User Rights Propagation
Summary
This document details ID5's process for disseminating user opt-out and data deletion requests to its partners. As part of ID5's ongoing commitment to robust privacy practices, this system ensures that when users exercise their right to opt-out or request data deletion from ID5, these choices are efficiently communicated. The mechanism involves securely transferring lists of affected ID5 IDs to partners via dedicated S3 buckets. This enables partners to honor these requests in a timely manner, aligning with regulatory expectations and reinforcing user trust.
Background
In the digital advertising ecosystem, respecting user privacy choices is paramount. ID5's opt-out propagation initiative is a critical function designed to uphold these principles. When an individual interacts with ID5 and chooses to opt-out of data processing or requests the deletion of their data, ID5 initiates a process to ensure this preference is communicated downstream. This "streaming" of opt-out and deletion information is fundamental to ensuring that partners who receive ID5 data can also comply with user requests and meet their own regulatory obligations under frameworks such as GDPR, CCPA, and others. The process is designed to be reliable and consistent, providing partners with the necessary information to take appropriate action.
Propagation Details
A list of ID5 IDs for users who have opted out or requested data deletion is produced.
Frequency: This data is updated every 30 minutes on a rolling basis for opt-outs and on a hourly basis for deletion requests, ensuring partners receive timely information. Further data deletions can be occasionally produced due to privacy requests cascaded to ID5 on an unpredictable schedule.
Pull method (preferred for this application)
ID5 makes content available to you through the ID5-owned AWS S3 bucket "id5-privacy" using the methodologies described in https://wiki.id5.io/docs/client-data-sharing-specification
Push method
In case you are not using the AWS cloud, we can push the data to an S3-compatible Object Storage you own a bucket within. The deliveries will happen on a regular schedule (30 minutes) and will contain the feeds described below
Partner Responsibility & S3 Bucket Setup
Action Required: S3 Bucket Configuration: To receive opt-out and deletion data, each partner must use one of the methods described above. It is crucial that partners proactively contact the ID5 support team (e.g., support@id5.io or your designated ID5 contact) to initiate this setup process or to confirm that your preferred method of integration is correctly configured for this purpose. This step is mandatory to ensure the secure and reliable delivery of these privacy-related signals.
Timely Processing: Partners are expected to regularly ingest and process this data. This ensures that end-users' choices are appropriately actioned within the partner's systems, thereby upholding user privacy and meeting regulatory compliance needs.
Compliance: The accurate and timely processing of these ID lists is essential for partners to fulfil their own legal and contractual obligations regarding data privacy.
This documentation aims to provide clarity on the opt-out propagation mechanism, facilitating a smooth and compliant process for all parties involved. Please ensure your technical teams review this information and that your integration is correctly configured.
Privacy Feeds — Locations & Delivery
ID5 delivers three privacy-related feeds. Each feed can be delivered to the id5-privacy S3 bucket or pushed to a bucket you own with a prefix of your choice.
Note: Files may be delivered with some delay after the hour indicated in the path, depending on system load.
Customisable elements are marked with 🔧 throughout this page.
Opt-Out Feed
| Cadence | Every 30 minutes |
| ID5-hosted path | s3://id5-privacy/user-opt-outs/type=id5/date=YYYY-MM-DD/hour=hh/HHMMSS.csv |
| Client-hosted path | s3:// 🔧 your-bucket/ 🔧 your-prefix/type=id5/date=YYYY-MM-DD/hour=hh/HHMMSS.csv |
File Naming Convention
Within each hourly partition, a new CSV file is generated every 30 minutes. File names follow the pattern HHMMSS.csv (hours, minutes, seconds in UTC), reflecting the start of the window they cover.
Example: A file covering the window starting at 11:00 PM UTC on 9 February 2026 would be located at:
s3://your-bucket/your-prefix/type=id5/date=2026-02-09/hour=23/230000.csv
The next file, 30 minutes later, would be named 233000.csv in the same hourly partition.
Data Deletions Feed
| Property | Detail |
|---|---|
| Cadence | Hourly |
| ID5-hosted path | s3://id5-privacy/user-deletion-requests/type=id5/date=YYYY-MM-DD/hour=hh/<filename>.csv |
| Client-hosted path | s3:// 🔧 your-bucket/ 🔧 your-prefix/type=id5/date=YYYY-MM-DD/hour=hh/<filename>.csv |
File Naming Convention
Within each hourly partition, CSV files are assigned a random, system-generated name (not meaningful from a business perspective).
Example: A file produced for the 10 PM UTC hour on 3 March 2026 might be located at:
s3://your-bucket/your-prefix/type=id5/date=2026-03-03/hour=22/part-3c127890-162e-4caa-bd4e-2fd2bff2278f-0.csv
On-Demand Data Deletions Feed
| Property | Detail |
|---|---|
| Cadence | Best-effort; no fixed schedule |
| ID5-hosted path | s3://id5-privacy/on-demand-data-deletions/type=id5/date=YYYY-MM-DD/hour=hh/<filename>.csv |
| Client-hosted path | s3:// 🔧 your-bucket/ 🔧 your-prefix/type=id5/date=YYYY-MM-DD/hour=hh/<filename>.csv |
File Naming Convention
Same as the Data Deletions feed: files are grouped by hour and assigned a random, system-generated name.
Example:
s3://your-bucket/your-prefix/type=id5/date=2026-03-03/hour=17/part-00000-tid-1681382479627015163-88fec790-25f8-48ed-befe-66d3ec5b2409-1695-1-c000.csv
Note: Because this feed operates on a best-effort basis, files may be delivered at any point during the day they are produced in.
Summary of Customisable Elements
| Element | Description |
|---|---|
| 🔧 S3 bucket | You may receive feeds in your own S3 bucket instead of the ID5-hosted bucket. |
| 🔧 Path prefix | When delivering to your bucket, the prefix preceding /type=id5/… is fully configurable. |
Data Format and Structure
The opt-out and deletion data is delivered in Comma Separated Values (CSV) format, chosen for its simplicity and broad compatibility. The data is organized within a specific directory structure described above, making it easy to locate and process.
File Content: Each CSV file contains a list of ID5 IDs that correspond to users who have opted out or requested data deletion. Each ID5 ID will typically be on a new line within the CSV file.
Example CSV content:
ID5-xxxxxxxxxxxxxxxxx1
ID5-yyyyyyyyyyyyyyyyy2
ID5-zzzzzzzzzzzzzzzzz3