search

prebid / prebid-server

Open-source solution for running real-time advertising auctions in the cloud.
https://prebid.org/product-suite/prebid-server/
Apache License 2.0
434 stars 742 forks source link

Privacy enhancement: make anonymization more consistent #2789

Open bretg opened 1 year ago

bretg commented 1 year ago

The original definition of the transmitUfpd activity control did not contain user.id. I don't think that ID is common at all, but it's been added to the doc.

This got me to looking across the various privacy features. I think it's worth discussing several potential enhancements:

  1. GDPR - Purpose 4 (personalized ads) is mentioned early in the document, but then not mentioned again. I think we should consider enhancing the existing GDPR feature:
    1. If GDPR is in-scope and there's no consent for P4, User First Party Data should be removed from the request: everything listed in the transmitUfpd activity except user.eids.
  2. COPPA: enhance anonymization to remove user.ext.data, user.data, and user.eids.
  3. CCPA/USP: no changes since it's about to be eclipsed by USNat
  4. These are the anonymization activities. The goal is that all privacy anonymization does the same for each:
    1. EIDs - remove user.eids
    2. Device IDs - remove user.buyeruid, user.id, user.ext.eids, user.eids, user.ext.digitrust, device.ifa, device.macsha1, device.macmd5, device.dpidsha1, device.dpidmd5, device.didsha1, and device.didmd5
    3. UFPD - user.data, user.ext.data, user.yob, user.gender, user.keywords, user.kwarray
    4. Geo - rounding of IP and lat/long for both device.geo and user.geo
      1. IPv4: replace the last octet with .0
      2. IPv6: See https://docs.prebid.org/prebid-server/features/pbs-privacy.html#anonymizing-ipv6-addresses
      3. lat/long: reduce the number of decimal places to 2

Need to review this proposal with Prebid's legal counsel.

SyntaxNode commented 1 year ago

Discussed in Backlog Grooming. This proposal sounds good.

@patmmccann agrees from a publisher perspective.

For item 3, PBS-Go uses common code for all privacy policy information removal. As such, this will include removing user.ext.data, user.data, and user.eids for CCPA/USP. PBS-Java doesn't need to match and can leave CCPA/USP behavior alone if preferred / easier to implement.

SyntaxNode commented 1 year ago

Keeping in "Needs Requirement" status until approval by Prebid Legal Counsel.

bretg commented 1 year ago

Detailed requirements:

GDPR Updates

GDPR docs updated, changes highlighted:

  1. https://docs.google.com/document/d/1g0zAYc_EfqyilKD8N2qQ47uz0hdahY-t8vfb-vxZL5w/edit
  2. https://docs.google.com/document/d/1fBRaodKifv1pYsWY3ia-9K96VHUjd8kKvxZlOsozm8E/edit

Points:

COPPA Updates

Enhance anonymization:

  1. remove UFPD: user.ext.data, user.data, user.yob, user.gender, user.keywords, and user.kwarray
  2. remove additional IDs: user.eids, user.ext.eids
  3. remove additional geo fields: make sure we're removing the geo fields from both device.geo and user.geo.
bretg commented 1 year ago

Discussed whether GDPR Purpose 4 should be enabled by default. PBS will align with what PBJS and Prebid Publishers come up with.

bretg commented 1 year ago

The decision for PBJS was to not enable enforcement of P4 by default for a transition period.