User Rights Propagation
Summary
This document details ID5's process for disseminating user opt-out and data deletion requests to its partners. As part of ID5's ongoing commitment to robust privacy practices, this system ensures that when users exercise their right to opt-out or request data deletion from ID5, these choices are efficiently communicated. The mechanism involves securely transferring lists of affected ID5 IDs to partners via dedicated S3 buckets. This enables partners to honor these requests in a timely manner, aligning with regulatory expectations and reinforcing user trust.
Background
In the digital advertising ecosystem, respecting user privacy choices is paramount. ID5's opt-out propagation initiative is a critical function designed to uphold these principles. When an individual interacts with ID5 and chooses to opt-out of data processing or requests the deletion of their data, ID5 initiates a process to ensure this preference is communicated downstream. This "streaming" of opt-out and deletion information is fundamental to ensuring that partners who receive ID5 data can also comply with user requests and meet their own regulatory obligations under frameworks such as GDPR, CCPA, and others. The process is designed to be reliable and consistent, providing partners with the necessary information to take appropriate action.
Propagation Details
Data Transfer: A list of ID5 IDs for users who have opted out or requested data deletion is pushed to preconfigured S3 buckets.
Frequency: This data is updated every 30 minutes on a rolling basis, ensuring partners receive timely information.
Data Window: Each update contains a consolidated list of ID5 IDs corresponding to opt-out and deletion requests from the previous 90 days. This rolling window ensures that partners have a comprehensive and up-to-date view.
Partner Responsibility & S3 Bucket Setup
Action Required: S3 Bucket Configuration: To receive opt-out and deletion data, each partner must have a dedicated S3 bucket configured by ID5. It is crucial that partners proactively contact the ID5 support team (e.g., [email protected] or your designated ID5 contact) to initiate this setup process or to confirm that an existing S3 bucket is correctly configured for this purpose. This step is mandatory to ensure the secure and reliable delivery of these privacy-related signals.
Timely Processing: Partners are expected to regularly ingest and process this data from their S3 buckets. This ensures that end-users' choices are appropriately actioned within the partner's systems, thereby upholding user privacy and meeting regulatory compliance needs.
Compliance: The accurate and timely processing of these opt-out lists is essential for partners to fulfill their own legal and contractual obligations regarding data privacy.
Data Format and Structure
The opt-out and deletion data is delivered in Comma Separated Values (CSV) format, chosen for its simplicity and broad compatibility. The data is organized within a specific directory structure in the S3 bucket, making it easy to locate and process.
File Content: Each CSV file contains a list of ID5 IDs that correspond to users who have opted out or requested data deletion. Each ID5 ID will typically be on a new line within the CSV file.
Example CSV content:
ID5-xxxxxxxxxxxxxxxxx1
ID5-yyyyyyyyyyyyyyyyy2
ID5-zzzzzzzzzzzzzzzzz3Directory Structure: Data is organized chronologically by date.
Daily Folders: A new folder is created daily using the YYYYMMDD (Year-Month-Day) naming convention. For example, data for September 9, 2024, would be found in a path similar to s3://your-partner-bucket-name/optouts/20240909/.
File Naming Convention: Within each daily folder, CSV files are generated every 30 minutes. The filenames follow a HHMMSS.csv (Hour-Minute-Second in UTC) format, reflecting the time of their creation.
For example, a file generated at 11:00:00 PM UTC would be named 230000.csv.
Another file generated 30 minutes later at 11:30:00 PM UTC would be named 233000.csv.
The full path to such a file might look like: s3://your-partner-bucket-name/optouts/20240909/230000.csv.
This detailed structure allows partners to easily automate the retrieval and processing of opt-out and deletion data.
This documentation aims to provide clarity on the opt-out propagation mechanism, facilitating a smooth and compliant process for all parties involved. Please ensure your technical teams review this information and that your S3 bucket is correctly configured.