The problem of data leakage is one often not well known or understood by publishers. Therefore, addressing data leakage is rarely prioritized. This particularly true if the pressure to monetize their inventory is high and resource is limited. But what does data leakage mean? And are there ways publishers can protect their data from leaking? It’s crucial that publishers learn more about this problem and about the solutions available that help prevent it.

Data leakage typically occurs when a brand, agency, or ad tech company collects data about a website’s audience and subsequently uses that data without the initial publisher’s permission. The core concern with data leakage is that it causes a publisher’s ad inventory to depreciate in value. If bad actors collect data about a publisher’s users, they can use this information to target these users elsewhere — potentially on cheaper inventory. In other words, programmatic spend is diverted from the original publisher. This results in a reduction in demand and, therefore, a lower yield.

Data leakage can happen transparently with the publisher’s knowledge or consent. For example, a company might request that a publisher install code on their page that allows data to be gathered about their users in exchange for something else such as a minimum spend commitment. In some cases, this might be considered a commercially worthwhile proposition providing the appropriate regulations are complied with.

More frequently, however, data leakage does not happen transparently. In the context of programmatic, this usually occurs when publishers choose to work with numerous technology partners in an effort to maximize revenue and yield. There frequently a correlation between the number of partners a publisher chooses to work with and the risk of data leakage.

How data leakage happens

There are a few ways data leakage can happen:

Open RTB bid requests

Data leakage can occur when Supply Side Platforms send bid requests to Demand Side Platforms via using the OpenRTB protocol. This contains a wealth of information about the user, the content they are consuming, the device they are using, their cookie id, where they are located to mention a few. (See the Site, App, User, Publisher, Content Objects). Much of this is information integral to the programmatic auction process. However, it could be used to profile users and target them elsewhere. How much this actually happens is unclear. It may even occur unintentionally by machine learning, bidding algorithms.

Cookie syncing or tracking pixels

Data leakage can also happen when a third party gets access to a publisher’s page either via cookie syncing or a tracking pixel. A pixel is an invisible piece of code that marketers or ad tech platforms use to track users, apply campaign strategies such as frequency capping and monitor performance. Pixels can also collect information about a publisher’s audience. Unfortunately, that can be used to enable the targeting of those users elsewhere.

Today, the vast majority of players in the programmatic digital supply chain are reliant on third-party cookies for user identification and for campaign targeting, optimization, measurement, and attribution. Cookie synchronization is a process that is required to communicate user identity between platforms.

The problem of data leakage arises when platforms that publishers work with give other platforms that have no direct relationship with the publisher access to the page to cookie their users. That platform is then able to build user profiles, which allows them to reach that audience elsewhere without having to buy any media on the original publisher.

How to ensure your data is protected

One way to prevent data leakage is for advertisers, agencies, ad tech companies and publishers to have legal contracts that stipulate who owns what data and how other parties can use it. You might be protected contractually. But how do you monitor and enforce these contractual obligations in practice?

Publishers can also leverage tools that track which platforms are dropping unnecessary pixels or bringing unwanted data collectors. These tools can be used to undertake periodic audits to identify where data leakage is happening. Alongside, publishers should implement policies and practices to qualify, monitor and deal with bad actors.

How to balance the risk and rewards

It is important that publishers find the balance between a closed, safe environment and a risky but sustainable monetization strategy.

With the impending “cookie apocalypse,” publishers are already opting to work with identity providers that are not reliant on third-party cookies to ensure they maintain a healthy programmatic revenue stream and protect themselves from data leakage. Next-generation identity solutions provide a foundation for user identification, which is fundamental to campaign targeting, optimization, measurement and attribution. They also offer new safer mechanisms and tools that limit the amount of data leakage.

When choosing a provider, check that they have built mechanisms that will only assign your users an identifier if they have consent to do so and only share those identifiers with the platforms you have authorized. Finding the right identity provider today can help you prevent data leakage, respect consumer preferences and local privacy regulations while facilitating sustainable monetization.