Tech companies organize two efforts to support personal data management — both called Open GDPR
Though unrelated, the initiatives reflect some of the ways the ad and marketing industry is organizing itself around its personal data responsibilities.
The upcoming General Data Protection Regulation (GDPR) is beginning to remake the landscape for marketing and advertising by encouraging inventive new open-source alliances.
Two of them affecting this space have emerged in the last few weeks — and, although unrelated, they’re both called Open GDPR.
The OpenGDPR framework was announced late last week by its four founding members: customer data platform mParticle; mobile attribution/analytics provider AppsFlyer; mobile marketing firm Braze (previously known as Appboy); and analytics firm Amplitude.
The framework offers a public API spec and a set of best practices centered around requesting — and acknowledging the request — for personal data. Since a big part of GDPR is the ability for consumers to access, erase or move their personal data, data-holding companies need to be able to request that other vendors in their ecosystem also fulfill the request.
The new framework is an attempt to provide for a common data subject request management, and mParticle CMO David Spitz told me the joint effort may expand at some point to include other common specs for personal data exchanges, such as for consent.
The central problem here, he told me, is that GDPR “is bigger than any one company.”
mParticle’s head of EMEA, Tim Norris, added that nearly two dozen tech companies and brands are “waiting in the wings” to join the effort. But a company doesn’t have to join the alliance in order to use its API.
This OpenGDPR framework is not related to the Open-GDPR open-source platform announced earlier this year by the recently formed AdLedger Consortium.
The Consortium was founded last year by 29 companies involved in ad tech, including comScore, the IAB Tech Lab, IBM, MadHive, NYIAX and SpotX. Its purpose is to employ the blockchain protocol to support a peer-to-peer decentralized network to address some key issues in digital advertising, including transparency, supply chain inefficiency, data security and portability.
The Open-GDPR platform is the first effort of the Consortium, and it will cryptographically store data on a company’s private instance of the blockchain, to serve as a permanent audit trail for managing privacy rights.
Interestingly, the Open-GDPR blockchain’s initial use case is one also addressed as part of the other OpenGDPR: a user’s request to be forgotten. While the other OpenGDPR is specifying the data request framework, this one will provide immutable proof that a given company has complied with the request if it is audited.