The PrivacyChain is a distributed, blockchain platform , based on a shared, immutable, distributed ledger. This ledger ensures that participants in a PrivacyChain have a single, consistent, up-to-date view to a consumers opt-ins or opt-outs, something that is more difficult to accomplish with traditional technologies. As a result, PrivacyChain helps publishers and advertisers build more trusting relationships with their customers. It also provides companies with a standardized consent management solution which speeds and simplifies deployment for all their partners in the data supply chain. And because of this consistency and ease of deployment, PrivacyChain simplifies companies' ability to prove that they are complying with numerous consumer privacy regulations worldwide, including the California Consumer Privacy Act, General Data Protection Regulation, and the European Privacy Directive, as well as a company's own privacy policies.
A demo is available at http://tools.iabtechlab.com. Companies interested in testing the specification can build applications that make calls into the testbed and see how they are handled and propagated across the blockchain in a standard implementation.
Following entities are defined in privacychain:
- Data Collector – For example, Brand, Publisher, Data Source of consumer data
- Data Buyer – For example, Brand, Ad Agency, Data Aggregator
- Advertiser – For example, Brand, Ad Agency
- Individual – Consumer, user
| Title | Data Collector captures consent when an individual's personal data and opt-in preference is being collected |
|---|---|
| Description |
|
| Post condition | Individuals consent along with its meta data2 is captured in PrivacyChain |
| Title | Advertiser tracks audience data movement when personal data is transferred to a third party |
|---|---|
| Description |
|
| Post condition |
|
| Title | Third party tracks audience data movement when data is transferred to another third party. All third parties delete audience data post campaign |
|---|---|
| Description |
|
| Post condition |
|
| Title | Data Seller captures individual's consent when individual's personal data is being collected |
|---|---|
| Description |
|
| Post condition | Individual's consent along with its meta data8 is captured in PrivacyChain |
| Title | Data Seller tracks data movement when individual's data is sold and transferred to third party |
|---|---|
| Description |
|
| Post condition |
|
| Title | Individual inquires consent status and data movement |
|---|---|
| Description |
|
| Post condition | The brand's website displays a list of user's attribute(s) along with meta data:
|
| Title | Individual manages his/her consent and updated consent propagates to downstream entities |
|---|---|
| Description |
|
| Post condition |
|
| Title | Regulator auditing Data Collector and Data Processor's privacy practice |
|---|---|
| Description |
|
| Post condition |
|
| Title | Regulatory authority and consumer advocacy group monitors the integrity of the consortium |
|---|---|
| Description |
|
| Post condition |
|
API specification can be found in Swaggerhub repository - Privacy Chain API Docs
| Item # | Priority | Endpoint | Parameters | Method | Notes |
|---|---|---|---|---|---|
| CT-01 | MVP | /consent | {id}{consentType}{entity}{expires}{attributes}{status} | POSTPUT | Add a new consent record to the chainUpdate an existing consent |
| CT-02 | V1.0 | /consent/createWithArray | {id}{consentType}{entity}{expires}{attributes}{status} | POST | Create multiple consents with given input array |
| CT-03 | V1.0 | /consent/createWithList | {id}{consentType}{entity}{expires}{attributes}{status} | POST | Create multiple consents with input list |
| CT-04 | MVP | /consent/findIdsByEntity | GET | Find consent IDs by entity | |
| CT-05 | MVP | /consent/{consentId} | {id}{consentType}{entity}{expires}{attributes}{status} | GET | Find consent by consent ID |
| CT-06 | V1.0 | /consent/revokeWithArray | POST | Revoke multiple consent records | |
| CT-07 | MVP | /consent/revoke/{consentId} | POST | Revoke single consent record | |
| DT-01 | MVP | /datatransfer | {id}{consentId}{source}{destination}{attributes}{status} | POSTPUT | Log data transfer actionUpdate an existing data transfer |
| DT-02 | V1.0 | /datatransfer/createWithArray | {id}{consentId}{source}{destination}{attributes}{status} | POST | Create data transfers with given input array |
| DT-03 | V1.0 | /datatransfer/createWithList | {id}{consentId}{source}{destination}{attributes}{status} | POST | Create data transfer with given input list |
| DT-04 | MVP | /datatransfer/findByConsentID | {id}{consentId}{source}{destination}{attributes}{status} | GET | Find data transfers by consent ID |
| DT-05 | MVP | /datatransfer/{datatransferId} | {id}{consentId}{source}{destination}{attributes}{status} | GET | Find data transfer by data transfer ID |
| SB-01 | V1.0 | /subscription | {id}{consentId}{entity}{subscriptionDate}{email}{status} | POST | Subscribe to notifications for all events related to a consent record |
| SB-02 | V1.0 | /subscription/findByEntity | GET | Return subscriptions for an entity | |
| SB-03 | V1.0 | /subscription/{subscriptionId} | GETDELETE | Find subscription by subscription IDDelete subscription by subscription ID |
The IAB Technology Laboratory (Tech Lab) is a non-profit research and development consortium that produces and provides standards, software, and services to drive growth of an effective and sustainable global digital media ecosystem. Comprised of digital publishers and ad technology firms, as well as marketers, agencies, and other companies with interests in the interactive marketing arena, IAB Tech Lab aims to enable brand and media growth via a transparent, safe, effective supply chain, simpler and more consistent measurement, and better advertising experiences for consumers, with a focus on mobile and TV/digital video channel enablement. The IAB Tech Lab portfolio includes the DigiTrust real-time standardized identity service designed to improve the digital experience for consumers, publishers, advertisers, and third-party platforms. Board members include AppNexus, ExtremeReach, Google, GroupM, Hearst Digital Media, Integral Ad Science, Index Exchange, LinkedIn, MediaMath, Microsoft, Moat, Pandora, PubMatic, Quantcast, Telaria, The Trade Desk, and Yahoo! Japan. Established in 2014, the IAB Tech Lab is headquartered in New York City with an office in San Francisco and representation in Seattle and London.
Learn more about IAB Tech Lab here: https://www.iabtechlab.com/
THE STANDARDS, THE SPECIFICATIONS, THE MEASUREMENT GUIDELINES, AND ANY OTHER MATERIALS OR SERVICES PROVIDED TO OR USED BY YOU HEREUNDER (THE "PRODUCTS AND SERVICES") ARE PROVIDED "AS IS" AND "AS AVAILABLE," AND IAB TECHNOLOGY LABORATORY, INC. ("TECH LAB") MAKES NO WARRANTY WITH RESPECT TO THE SAME AND HEREBY DISCLAIMS ANY AND ALL EXPRESS, IMPLIED, OR STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AVAILABILITY, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. TO THE EXTENT THAT TECH LAB MAY NOT AS A MATTER OF APPLICABLE LAW DISCLAIM ANY IMPLIED WARRANTY, THE SCOPE AND DURATION OF SUCH WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW. THE PRODUCTS AND SERVICES DO NOT CONSTITUTE BUSINESS OR LEGAL ADVICE. TECH LAB DOES NOT WARRANT THAT THE PRODUCTS AND SERVICES PROVIDED TO OR USED BY YOU HEREUNDER SHALL CAUSE YOU AND/OR YOUR PRODUCTS OR SERVICES TO BE IN COMPLIANCE WITH ANY APPLICABLE LAWS, REGULATIONS, OR SELF-REGULATORY FRAMEWORKS, AND YOU ARE SOLELY RESPONSIBLE FOR COMPLIANCE WITH THE SAME, INCLUDING, BUT NOT LIMITED TO, DATA PROTECTION LAWS, SUCH AS THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (CANADA), THE DATA PROTECTION DIRECTIVE (EU), THE E-PRIVACY DIRECTIVE (EU), THE GENERAL DATA PROTECTION REGULATION (EU), AND THE E-PRIVACY REGULATION (EU) AS AND WHEN THEY BECOME EFFECTIVE.