IP Geolocation granularity impacts regulatory and contractual use cases

[smhendrickson]

In addition to the targeting use cases described in #20, IP Geolocation may also be used for regulatory and contractual requirements. Will the Geo granularity described create any anticipated difficulties in meeting regulatory needs?

[dmdabbs]

For regulatory, e.g. GDPR (and other national-level regimes) or CPRA (and other state/region regimes), the mapped values must have fidelity to the actual country/region values.

[smhendrickson]

Do you know of any definitions for the "fidelity" you're referring to? If there are any, we may be able to create an SLO for country/region mapping accuracy.

[dmdabbs]

For determining whether GDPR (or other country-grained regulation) applies when processing an online request, one would want the mapped Geo country to accurately reflect the actual country. Geoinfo is useless for determining whether some regulation applies unless one has a high confidence in the data. The major geoip vendors offer this. For example, Digital Element claims to offer "99.99% at a country level, 98%+ at a regional level, and 97%+ at a city level – globally." I am not aware of any regulations at a scope smaller than region (state), so noising City or subsidiary divisions doesn't present an issue for regulatory.

[patmmccann]

It must be possible for cmps, publishers, and advertising exchanges to determine state in the united states and province in Canada. Quebec, California, Utah, Connecticut, Colorado, and Virginia all have legislation dealing with the right to opt out of targeted advertising. It is difficult to imagine fledge auctions, for example, absent state-specific consent strings being seller signals. See https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform and https://www.iab.com/guidelines/how-the-iab-multi-state-privacy-agreement-can-help-advertisers-meet-their-2023-privacy-challenges/

[miketaylr]

Closing and locking in favor of https://github.com/GoogleChrome/ip-protection/issues/2