF
Brave2020報告書:データ保護当局の執行能力
Johnny Ryan
 
PDF
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Johnny Ryan
 
PDF
Purpose limitation in data protection law as a protection against "cascading ...
Johnny Ryan
 
PDF
IVIR summer school slides
Johnny Ryan
 
PDF
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Johnny Ryan
 
PDF
Talk to Norwegian CMOs about the folly of adtech
Johnny Ryan
 
PDF
Tech stole your audience. Take it back.
Johnny Ryan
 
PDF
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan
 
PDF
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
Johnny Ryan
 
PDF
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Johnny Ryan
 
CPDP 2022
Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Johnny Ryan
 
Kryptonite, neglected
Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Johnny Ryan
 
IVIR summer school slides
Johnny Ryan
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Johnny Ryan
 
Tech stole your audience. Take it back.
Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Johnny Ryan
 

Recently uploaded (20)

PPTX
PCCR-ROTC-UNIT-ORGANIZATIONAL-STRUCTURE-pptx-Copy (1).pptx
jayceebernardolachic
 
PPT
Quality Management Ssystem PPT - Introduction.ppt
RyeLozada
 
PPTX
GIS Presentarrrfdgdgdgtion (Intro) -.pptx
JefrilCuregSingunGui
 
PDF
2026 RMHC Terms & Conditions agreement - updated 8.1.25.pdf
Christian Home Educators of Colorado
 
PPTX
Inferenceahaiajaoaakakakakakakakakakakakakaka
Faiz975600
 
PPTX
AMO Pune Complete information and work profile
kaivalyakkale1612
 
PDF
PROJECT : Nirbighna----From भीड To भरोसा
Rishab Acharya
 
PPTX
DFARS Part 247 - Transportation - DFARS
JSchaus & Associates
 
PPTX
26.1.2025 venugopal K Awarded with commendation certificate.pptx
Venugopal Kodati
 
PDF
The Tenets of Mandanas-Garcia Ruling from the Supreme Court
balerptc
 
PPT
Adolescent Health Orientation and Health care
kaivalyakkale1612
 
PPTX
GSA Q+A Follow-Up To EO's, Requirements & Timelines
JSchaus & Associates
 
PDF
Abhay Bhutada and Other Visionary Leaders Reinventing Governance in India
Raj Kumble
 
DOCX
RRB Technician Syllabus for Technician Gr I Signal.docx
Sitamarhi Institute of Technology
 
PDF
ISO-9001-2015-gap-analysis-checklist-sample.pdf
WaqasBhutto1
 
PDF
Chemistry_Chemical_Reactions_and_Equations_Class_Notes_WARRIOR_SERIES Copy Co...
SUNILCHUG
 
PPTX
Chapter_12_Public_Enterprises_Presentation.pptx
JefrilCuregSingunGui
 
PDF
मुख्यमंत्राी सामूहिक विवाह कार्यक्रम, जनपद बाँदा
COLOURIMPRESSION
 
PDF
Beyond Free Rides: A Multi-State Assessment of Women's Bus Fare Subsidy Schem...
rheakaran2
 
PPTX
怎么办休斯敦大学维多利亚分校毕业证电子版成绩单办理|UHV在读证明信
ixajxoeq
 
PCCR-ROTC-UNIT-ORGANIZATIONAL-STRUCTURE-pptx-Copy (1).pptx
jayceebernardolachic
 
Quality Management Ssystem PPT - Introduction.ppt
RyeLozada
 
GIS Presentarrrfdgdgdgtion (Intro) -.pptx
JefrilCuregSingunGui
 
2026 RMHC Terms & Conditions agreement - updated 8.1.25.pdf
Christian Home Educators of Colorado
 
Inferenceahaiajaoaakakakakakakakakakakakakaka
Faiz975600
 
AMO Pune Complete information and work profile
kaivalyakkale1612
 
PROJECT : Nirbighna----From भीड To भरोसा
Rishab Acharya
 
DFARS Part 247 - Transportation - DFARS
JSchaus & Associates
 
26.1.2025 venugopal K Awarded with commendation certificate.pptx
Venugopal Kodati
 
The Tenets of Mandanas-Garcia Ruling from the Supreme Court
balerptc
 
Adolescent Health Orientation and Health care
kaivalyakkale1612
 
GSA Q+A Follow-Up To EO's, Requirements & Timelines
JSchaus & Associates
 
Abhay Bhutada and Other Visionary Leaders Reinventing Governance in India
Raj Kumble
 
RRB Technician Syllabus for Technician Gr I Signal.docx
Sitamarhi Institute of Technology
 
ISO-9001-2015-gap-analysis-checklist-sample.pdf
WaqasBhutto1
 
Chemistry_Chemical_Reactions_and_Equations_Class_Notes_WARRIOR_SERIES Copy Co...
SUNILCHUG
 
Chapter_12_Public_Enterprises_Presentation.pptx
JefrilCuregSingunGui
 
मुख्यमंत्राी सामूहिक विवाह कार्यक्रम, जनपद बाँदा
COLOURIMPRESSION
 
Beyond Free Rides: A Multi-State Assessment of Women's Bus Fare Subsidy Schem...
rheakaran2
 
怎么办休斯敦大学维多利亚分校毕业证电子版成绩单办理|UHV在读证明信
ixajxoeq
 

Presentation to European Political Strategy Centre at the European Commission

  • 1. 27 March 2019 13h00 - 14h00 with Johnny Ryan, Chief Policy & Industry Relations Officer at Brave Policy Briefing Disrupt the Disruptors: Challenging the Online Advertising Business Model
  • 3. How “real-time bidding” (RTB) ad auctions work.
  • 4. Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 5. Request segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 6. Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 7. Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 8. Serve page Request page Request segment Deliver segment Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 9. Serve page Request page Request segment Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 10. Serve page Request page Request segment Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 11. Serve page Request page Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 12. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 13. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 14. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 15. Serve page Request page Request bid Request segment Request bid Cookie to SSP Deliver ad Sync Deliver segment Sync Ad request Store data “Demand side” “Supply side” $ (one or many) (10s or 100s or 1000s?) /// VisitorSiteSupply-side platform (SSP) Demand-side platform (DSP) Data management platform (DMP) Marketer Ad Exchange
  • 22. French regulator caught it with 68 million illegal RTB records. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
  • 24. website.com This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 25. Ad server website.com Ad server javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 26. Ad server SSP Step 2. Ad server selects an SSP website.com Ad server javascript SSP javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 27. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange website.com Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 28. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  • 29. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 30. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 31. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Step 6. Exchange serves winning bid Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 32. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 33. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 34. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of data leakage Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  • 35. WHAT’S IN A BID REQUEST?
  • 36. • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. Personal data in bid requests *Depending on the version of “real time bidding” system
  • 39. HUNDREDS OF BILLIONS OF RTB BID REQUESTS, EVERY DAY. Index Exchange 50 billionii OpenX 60 billion+i Rubicon Project Unknown. Claims to reach 1 billion people’s devices.iii PubMatic 70 billion+iv Oath/AOL 90 billionv AppNexus 131 billionvi Smaato 214 billionvii Google DoubleClick Unknown. DoubleClick is the dominant exchange. i. “Tour IX’s Amsterdam and Frankfurt Data Centers”, Index Exchange, 2 July 2018 (URL: https:// www.indexexchange.com/tour-ix-amsterdam-frankfurt-data-centers/). ii. "OpenX Ad Exchange", OpenX (URL: https://www.openx.com/uk_en/products/ad-exchange/). iii. “Buyers”, Rubicon Project, (URL: https://rubiconproject.com/buyers/). iv. "How PubMatic Is Learning Machine Learning", PubMatic, 25 January 2019 (URL: https://pubmatic.com/ blog/learning-machine-learning/) v. "Maximize yield with Oath's publisher offerings", Oath, 3 April 2018 (URL: https://www.oath.com/insights/ maximize-yield-with-oath-s-publisher-offerings/) vi. 500 Billion / 29.6 = 18.6 billion impressions per day. Using AppNexus 1:11.5 ratio, this is 214 auctions per day. 500+ impressions figure cited in “Optimize your mobile strategy”, Smaato, (URL: https:// www.smaato.com/). vii. “Transacting at a peak of 11.4 billion daily impressions, our marketplace handles more traffic each day than Visa, Nasdaq, and the NYSE combined” at https://www.appnexus.com/sell. Note that in 2017, AppNexus said in “AppNexus Scales with DriveScale”, 2017, (URL: http://go.drivescale.com/rs/451-ESR-800/images/ DRV_Case_Study_AppNexus-final.v1.pdf) that 10.7 billion "impressions transacted" came as a result of running 123 billion auctions. The impressions transacted to auctions ratio appears to be roughly 1:11.5. Therefore, the 11.4 daily impressions reported in 2018 equates to 131 billion auctions per day. Leading RTB exchanges, daily bid request estimates
  • 41. Document: The EU’s proposed new cookie rules Author: IAB Europe Date: June 2017
  • 42. Document: Pubvendors.json Author: IAB Tech Lab Date: May 2018 (This is the current text, live today)
  • 43. Document: “Transparency & Consent Framework FAQ” Author: IAB Europe Date: 21 June 2018 (This is the current text, live today)
  • 44. Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
  • 45. Document: “Authorized Buyers Program Guidelines” Author: Google Date: 22 August 2018 (This is the current text, live today)
  • 49. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle
  • 50. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John
  • 51. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John John
  • 52. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about John John
  • 53. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  • 54. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  • 55. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John John
  • 56. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.01 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John Worthy sites lose their unique audience, and feed a business model for the bottom of the Web. John
  • 57. The Daily Bugle How RTB enables to steal from publishers and advertisers. fraudsters
  • 58. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 59. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot/// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 60. The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 61. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 62. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 63. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 64. Step 4. The Daily Bugle is paid €1 to show ad Step 7. De5troyTru5t.com is paid €0.01 to show ad to Bot The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  • 65. serve page request page request bid request segment request bid cookie to SSP deliver ad sync deliver segment sync ad request store data /// VisitorSiteSSPDSPDMPMarketer $ “Demand side” “Supply side” Ad Exchange
  • 66. Buyer SellerDistribution Marketer $ DMP DSP Ad Exchange SSP Site MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB Extracts 70-55% of buyer’s media budget. Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud.
  • 68. How to fix this(an easy fix)
  • 69. IAB OpenRTB Google Authorized Buyers
  • 74. Personal data in bid requests • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. *Depending on the version of “real time bidding” system
  • 75. • What you are reading, or watching, or listening to. • Categories of the content. • Your approximate location. • General description of your device. • Your approximate IP address. • Impression ID for buyer transparency. Non-Personal data in bid requests Person is in Etterbeek in Brussels. Reading an article about Tesla motors on TechCrunch. Using Safari on a Mac.
  • 76. This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. -GDPR, Article 2 (1)
  • 77. id ext value tagid event ext maxseq ext ext live osv utcoffset 4 (Audit Status Codes) 1 (Creative Attributes) 12 ( Creative Subtypes - Audio/Video) 3 (Display Placement Types) 28 (DOOH Venue Types) 500+ (DOOH Venue Types) 1 (Native Data Asset Types) 14 (Operating Systems) 3 (Playback Cessation Modes) adomain img len ssai ext type linear id venue srcrel hwv ext 5 (Audit Status Codes) 2 (Creative Attributes) 1 (Creative Subtypes - Display) 4 (Display Placement Types) 29 (DOOH Venue Types) 1 (Event Tracking Methods) 2 (Native Data Asset Types) 15 (Operating Systems) 1 (Playback Methods) bundle link type sdk w method boxing name fixed len h id 6 (Audit Status Codes) 3 (Creative Attributes) 2 (Creative Subtypes - Display) 500+ (Display Placement Types) 30 (DOOH Venue Types) 2 (Event Tracking Methods) 3 (Native Data Asset Types) 16 (Operating Systems) 2 (Playback Methods) iurl ext ext sdkver h api comp pub etime lang w name 500+ (Audit Status Codes) 4 (Creative Attributes) 3 (Creative Subtypes - Display) 1 (DOOH Venue Types) 31 (DOOH Venue Types) 500+ (Event Tracking Methods) 4 (Native Data Asset Types) 17 (Operating Systems) 3 (Playback Methods) cat link type reward wratio jstrk comptype content dpi embed ppi segment 1 (Category Taxonomies) 5 (Creative Attributes) 4 (Creative Subtypes - Display) 2 (DOOH Venue Types) 32 (DOOH Venue Types) 1 (Event Types) 5 (Native Data Asset Types) 18 (Operating Systems) 4 (Playback Methods) cattax asset method wlang hratio wjs ext domain ext producer pxratio ext 2 (Category Taxonomies) 6 (Creative Attributes) 1 (Delivery Methods) 3 (DOOH Venue Types) 33 (DOOH Venue Types) 2 (Event Types) 6 (Native Data Asset Types) 19 (Operating Systems) 5 (Playback Methods) lang ext api secure expdir pxtrk delay cat id data js id 3 (Category Taxonomies) 7 (Creative Attributes) 2 (Delivery Methods) 4 (DOOH Venue Types) 34 (DOOH Venue Types) 3 (Event Types) 7 (Native Data Asset Types) 20 (Operating Systems) 6 (Playback Methods) attr id url admx ext wpx skip sectcat name ext lang name 500+ (Category Taxonomies) 8 (Creative Attributes) 3 (Delivery Methods) 5 (DOOH Venue Types) 35 (DOOH Venue Types) 4 (Event Types) 8 (Native Data Asset Types) 21 (Operating Systems) 1 (Production Qualities) secure req cdata curlx asset ext skipmin pagecat domain id ip value 0 (Click Types) 9 (Creative Attributes) 1 (Device Types) 6 (DOOH Venue Types) 36 (DOOH Venue Types) 5 (Event Types) 9 (Native Data Asset Types) 22 (Operating Systems) 2 (Production Qualities) mrating title ext display ext ptype skipafter cattax cat name ipv6 ext 1 (Click Types) 10 (Creative Attributes) 2 (Device Types) 7 (DOOH Venue Types) 37 (DOOH Venue Types) 500+ (Event Types) 10 (Native Data Asset Types) 23 (Operating Systems) 3 (Production Qualities) init image mime video id pos playmethod privpolicy cattax domain xff coppa 2 (Click Types) 11 (Creative Attributes) 3 (Device Types) 8 (DOOH Venue Types) 38 (DOOH Venue Types) 1 (Expandable Directions) 11 (Native Data Asset Types) 24 (Operating Systems) 1 ( Size Units) lastmod video api audio req delay playend keywords ext cat iptr gdpr 3 (Click Types) 12 (Creative Attributes) 4 (Device Types) 9 (DOOH Venue Types) 39 (DOOH Venue Types) 2 (Expandable Directions) 12 (Native Data Asset Types) 25 (Operating Systems) 2 ( Size Units) display data ctype ext title skip feed page id cattax carrier ext 4 (Click Types) 13 (Creative Attributes) 5 (Device Types) 10 (DOOH Venue Types) 40 (DOOH Venue Types) 3 (Expandable Directions) 500+ (Native Data Asset Types) 26 (Operating Systems) 3 ( Size Units) video link dur pos img skipmin nvol ref episode ext mccmnc bcat 1 (Companion Types) 14 (Creative Attributes) 6 (Device Types) 11 (DOOH Venue Types) 41 (DOOH Venue Types) 4 (Expandable Directions) 1 ( Native Image Asset Types) 27 (Operating Systems) >0 (Start Delay Modes) audio ext adm instl video skipafter mime search title id mccmncsim cattax 2 (Companion Types) 15 (Creative Attributes) 7 (Device Types) 12 (DOOH Venue Types) 42 (DOOH Venue Types) 5 (Expandable Directions) 3 ( Native Image Asset Types) 28 (Operating Systems) 0 (Start Delay Modes) audit url curl topframe data playmethod api mobile series buyeruid contype badv 3 (Companion Types) 16 (Creative Attributes) 10 (Display Context Types) 13 (DOOH Venue Types) 43 (DOOH Venue Types) 1 (Feed Types) 500+ ( Native Image Asset Types) 500+ (Operating Systems) -1 (Start Delay Modes) ext urlfb ext ifrbust ext playend ctype amp season gender geofetch bapp 1 (Connection Types) 17 (Creative Attributes) 11 (Display Context Types) 14 (DOOH Venue Types) 44 (DOOH Venue Types) 2 (Feed Types) 0 (Operating Systems) 1 (Placement Positions) -2 (Start Delay Modes) mime trkr mime clktype len clktype mindur ext artist keywords geo battr 2 (Connection Types) 18 (Creative Attributes) 12 (Display Context Types) 15 (DOOH Venue Types) 45 (DOOH Venue Types) 3 (Feed Types) 1 (Operating Systems) 2 (Placement Positions) 0 (Volume Normalization Modes) api ext api ampren ext mime maxdur domain genre consent ext ext 3 (Connection Types) 500+ (Creative Attributes) 13 (Display Context Types) 16 (DOOH Venue Types) 46 (DOOH Venue Types) 1 (IP Location Services) 2 (Operating Systems) 3 (Placement Positions) 1 (Volume Normalization Modes) ctype text ctype ptype type api maxext cat album geo type 1 (API Frameworks) 4 (Connection Types) 1 ( Creative Subtypes - Audio/Video) 14 (Display Context Types) 17 (DOOH Venue Types) 47 (DOOH Venue Types) 2 (IP Location Services) 3 (Operating Systems) 4 (Placement Positions) 2 (Volume Normalization Modes) w len dur context mime ctype minbitr sectcat isrc data lat 2 (API Frameworks) 5 (Connection Types) 2 ( Creative Subtypes - Audio/Video) 15 (Display Context Types) 18 (DOOH Venue Types) 48 (DOOH Venue Types) 3 (IP Location Services) 4 (Operating Systems) 5 (Placement Positions) 3 (Volume Normalization Modes) h ext adm mime w w maxbitr pagecat url ext lon 3 (API Frameworks) 6 (Connection Types) 3 ( Creative Subtypes - Audio/Video) 20 (Display Context Types) 19 (DOOH Venue Types) 49 (DOOH Venue Types) 4 (IP Location Services) 5 (Operating Systems) 6 (Placement Positions) 4 (Volume Normalization Modes) wratio url curl api h h delivery cattax cat type accur 4 (API Frameworks) 7 (Connection Types) 4 ( Creative Subtypes - Audio/Video) 21 (Display Context Types) 20 (DOOH Venue Types) 50 (DOOH Venue Types) 1 (Linearity Modes) 6 (Operating Systems) 7 (Placement Positions) hratio w ext ctype wmin unit maxseq privpolicy cattax ua lastfix 5 (API Frameworks) 1 (Content Contexts) 5 ( Creative Subtypes - Audio/Video) 22 (Display Context Types) 21 (DOOH Venue Types) 51 (DOOH Venue Types) 2 (Linearity Modes) 7 (Operating Systems) 1 ( Placement Subtypes - Video) priv h status w hmin mindur comp keywords prodq ifa ipserv 6 (API Frameworks) 2 (Content Contexts) 6 ( Creative Subtypes - Audio/Video) 30 (Display Context Types) 22 (DOOH Venue Types) 52 (DOOH Venue Types) 1 (Location Types) 8 (Operating Systems) 2 ( Placement Subtypes - Video) adm type feedback h wratio maxdur comptype bundle context dnt country 7 (API Frameworks) 3 (Content Contexts) 7 ( Creative Subtypes - Audio/Video) 31 (Display Context Types) 23 (DOOH Venue Types) 53 (DOOH Venue Types) 2 (Location Types) 9 (Operating Systems) 3 ( Placement Subtypes - Video) curl ext init unit hratio maxext ext storeid rating lmt region 500+ (API Frameworks) 4 (Content Contexts) 8 ( Creative Subtypes - Audio/Video) 32 (Display Context Types) 24 (DOOH Venue Types) 54 (DOOH Venue Types) 3 (Location Types) 10 (Operating Systems) 4 ( Placement Subtypes - Video) banner adm lastmod priv ext minbitr id storeurl urating make metro 1 (Audit Status Codes) 5 (Content Contexts) 9 ( Creative Subtypes - Audio/Video) 500+ (Display Context Types) 25 (DOOH Venue Types) 55 (DOOH Venue Types) 1 (Media Ratings) 11 (Operating Systems) 5 ( Placement Subtypes - Video) native curl corr displayfmt type maxbitr vcm ver mrating model city 2 (Audit Status Codes) 6 (Content Contexts) 10 ( Creative Subtypes - Audio/Video) 1 (Display Placement Types) 26 (DOOH Venue Types) 56 (DOOH Venue Types) 2 (Media Ratings) 12 (Operating Systems) 1 (Playback Cessation Modes) event ext ext nativefmt len delivery display paid keywords os zip 3 (Audit Status Codes) 7 (Content Contexts) 11 ( Creative Subtypes - Audio/Video) 2 (Display Placement Types) 27 (DOOH Venue Types) 57 (DOOH Venue Types) 3 (Media Ratings) 13 (Operating Systems) 2 (Playback Cessation Modes) 4%
  • 78. Buyer Seller Extracts 70-55% of buyer’s media budget. Distribution Marketer $ DMP DSP Ad Exchange SSP Site Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud. MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB
  • 79. Buyer Seller Extracts much lower% of buyer’s media budget. Distribution Unique audience become immune to commodification and arbitrage. No opportunity for untrustworthy sites. Bot fraud reduced. Bot fraud opportunity reduced. MARKET OVERVIEW (POST-FIX) NON-PERSONAL DATA IN IAB / GOOGLE RTB Marketer $ DMP DSP Ad Exchange SSP Site
  • 82. Powerful but private profiles. If you opt-in, the Brave Browser learns from everything you read, watch, and do. But no profile data ever leaves your device. We at Brave never receive it. Targeting happens on your device.
  • 83. Today’s ad catalog is sent to the device. Browser user visits various websites
  • 84. Today’s ad catalog is sent to the device. Brave Browser on the device selects an ad based on profile on the device. 15% of ad revenue goes to user. Browser user visits various websites
  • 85. Today’s ad catalog is sent to the device. Brave Browser on the device selects an ad based on profile on the device. 15% of ad revenue goes to user. All websites are paid 70% of ad revenue at the end of the month. This can not be attributed to the user. Browser user visits various websites
  • 86. Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform.
  • 87. Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform. 2. In the GDPR review, define extent of a “purpose” 1. In ePrivacy trilogue, protect the prohibition against “cookie/tracking walls” Three requests… 3. DG Comp and EDPB enforce purpose limitation.
  • 88. Ring-fenced data. Each purpose for which you use my personal data requires a separate legal basis Purpose limitation As easy to withdraw as it was to give, and can be withdrawn without detriment. Consent+ = Freedom The market of users will decide when to “break up" the companies, and when to “un-break” them up. Big tech companies “cross-use” personal user data from one part of their business to prop up others. This stifles competition and innovation. But, data protection law can be an anti-trust tool…
  • 89. Data processing purposes involved (there are probably more) To display your posts on your Newsfeed To display posts on tagged friends’ Newsfeeds To display friends posts that tag you on your Newsfeed To identify untagged people in your posts To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make our Newsfeed more relevant to you. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, to make ads relevant to you. To record your reaction to posts to refine future content for you, which may include ethnicity, politics, sexuality, etc…, for advertising fraud prevention. Facebook example: Posting on the Newsfeed
  • 91. [email protected] @johnnyryan For updates, sign up to Brave Insights, a mailing list for analysts, researchers, and regulators at https://brave.us18.list-manage.com/subscribe?u=e38d85b519352e2b40c9b899e&id=4384bd4cba