Quantcast and GDPR: A Privacy-By-Design Approach

The Quantcast Choice CMP was sold to InMobi in 2023, and is now InMobi Choice CMP.

It’s just under a year since the EU’s General Data Protection Regulation (GDPR) came into effect, raising the data protection bar for publishers and the online advertising industry that supports them. Quantcast, like many of our peers in the industry, has been working hard to embed compliance for GDPR and other data protection laws into our business and the products and services we offer. We believe GDPR is an important step in reestablishing trust between consumers and the organizations they interact with online.

As a business focused on helping brands and publishers understand and reach online audiences with relevant content and advertising, we rely on that trust and seek to reinforce it when developing new products and services. Privacy-by-design has been a core part of Quantcast’s decision making principles since the day the company was founded. They’ve helped us adapt to the evolving data privacy landscape over the past 12 years as well as leading us to play a central role in helping the industry adapt. GDPR is no exception.

Following the recent announcement by the Irish Data Protection Commission (DPC) of a statutory inquiry into Quantcast relating to GDPR, which follows the announcement of similar inquiries into a wide range of technology companies, I wanted to address a few important points that help illustrate our stance when it comes to data privacy.

Privacy-by-design

Over the long term, the easiest way to ensure a business or product can adapt to changing attitudes toward data privacy is to build in a way that anticipates these shifts. That’s why we made the decision when Quantcast was founded not to seek or use the most sensitive types of personal data, including names and contact information. We don’t need that information in order to be able to provide the services we offer our clients, so we don’t ask for it.

Instead, we made a bet that machine learning could use so called ‘pseudonymous’ information – like random user IDs – to make accurate predictions. Today these predictions include the interests of website visitors and whether certain audiences are more or less likely to buy a product or service, and determines whether or not we deliver an ad for a client.

The result is more relevant and useful advertising for consumers, more efficient use of marketing budgets and more advertising revenue for publishers. This enables those publishers to offer free content and services for their users.

This bet on machine learning has proven to be a good one for our clients. It’s made it unnecessary for us to acquire lots of personal data about individuals, unlike companies with business models that are reliant on knowing everything about a consumer. Instead, we create statistical models, based solely on that pseudonymous information to make accurate, data-driven predictions. We think that strategy has been in the best interests of internet users at large, and therefore the brands and publishers we work with, helping them grow their businesses without crossing important lines on data privacy.

Taking a proactive approach

In the lead up to the implementation of GDPR, a cross section of our teams worked closely with the IAB Europe and our industry peers to develop a way for all organizations – publishers, advertisers and technology companies – to comply with the new law. The result of that effort is the IAB Europe’s Transparency and Consent Framework, an open source and free platform on which companies like Quantcast can build tools to help individuals manage their consent online.

We developed a simple solution for publishers and marketers – called Quantcast Choice – that we make available for free and that has today been deployed by more than 25,000 websites worldwide to help them understand and manage consent when it comes to setting cookies. Anyone using the internet in the EU in the past 12 months who has seen a pop-up that says ‘Powered by Quantcast’ has engaged with Quantcast Choice.

This scale of adoption has helped these websites continue to understand their visitors and therefore deliver more relevant content and advertising in line with GDPR.

The important role of regulators

With Quantcast’s prominence in tackling international privacy issues comes a higher profile. What is Quantcast? Why do they need my data? What are my options? These are natural questions and we anticipated that taking a leadership position would bring more attention, including regulatory scrutiny.

We understand and appreciate the Irish DPC’s inquiry into how we’ve responded to GDPR and we are fully cooperating with them. We are confident that our products and business are compliant with GDPR and, as with most new regulations, the hard lines of GDPR will become clear as enforcement agencies provide their perspectives. We look forward to the DPC’s guidance.

We hope that the result of this process will be much needed clarity for the industry as a whole. All industries eschew uncertainty. The lack of clarity around the application of GDPR is harming growth, innovation and jobs in publishing and digital advertising, and reducing content choices for consumers.

As a business, we’ve worked closely with publishers and brands for more than a decade to help them better understand and reach audiences online; the process through which much of the internet we recognize today is paid for. At a time when publishers of all shapes and sizes are struggling, and all of us are confronted by fake news seemingly on a daily basis, we think the tests being applied to Quantcast’s services are worth it in order to continue supporting a free and diverse internet for us all.