6 Privacy-Enhancing Technologies for AdTech Companies
Digital advertising operates in a landscape where the demand for privacy and data security is accelerating rapidly. Consumers, publishers, and regulators are all pressing for higher standards — yet users simultaneously expect a personalized advertising experience. Bridging that gap requires AdTech platforms to thoughtfully implement privacy-enhancing technologies (PETs) that protect user data without dismantling the targeting and measurement capabilities that make advertising effective.
This guide examines the main PETs available to AdTech platforms, how each one works, and which platform types are best positioned to use them.
Key Points
- Privacy-enhancing technologies (PETs) are critical for improving data protection in the AdTech industry by balancing data privacy against the delivery of a personalized advertising experience. PETs primarily focus on minimizing the collection and use of personal data and the amount of data processed, while maximizing data security to protect consumer privacy.
- Most AdTech platforms can implement a variety of PETs, including differential privacy, secure multi-party computation, techniques for anonymizing personally identifiable information, and solutions that incorporate PETs for secure data sharing (such as data clean rooms).
- Each AdTech platform type can leverage different PETs to enhance user privacy.
- Ad networks, DSPs, SSPs, and ad exchanges can utilize differential privacy, tokenization, homomorphic encryption, secure multi-party computation, federated learning, and pseudonymization.
Note: For the purposes of this article, the term "privacy-enhancing technologies" (PETs) covers all technologies, techniques, and strategies that improve the quality of data protection.
What Are Privacy-Enhancing Technologies?
Deloitte defines privacy-enhancing technologies as a broad spectrum of "data privacy protection approaches, from organizational to technological." PETs integrate elements of cryptography, hardware, and statistical methodologies to guard against the unauthorized processing or sharing of consumer data, acting as protective measures that ensure sensitive information is handled securely.
PETs help ensure data security by focusing on three key pillars:
- Minimizing the collection and use of personal data
- Maximizing data security to protect consumer privacy
- Minimizing the amount of data processed
The Key Privacy-Enhancing Technologies AdTech Companies Can Use
Most AdTech platforms can implement technologies that include differential privacy, multi-party computation, techniques for anonymizing personally identifiable information (PII), and solutions that incorporate PETs for secure data sharing (e.g., data clean rooms). Each technology achieves a different goal, resulting in enhanced data protection for users.
Differential Privacy: Adding Noise to Collected Data
Differential privacy (DP) provides a framework for sharing information about a dataset without revealing specifics about individuals. DP techniques introduce statistical noise into data collected by publishers and advertisers, keeping users' identities anonymous while still enabling valuable insights to be derived from aggregated data.
Differential privacy is achieved by incorporating a certain level of randomness into an analysis. Unlike conventional statistical analyses that calculate averages, medians, or linear regression equations, analyses conducted with differential privacy introduce random noise during computation.
The "random noise" elements refer to randomized perturbations or statistical variations introduced into data calculations or results, typically through algorithms or mechanisms such as Laplace noise or Gaussian noise.
As a result, the outcome of a differentially private analysis is not precise but an approximation, and if the analysis is performed multiple times, it may produce different results each time.
Examples of DP applied in the AdTech landscape include:
- APIs created for the Google Privacy Sandbox initiative, which prevent the Chrome browser from sharing identifiable data until it can be combined with many other users' data points.
- Apple implemented differential privacy in its systems starting with iOS 10. When users opt to share Diagnostic and Usage Data, Apple applies DP principles to safeguard that data, extending the approach to web browsing data as well.
- Facebook used differential privacy to protect a trove of data it made available to researchers analyzing the effect that sharing misinformation has on elections.
Secure Multi-Party Computation (MPC): Safe Data Computing
Secure multi-party computation (MPC) allows two or more parties to perform computations on their collective data without revealing their individual inputs. However, the mathematical protocols of MPC do not attempt to hide the identities of the participants; that can be achieved by adding an anonymous-communication protocol.
MPC enhances privacy because parties can gain insights from a combined dataset without exposing their private information.
Examples of MPC in the AdTech landscape include:
- Magnite creates synthetic stable IDs using encrypted data to activate the data without accessing raw datasets.
- DOVEKEY by Google simplifies the bidding and auction aspects of TURTLEDOVE by introducing a third-party key-value server.
- The Interoperable Private Attribution (IPA) initiative by Mozilla and Meta aims to provide a framework for attribution measurement without tracking users.
An example of a data processing pipeline that could be performed using IPA — from fragmented source (e.g., publisher) and trigger (e.g., advertiser) events to reporting and campaign optimization, passing through attribution. Source: Criteo.
Anonymization, Pseudonymization, Encryption, and Tokenization: Replacing Personally Identifiable Information (PII)
Anonymization, pseudonymization, encryption, and tokenization are techniques for replacing PII with non-sensitive information tokens. These tokens "cover" raw data so it isn't exposed. While the names might imply similarities, each technique works differently and carries distinct implications for AdTech use cases.
Anonymization
Anonymization transforms data so it no longer identifies or can be linked to an individual. The goal is to remove all identifying information, making it practically impossible to re-identify specific individuals from the data.
Anonymization techniques applied in the AdTech industry include aggregation, data masking, and other methods that significantly reduce the risk of re-identification.
Anonymization is commonly used by AdTech platforms to:
- Perform statistical analysis
- Conduct basic audience segmentation
- Generate insights
Encryption
Encryption transforms data into a coded form — often referred to as ciphertext — that cannot be understood by anyone who lacks the key to decode it.
In AdTech, encryption is used to secure PII when it is being transmitted between systems or stored in databases. Even if data is intercepted or accessed without authorization, it remains unreadable and therefore useless to an attacker.
Encryption is commonly used by AdTech platforms to:
- Secure data transmission
- Store data securely
- Protect user privacy
- Comply with data protection regulations
Pseudonymization
Pseudonymization replaces or modifies PII with pseudonyms or aliases. The original data is transformed in a way that makes it more challenging to identify individuals directly, while still allowing certain types of analysis or processing.
Pseudonymized data retains the potential for re-identification if the pseudonyms are somehow associated with the original identities.
Pseudonymization is commonly used by AdTech platforms to:
- Deploy targeted advertising
- Measure campaign effectiveness
Tokenization
Tokenization substitutes sensitive data with unique tokens that have no inherent meaning or value on their own. The technique allows for efficient data processing and storage without revealing actual personal information.
AdTech platforms may tokenize PII — such as email addresses or device identifiers — by replacing them with randomized tokens.
Tokenization is commonly used by AdTech platforms to:
- Deploy targeted advertising
- Track users
- Measure campaign effectiveness
Data Clean Rooms (DCRs): Data Sharing, Targeting, and Measurement
Data clean rooms (DCRs) are controlled environments that allow multiple processes to be applied to data in order to protect it. Their main purpose is enabling data sharing and analysis without exposing raw information, delivering insights while simultaneously safeguarding user privacy.
How a data clean room works.
The AdTech industry currently has two main types of DCRs.
The first type is represented by AdTech walled gardens — Google, Amazon, and Facebook — each of which runs media clean rooms from which they deliver hashed and aggregated data to companies using their advertising platforms.
The second type is represented by independent AdTech companies such as LiveRamp, Snowflake, Aquilliz, and Decentriq, which provide ready-to-use data clean rooms for companies across different industries and digital advertising channels.
Based on industry interviews with executives at Decentriq and Aquilliz, the most common use cases of DCRs in digital advertising are:
- Media planning
- Retargeting
- Creating audience segments
- Activation
- Measurement
- Providing predictive analytics
- Attribution
Privacy-Enhancing Technologies by AdTech Platform Type
The integration of PETs within AdTech platforms is essential for protecting user data and adhering to evolving global data privacy regulations. Adopting these technologies also provides a competitive edge in an increasingly privacy-conscious market.
PETs for Ad Networks
Ad networks have several PETs at their disposal to ensure user data protection.
By using tokenization and differential privacy, ad networks can deliver effective, targeted advertisements while respecting user privacy.
Contextual advertising reduces the need for personal data collection by displaying ads on matching websites. Differential privacy prevents the identification of individuals when analyzing reports. Tokenization replaces sensitive data — such as email addresses — with non-sensitive tokens, securing data against breaches and identity theft.
PETs for Demand-Side Platforms (DSPs)
By incorporating data clean rooms, homomorphic encryption, differential privacy, and secure multi-party computation, DSPs can navigate the balance between ad personalization and user privacy.
Data platforms that incorporate PETs, such as data clean rooms, can provide secure environments for data processing and analysis, ensuring that sensitive user information remains protected.
Homomorphic encryption allows DSPs to perform computations on encrypted data without decrypting it, securing data while keeping it usable for ad targeting.
Like ad networks, DSPs can leverage differential privacy by introducing statistical noise into data to prevent the identification of individuals while still allowing meaningful analysis for ad targeting.
Secure multi-party computation enables data insights from multiple sources without exposing raw data, further enhancing privacy.
PETs for Supply-Side Platforms (SSPs)
Supply-side platforms can leverage various PETs to protect user data while optimizing ad space for publishers. By adopting differential privacy, federated learning, and homomorphic encryption, SSPs can effectively protect user data while optimizing ad placements.
To aggregate and analyze user data — such as trends and behaviour — without infringing on user privacy, SSPs can leverage differential privacy, which introduces statistical noise into data to safeguard individual identities.
Federated learning, an advanced machine learning algorithm that enables data analysis and processing on the device where data was collected, can strengthen ad optimization by building more accurate models for serving ads.
Homomorphic encryption can protect user data while enabling SSPs to build encrypted user profiles. These profiles can be used to target ads effectively while the underlying user data remains secure and private.
PETs for Data Platforms (DMPs, CDPs, and Data Clean Rooms)
Data platforms — including data management platforms (DMPs), customer data platforms (CDPs), and data clean rooms — are central hubs for collecting, integrating, and managing large amounts of structured and unstructured data from different sources. Because of this core function, they need to maintain user privacy at a high level.
Both differential privacy and pseudonymization can enhance the process of audience segmentation and data sharing in these platforms. DMPs can use these techniques to create anonymized or pseudonymized user segments, enabling precise ad targeting without compromising individual user privacy.
PETs for Ad Exchanges
Ad exchanges are digital marketplaces for buying and selling ad inventory from multiple DSPs and SSPs, where prices are determined through real-time bidding (RTB) auctions.
Incorporating differential privacy and secure multi-party computation helps protect sensitive user information during the bidding process. By adding statistical noise to the data used for bidding, ad exchanges can ensure that auction activity does not result in the leakage of sensitive user information.
Other use cases for differential privacy include reports and analytics modules — data and insights can be displayed in a way that prevents the identification of individual users.
Ad exchanges can also utilize secure multi-party computation to match advertisers and publishers based on their respective criteria without revealing the private information of either party.
PETs for Ad Servers
Ad servers store and deliver ads to websites and apps and provide reports on ad performance. Through differential privacy, encryption, and federated learning, ad servers can meaningfully enhance user privacy.
Differential privacy can ensure that data analysis processes do not expose sensitive user information.
Encryption in ad servers secures user data by encoding it into a format that can only be accessed with the correct decryption key.
Federated learning allows ad servers to conduct data analysis without needing to share the data itself, enhancing user privacy in the process.
Summary
The adoption of privacy-enhancing technologies is an important step for AdTech platforms seeking to respect user privacy and ensure data security. Applied correctly, these technologies allow platforms to deliver effective advertising while prioritizing the privacy and security of users' data — a balance that is becoming both a regulatory requirement and a market expectation.