Home Privacy Why This European Identity Company Deleted All Of Its Data And Started Over

Why This European Identity Company Deleted All Of Its Data And Started Over

SHARE:
rebuilding
Nation rebuilding concept. Hands fixing fallen building blocks.

In March 2018, with three months to go before GDPR went into effect, cross-device provider Drawbridge (pre-LinkedIn) discontinued its EU media and advertising business.

Roughly a year later, Oracle Data Cloud shut down its AddThis audience business in Europe rather than expose itself to the risk of potentially selling third-party audience data collected without the proper consent.

And in August 2021, Experian-owned Tapad exited its European business after seven years in the region. (Although Tapad was insistent that its departure from the market was purely a business decision.)

Roq.ad, however, had no such “luxury.”

Ctrl+Alt+Del

As a European identity solutions provider that was focused mainly on the DACH region (Germany, Austria and Switzerland) at the time – the company has since made inroads in North America – but exiting Europe wasn’t really an option for Roq.ad.

“We had to deal with GDPR head-on – there was no other way to service the client,” said Kevin Mullen, Roq.ad’s chief product and strategy officer. (Mullen previously led Drawbridge’s international business before joining Roq.ad in early 2020.)

And so, in late May 2019, one year after GDPR went into effect, Roq.ad decided to delete all of its data and rebuild its cross-device graph from scratch to make sure it only dealt in consented data as defined by the law.

“We dumped all of the connections to our various customers just to be safe,” Mullen said, “and it was a notably disruptive process.”

And that’s because Roq.ad’s whole business is about making connections.

Roq.ad’s main product is a probabilistic identity graph that uses machine learning to analyze large volumes of data – dozens of terabytes worth per day. Roq.ad then makes connections between online identifiers so that it can predict profiles and behaviors.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Most of Roq.ad’s customers are ad tech companies and data platforms, including Lotame, ShareThis, Eyeota and WPP’s Choreograph, which use Roq.ad to help enrich customer data with probabilistic insights.

Revving back up

As it rebuilt its graph, Roq.ad set a policy to only rely on consented data processed using IAB Europe’s Transparency and Consent Framework (TCF).

“We decided to not only verify TCF consent for ourselves but to also verify consent for our customers,” Mullen said. “When data points come in, we check to make sure we can use them for our graph and to support the companies that are subscribers to our graph.”

Although Roq.ad was able to get its identity graph back up and running in roughly 30 days, it took more than three months to rebuild its matching tables and a year to fully recover in terms of scale.

During the time its graph was out of commission, Roq.ad was still able to do business through its demand-side platform. (Roq.ad subsequently sold its DSP business to a small German programmatic agency called Königsteiner Digital, a move not unlike when Tapad offloaded its media business to Brand Networks in early 2018 and Drawbridge’s sale of its US media business to Gimbal later that same year.)

Although making a fresh start wasn’t without pain, redoing the cross-device graph was ultimately worth it, Mullen said.

“Privacy is an important topic for our customers, and the TCF comes up for every deal we do for European data,” Mullen said. “It’s also becoming a bigger topic in North America, since we have five states coming online with privacy laws at the beginning of next year.”

TCF turmoil

Which is all well and good, but there’s a Belgian elephant in the room (so to speak).

In February, the Belgian Data Protection Authority (APD) ruled that, in its current form, the TCF is in violation of the GDPR. In September, IAB Europe submitted an action plan for a revised TCF framework, which the APD is reviewing despite IAB Europe’s contention – and a recent ruling by Belgium’s court of appeals – that the APD’s original decision about the TCF is illegal. (Oh, the drama.)

With all that sturm und drang swirling and open questions looming about the TCF’s future, one might wonder if Roq.ad (which, it should be mentioned, is a member of the TCF steering committee) might eventually have to rebuild its graph a second time, depending on how the situation in Belgium shakes out.

Mullen admits that he was “really scared” six to seven months ago about the status of the TCF, but he’s more bullish now.

For one, he said, the APD’s complaint doesn’t appear to take issue with the concept behind the TCF, but rather the details of how it’s being implemented. And secondly, the APD’s point is that the TCF needs to use clearer, more consumer-friendly language. “A fair criticism and also doable,” Mullen said.

“I predict that by some point next year we’re going to have a TCF version 3.0 that’s been blessed by the Belgian Data Protection Authority,” he said.

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.