What to Do When You Are a Processor and Need Identity Resolution

An aerial timelapse photo of a busy crosswalk with blurry, fast-moving people
By: Kevin Mullen

We often hear the following question from customers and partners:

What is the relationship between our data and Roqad’s data with respect to GDPR (as well as guidance provided by the United Kingdom’s Information Commission Office)?

We made the above chart to help clarify the matter. Some of the keys to locating your organization on the chart – are you using Roqad’s Private or Public Graph? Are you passing Transparency & Consent Framework Strings to Roqad?

Given that the UK ICO has told us you cannot be both a controller and a processor of:

  • The same dataset
  • For the same purpose
  • At the same time

This guidance means that if Roqad ingests customer data and combines that customer data with data from other sources, since it is a controller on the data from other sources, it is a controller on everything. That controller status triggers an Article 5 requirement to verify consent on the data coming from the customer.

As an alternative, we can keep the datasets separate.  In this scenario, Roqad matches IDs with the customer per a customer pixel fire (customer is either a controller or a processor on behalf of an end client who is a controller; Roqad is a processor or a sub-processor).

A flowchat showing consent string logic and processes from Roqad

Option A: a pre-post-cookie deprecation example:

  • Dataset #1: cookie match table that matches Roqad cookies to Partner cookies (Partner is a processor and Roqad is a sub-processor)
  • Dataset #2: public graph with everything relevant in the Roqad cookie space (with most recent TC Strings) (Roqad and Partner are both Controllers)

This allows us to provide the Roqad customer with the following:

  • Dataset #1: Partner ID <> Roqad ID
  • Dataset #2: Roqad ID <> Other Extended IDs

Option B: a post-cookie deprecation example:

  • Dataset #1: public graph with ONLY Partner cookies as an output.  (Roqad and Partner are both Processors)
  • Dataset #2: public graph with everything relevant EXCEPT Partner cookies (with TC Strings) (Roqad and Partner are both Controllers)

This allows us to give a Roqad partner the following:

  • Dataset #1: Partner ID <> Roqad person ID
  • Dataset #2: Roqad person ID <> Other Extended IDs

Option B may not see the conversion until a future graph build, because we may not have mapped the partner cookie until the conversion happens. But we should be able to generate a significant amount of conversion lift for the Partner over click through rates in a post third-party cookie world.

Give us a shout to chat with an identity graph expert today.


About The Author
Kevin Mullen

Kevin Mullen is Roqad’s Chief Product Officer.

He has spent over a decade working at the intersection of Big Data & Analytics and Mobile. He was previously head of business development for Drawbridge (acquired by Linkedin / Microsoft) and TRUSTe.

Stay in the Know

Get news, resources and updates about events happening in the world of digital advertising.