EUID myths: it’s costly and compromises security, right?

MYTH:
Using EUID will be expensive for data storage and enrichment.

DEBUNK:
EUID is free to create and store within specific platforms like The Trade Desk. This contrasts with other identity solutions, such as LiveRamp or Adobe, which charge you based on the number of IDs and amount of data stored in your platform account. Platforms that charge for data storage and segmentation will not charge for the creation of EUIDs that are ultimately being stored only in their account on our platform, and don’t actually live within their customer data platforms or clean rooms.

MYTH:
The Trade Desk will steal my customer data and sell it to someone else with EUID.

DEBUNK:
Let’s set the record straight about the use of an advertiser’s CRM data by our platform: EUID is built to uphold strict privacy standards and comply with the spirit of applicable data protection laws in Europe.

It’s critical to understand what bidstream data we receive and how EUID is represented in transport. The EUID process is designed specifically to ensure that no customer data can be “stolen” from the bidstream because it doesn’t transmit customer data in a directly identifiable form. With EUID, what’s transported in the bidstream is encrypted, tokenized versions of the original alphanumeric identifier.

In essence, EUID is a privacy-conscious tool that aims to improve efficiency — not a means for us to sell advertisers’ data to third parties.

MYTH:
The Trade Desk will pool user data and create a central identity graph, compromising data security.

DEBUNK:
We operate with respect for user data ownership and privacy. It’s important to note that EUID itself is just an identifier and not a centralized identity graph.

As an EUID participant, we do build an identity graph for use in our platform that can include EUIDs. However, this is only done where we are legally allowed to do so. No advertiser data is ever stored in the graph.

MYTH:
Using email addresses as EUIDs isn’t privacy-compliant.

DEBUNK:
EUID framework uses encryption and tokenization techniques to ensure that IDs are not directly identifiable. At every refresh, the token re-encrypts, ensuring a consistent layer of security. EUID is privacy-conscious and offers a consent-based identity solution that is driven by applicable EU data protection law requirements, the Transparency and Consent Framework (TCF) operated by IAB, and local regulatory guidance.

MYTH:
I’m concerned about entering my email addresses into the bidstream with EUID due to potential risks around personal data exposure and noncompliance with EU data protection laws.

DEBUNK:
EUID replaces email addresses with a hashed and salted alphanumeric identifier that is encrypted into an EUID token to ensure protection in the bidstream: EUID technology doesn’t put actual email addresses into the bidstream. Instead, it uses something called pseudonymized tokens. These tokens are like placeholders that stand in for the real email, ensuring no directly identifiable data is exposed. These tokens are like placeholders that stand in for the real email, ensuring no directly identifiable data is exposed. And to enhance security token are rotated regularly.

Encrypted data transmission:

EUID pseudonymized tokens are encrypted. This means they’re converted into a secure code that can only be read by the intended recipient who can decrypt it. Even if intercepted, the data is unreadable and safe from misuse.

Compliance with EU data laws:

EUID is designed to comply with applicable strict European data protection laws. It doesn’t store raw email addresses; it processes them securely within the EU and converts them into EUIDs. This ensures that only necessary information is retained, in line with legal requirements for data handling.

Regular legal review:

The system under which EUID operates is regularly reviewed for compliance with applicable data protection laws. This ongoing legal oversight ensures that both providers and users of EUID maintain high standards of privacy and data security.

These points collectively mean that using EUID in the bidstream is designed to protect personal data and adhere to the spirit of data protection laws.

MYTH:
There's no scale in authenticated audiences, so what’s the point of EUID?

DEBUNK:
Users are spending more time engaging on devices and channels with authentication, such as mobile in-app gaming and streaming on Connected TV. As consumer time spent on these highly logged-in environments increases and the channels maintain user addressability without third-party cookies, traditional web publishers can start pushing for a value exchange with consumers: their CRM data for access to premium content. The rate of authentication across the open internet will continue to increase over time and will play an important role in the future of targeting, alongside other solutions.

MYTH:
Email addresses will vanish and the use of disposable email addresses will rise, so what happens then with EUID?

DEBUNK:
The landscape of digital communication is indeed evolving, with trends indicating fluctuations in how email addresses are used — including the potential increase in disposable email addresses. However, the EUID system is designed with the flexibility to adapt to these changes.

While the use of disposable emails may become more common, this does not negate the value of stable, long-term email addresses that are widely used for important personal and business communications. These types of email addresses remain crucial identifiers within the digital ecosystem.