In order to help them do so, ad tech pioneer MadHive has released a blockchain-based solution for GDPR data management.
“The Open-GDPR platform, when installed, will be
able to cryptographically store data and protect companies from violating GDPR
sanctions,” said Stacy Huggins, co-founder and CMO of MadHive. “The
Open-GDPR platform uses blockchain as an audit trail to manage the new privacy
Privacy and Data Protection Requirements
The GDPR, which the European Union approved in
2016 and takes effect in 2018, regulates how data and user information of all
kinds are stored, shared and processed. Although the GDPR is an EU law, it has
truly global implications because it applies to any organization that operates
in, uses technology located in or engages the citizens of the EU.
Among the GDPR’s main rules is a requirement
for entities that handle or control private data, or rely on other companies to
perform those tasks for them, to adopt processes that are both “private by
design” and that protect data “by default”. The GDPR also requires that
organizations provide EU citizens, upon request, an explanation of how data-driven
algorithms have been used to make decisions about them.
According to the GDPR website, “Under the new
regulation, data subjects have the right to access their data and be provided
with how it is being used.”
With the right to be forgotten, a data subject
can request that a company erase their personal information, and in some cases,
halt dissemination of their data with third parties. With MadHive’s Open-GDPR
solve, data management can be tracked and verified by issuing cryptographic
keys and writing digital signatures (hashes) to a blockchain.
Privacy Regulations and the Ad Industry
The GDPR applies to all industries, but it
creates particular challenges for advertisers, because the ad industry has
traditionally not processed data in ways that are private by design or that
protect data by default.
Typically, advertisers work with third parties
to manage data and to build targeting segments.
This creates potential problems for GDPR
compliance, because there is always a threat of data leakage which makes the
chain of custody virtually impossible to track. When user data is collected and
managed by a third party, advertisers have no way of ensuring that the data is
managed and protected in ways that comply with the GDPR. Nor can advertisers
explain to individuals how data was used to deliver ads to them, because only
third parties will have access to that information.
The fact that advertisers do not work directly
with private data does not make them exempt from GDPR requirements. The GDPR
data privacy and protection regulations apply to organizations that outsource
data management operations to third parties, even if those third-party
processors are not based within the EU.
One solution to this compliance challenge is
for advertisers to ensure that data management platforms meet the GDPR
regulations. However, GDPR compliance problems are not the only deep-seated
challenges for the traditional advertising industry. Therefore, rather than
attempting to modify the current process to make it GDPR-compliant, adding the
use of a data chain of custody is a cost-effective solution.
Blockchains to Solve Compliance Challenges and Save Money
This is where blockchain technology comes in.
Using the blockchain, details about user data and its role in driving ad
placement can be recorded on a distributed ledger, rather than placed in the
centralized hands of an ad server or a data management platform. Because the
distributed ledger is accessible to everyone, users will be able to help themselves
to the audit trail to see who has the cryptographic keys to access certain data
“The blockchain records the immutable fact
that a company complied with the request and has revoked third-party access to
the data in addition to removing the subject’s data from their own database,”
said MadHive CEO Adam Helfgott. “Companies will be protected against fines by
querying a blockchain to prove their compliance, if audited.”
This approach will greatly reduce the
reporting burden on advertisers. It will also eliminate compliance issues
resulting from the outsourcing of ad placement to third-party organizations
whose privacy and data protection practices may not comply with the GDPR.
Last but not least, blockchain-based ad
placement will significantly improve cost margins for advertisers and
publishers alike. The latter stand to enjoy a larger share of advertising
revenue due to more transparency in the supply chain eliminating common