Unified ID 2.0 faces roadblocks in Europe due to GDPR

Unified ID 2.0 testing could have a serious problem in Europe.

Although beta testing of UID2 in the United States and Canada is already well advanced, several sources tell AdExchanger that The Trade Desk is struggling to find an independent administrator to govern and monitor the use of UID2 in territories where GDPR is the law of the country.

This admin would most likely be responsible for any breach of GDPR, a heavy liability that scares potential admins.

UID2 is an industry initiative originally led by The Trade Desk that aims to replace third-party cookies with hashed and encrypted email IDs.

But it is not known who will act as data controller and who will act as data processor in the management and use of UID2 identifiers. Until this is resolved, UID2 testing is anchored in Europe.

Google hit a similar hurdle in March during the first round of original trials for its federated cohort learning proposal in the Privacy Sandbox. FLoC tests have still not started in the European market.

The Trade Desk disputed that the UID2 European roadblock was blocked and noted that it was working to comply with the GDPR. “Everything is progressing as planned,” said a spokesperson for the Trade Desk.

Partner issues

The fight is real.

An advertising technology company based in Europe told AdExchanger that it had not been able to participate in the UID2 testing phase in the United States because the company is based and operates most of its business in the United States. European Union.

This company was then approached by The Trade Desk to serve as operator for the initiative in Europe. He declined the opportunity and did not receive an update from the Trade Desk on the next steps in potential UID2 testing in Europe.

But there is no doubt that the Trade Desk wants to know how to launch the tests in the EU.

At a meeting of the IAB Europe third-party cookie working group earlier this year, a representative from the Trade Desk said it was a priority to find a way to make the ID compatible with the GDPR. If it is unable to do so, the Trade Desk will consider the whole initiative to be a failure.

Europe is an important market and any third-party cookie replacements should work there. Digital ad spend is expected to reach $ 91.44 billion in Western Europe by 2025, according to Magna Global.

Processors and controllers

But what exactly is the problem with GDPR?

Under the GDPR, a controller is defined as a person or entity who determines the purposes and means of processing personal data.

Data processors and data controllers are legally responsible for any challenges related to processing activities that violate the GDPR (although the controllers bear the greatest responsibility).

It is a big question of who would want to take on this responsibility, especially given an imminent draft decision by the Belgian data protection authority which will likely consider the conceptual and transparency framework of IAB Europe as a GDPR violation.

If consent strings are invalidated, for example, it’s unclear exactly how permissions collected through OpenPass will be shared between publishers and ad technology partners. OpenPass is the single sign-on solution designed to serve as a consumer consent collection mechanism for UID2.

Will you be my administrator?

The UID2 design protocol uses three main support functions: several independent operators, auditors and an administrator.

An operator’s job is to issue the UIDs themselves, host the underlying software, and generally ensure that the IDs are working properly. Prebid.org signed on as the first operator earlier this year.

But the role of administrator is much more difficult to fulfill.

The tasks of an administrator are to serve as a centralized database to manage access to the UID2 partner ecosystem. One of its main responsibilities will be to distribute email encryption keys to operators and decryption keys to participating platforms on the demand side. The administrator will also take care of sending user unsubscriptions to Unified ID 2.0 operators and DSPs.

As one executive from a European ad technology company said, asking to remain anonymous, “There’s a hell of a lot of potential liability out there – and who wants that? “

The IAB Tech Lab reported support for UID2 earlier this year, but it has yet to officially volunteer to serve as an administrator.

Bill Michels, chief product officer of The Trade Desk, told Digiday over the summer that The Trade Desk remains the sole administrator of the initiative, although he is looking at other entities that could take on the task.

Although The Trade Desk officially committed the full open source codebase for UID2 to the Partnership for Responsible Addressable Media in May, the company is still deeply involved in facilitating the testing process and building partnerships to support the initiative. .

The Trade Desk has stated publicly at events and in several webinars that it is working with EU bodies to find ways to make UID2 GDPR compliant.

A Trade Desk spokesperson told AdExchanger that The Trade Desk is working with partners and organizations around the world on the regional rollout of UID2, including the recent beta launch in Canada.

About Leah Albert

Check Also

Continue or heal? Suspension of swap payments following an event of default may not be unlimited | Hogan Lovells

Background The decision of the High Court (The joint administrators of Lehman Brothers International (Europe) …