Keeping data privacy and ethics at our core

Carbon has been built with data privacy and ethics at its core. In this article we present our privacy-by-design principles and our general approach to data ethics.

Carbon’s vision is to support an ad funded internet by allowing our publisher clients to deliver personalised advertising in return for free content for the consumer. Recent surveys by organisations such as Which show that most consumers understand this value exchange and in principle prefer to opt in. The main issues people have are the lack of transparency and control over what data is used, how the data is used, the risk of exploitation of vulnerable people and convoluted privacy policies.

In recent years, and following some high profile cases where personal data has been misused, government regulators have enacted a number of laws to ‘clean up’ the ad-tech industry. The ‘Wild West’ has disappeared and organisations now work within tightly controlled legal frameworks. Nevertheless public perception of the industry is still somewhat negative and this is largely due to a lack of control, transparency and trust with the companies that operate in the ecosystem.

The Changing Regulatory Landscape

GDPR

European lawmakers first started working on a replacement to the 1995 Data Protection Directive in 2011 and enacted the General Data Protection Regulation (GDPR) in 2016. It came into effect in May 2018 bringing the notion of explicit consent to the fore and with it the creation of consent management platforms which popup on a website asking consumers to consent for their data to be used for different purposes. The IAB created the transparency & consent framework in 2018 and updated it to version 2 in 2019 with publishers required to move over by September 2020. Carbon became registered as a TCF V2 vendor in August 2020.

Other aspects of the GDPR include the right to know, the right to forget and the right to opt out.

CCPA & CPRA

California Consumer Privacy Act

Following the March 2018 disclosure of the misuse of personal data by Cambridge Analytica and subsequent congressional hearings which highlighted the fact that any personal information shared on the internet can be subject to considerable misuse and theft and, with the GDPR only applicable in the European Union, legislators quickly realized that they needed to move rapidly to protect Californians’ right to privacy by giving consumers much more control of their personal information.

The California Consumer Privacy Act came into force on Jan 1, 2020 and gives consumers rights to learn what information companies have gathered and used as well as the right to know, the right to forget and the right to opt out.

California Privacy Rights Act

The CPRA was enacted on November 3rd 2020 and will become effective on Jan 1, 2023 with a look back of 12 months. This creates a new government agency to oversee enforcement and compliance. Most notably it makes companies responsible for what other companies do with California residents’ personal information if collected by the former and shared with the latter. 

It builds on the CCPA requirements requiring that opt-out and forget-me requests are shared amongst third parties, adds a requirement to allow a consumer to correct information, and adds a new category of data called sensitive personal information (login credentials, race, ethnicity, biometric data from health trackers, and precise geolocation). This latter requirement allows a consumer to direct a company collecting personal data to only use it to provide the service or goods. On the flip side it allows companies to target non-sensitive information instead of losing access to all personal information for marketing purposes.

Companies that process sensitive data or perform high-risk processing are also required to have annual audits. The CPRA also requires businesses that use profiling and automated decision making to be able to provide meaningful information about the logic involved in the decision making process.

Carbon Data Ethics

Carbon is a leader in ethical data custodianship and data brokering and privacy-by-design is at the heart of our systems. Clearly regulation is a major consideration in our work but Carbon goes much further than simply abiding by the rules. We strongly believe in being fair, transparent, and providing the consumer with control over their data. Helpfully these correspond to the latest and upcoming regulations but we continue to look ahead and are looking forward to building even more levels of control and an ecosystem where a consumer can exclude certain types of data.

Some of the regulations we’re keeping an eye on at Carbon.

Carbon Data Principles

As part of our commitment we have established the following set of data principles. More details about these can be found at www.carbonrmp.com/data-ethics.

  • Data Agency : We will empower individuals with the ability to access their data and will maintain people’s capacity to have control over their identity.
  • Transparency : We will ensure the basis of any data processing and actions are always discoverable.
  • Security : We will guard against possible misuse and ensure data is kept safe.
  • Accountability : We will develop practices for holding ourselves accountable to shared standards.
  • Trust : We will be responsive to users, use plain language to communicate clearly and be consistent in all we do.

We also promote the ethical use of data and we ensure that 

  • We will only operate within the advertising and marketing industry with our aim being to help unlock the value in our publishers’ data.
  • We will work to avoid unfair bias in our models and inference mechanisms.
  • We will not process sensitive data.
  • We will incorporate scientific rigour into our modeling and prediction components to support our aspirations of scientific excellence.

These principles set out our commitment to build ethically designed software, to develop an open and transparent partnership with our users and clients, and to only operate within ethically responsible application areas and use of data. 

Carbon fully supports the right to know, the right to forget, and the right to opt-out and these are available to the consumer from our privacy page. Our privacy policy (www.carbonrmp.com/privacy) uses plain language and is set out in clear sections describing the data we collect, process and how it is used.

Carbon’s mission is to make publishing more profitable and by being transparent, accountable, secure, and promoting choice, we will be known as a trustworthy leader in ethical data custodianship and data brokering. Creating a value exchange between ourselves, our clients and the end user will support an open and free internet which will benefit both clients and consumers.

Carbon is now part of Magnite.