Privacy implications of using alternate ids in contextual bid requests

[kamalonly]

It seems that publishers and SSPs will still have the capability to pass alternate identifiers, such as ramp ID or ID5, within the contextual bid requests during PA auctions. With these user-level signals available, it becomes possible to gather cross-site data and use it even within PA auctions (in contextual bid request). Doesn't this, to some extent, contradict the intent of protecting user privacy?

[michaelkleber]

The Protected Audience API is making it possible for ad tech to show ads chosen based on some cross-site data without needing any cross-site ID.

If a person browsing the web has volunteered some cross-site identifying information to the publisher site — and the person doesn't mind that information being used for ads relevance purposes — then that information could also be proactively shared by the publisher with ad tech, and could influence ad selection. This could happen entirely in parallel with PA's cross-site identity protecting approach.

Of course, we want developers to choose PA, and in doing so for there to be less incentive to collect the kind of cross-site signals you bring up! And there are many other trends in the world that likewise encourage more privacy-focused behavior by website owners.

[dmdabbs]

As I understand Protected Audiences's construction, data available in the IG joining site context, whether it is site-specific or "cross site," may be used in the interest group, such as in "trusted bidding signals keys" or in other mechanisms, precisely because PA guards against that data being joined to data from other contexts.