Data Leaks In Ad Supply Chain To Wreak Havoc On GDPR Compliance

Data leaks have been around for years, but publishers and those supporting the data industry have not paid much attention to the problem until Europe's May 2018 General Data Protection Regulation (GDPR) deadline created a major challenge.

An ad quality report for publishers from Ad Lightning, the Seattle-based ad-tech company focused on programmatic, released Monday ,shows that data leaks are worse than previously thought. And this is longer a side effect of automated and data-driven advertising. It has becoming a business threat and a big problem leading up to the GDPR deadline.

Getting a grip on data leaks is critical as publishers prepare to adhere to the GDPR. Even in the United States, publishers, with European traffic will be required to disclose all of the third parties that capture specific user data from their site. 

For this report, Ad Lightning analyzed and referenced data from a random sample of 1.8 million ad creatives served across 125 high-traffic public websites in fall 2017.



The report takes a look at the cause and magnitude of data leaks and the impact on business. By the time a programmatic appears on a publisher's site, it has been weighted down, which means it slows site performance, with dozens of network requests -- and half of them have nothing to do with delivering that ad.

This emphasizes the need to craft a policy around controlling access to audience data, which could mean prohibiting advertisers from dropping cookies on publisher's sites visitors. Another option is to create a whitelist.

Forty-nine percent of an ad's network requests are unrelated to ad delivery. And 43 is the average number of network requests per programmatic ad impression. A downside is about 20% of those requests transmit the publishers’ audience and demographic data to many of the companies in their supply chain. Once that data is shared, brands, DSPs, ad networks and others can use the data to target and retarget those users for a lower price through thousands of other websites.

There are three primary types of ad-based network requests, but sync requests are primarily responsible for the data leakage.

Sync Requests share data from user cookies, dropped into a user's browser when visiting a website. The data is initially used for ad targeting, but contains lots of valuable information about the specific user. This is where the leak occurs, according to the report.

There are about 43 network requests associated with a typical programmatic ad. The average web page makes about 172 networks requests to serve an advertisement. The average number of sync requests for one webpage is 32. There are about 12, on average, domains receiving networks requests per ad impression and of those companies 51% are ad servers and CDNs, 26% are SSPs, exchanges and networks, 18% are measurement and verification vendors, and 5% are DSPs and DMPs.

Next story loading loading..