FAQ – DigiTrust: A Service from IAB Tech Lab

DigiTrust is a neutral, non-profit, industry-wide collaboration of ad tech platforms and premium publishers utilizing a standardized user token in order to improve the consumer online experience. DigiTrust was acquired by IAB Tech Lab in April 2018, and now operates as a service from IAB Tech Lab. The DigiTrust service and technology solution creates a randomly-generated user token, which is propagated by and between its members in lieu of billions of proprietary pixels and trackers on web pages daily.
DigiTrust seeks to dramatically reduce the number of third-party requests that take place on Web pages, and which slow down the consumer online experience..
Thousands of companies work in collaboration today to deliver to consumers personalized digital content and advertising over the Web, across many different devices. Each of these companies assigns their own proprietary, cookie-based user token, which their partners aren’t able to read. That means in order to work together in real-time, each company must maintain elaborate systems and processes to synchronize the different tokens used by each of their partners, for each consumer, on each web browser in every connected device. The conventional process to update those systems and synchronize tokens with each other is called “pixel syncing” (or “cookie syncing”), and this process — because it’s so widely deployed across so many companies — can result in more than 100 third-party requests on a given Web page. This slows down the web experience publishers offer their consumer audiences and is costly for third-party companies to maintain.
The DigiTrust service creates a pseudonymous user token and stores it within a conventional cookie that may be read and propagated by DigiTrust members. With a standardized token provided to and used by all parties, pixel syncs are rendered obsolete. Hundreds of billions of unnecessary daily third-party pixel sync requests will eventually be removed from web pages — improving the web experience for consumers — while publishers and their partners continue to be able to work together to deliver consumers rich, personalized content and advertising.
DigiTrust has provided publishers with an open-source JavaScript file to run on all their pages. The job of this script is to:
1. Generate the standardized (randomly generated) user token and store it as a conventional cookie and subsequently…
2. Allow the encrypted token to be read and used by DigiTrust members, n accordance with consumer preferences (and applicable regulatory requirements).
No. Most companies in the industry already use proprietary cookie-based user tokens for behavioral data collection and targeting, and are covered under existing privacy/regulatory guidelines. Their use of the DigiTrust token is not expected to impact their current data collection practices nor privacy/regulatory compliance. DigiTrust does not collect, store, buy, sell, or transfer consumer data, nor does it enable new data for collection and/or subsequent targeting by any party. The primary goal for DigiTrust is to reduce the need for third-party requests on publisher pages as a result of pixel syncs, which slow down the consumer experience.
No, not any more than the conventional industry practices employed today, which are:
● Mobile apps – Each mobile operating system already provides a single, standardized “mobile advertising ID” (associated with a device/user) to all parties, resulting in broadly fragmented data across multiple parties tied to a common identifier.
● Browser (desktop, mobile and tablet) – Advertising platforms utilize broadly deployed and redundant ID syncs to maintain comprehensive ID mapping tables, which may be used to link fragmented IDs and data.
Just as the mobile operating systems provide a standardized “ID for advertisers”, DigiTrust provides a standardized ID for the web ecosystem.
Neither IAB Tech Lab nor its DigiTrust service collects, stores, shares, uses, buys or sells consumer behavioral data or personal information in connection with the DigiTrust service. Specifically, this includes but is not limited to:
• Any domains, URLs, pages, referrers, or content that any consumer has loaded into their browser.
• Any consumer meta-data provided by the browser, such as IP address, operating system, browser type, browser add-on applications, etc.
• Any personally identifiable information, personal data, or geolocation data for the consumer.
• Any consumer third-party login data, including email addresses, passwords, etc.
• Any demographics, attributes, characteristics, derivative inferences, or audience segments formed from the above.
DigiTrust does access the device to set and read cookies in connection with the service. For those reasons, we are listed on the General Vendor List (ID 64) for the IAB GDPR Transparency and Consent Framework, and will not set the DigiTrust ID until/unless we have consent.
DigiTrust IDs are encrypted, with decryption only available to members (who are part of regulatory programs and uphold consumer privacy standards). Our policies prohibit members from passing the decrypted (persistent) ID to non-members.
Yes. The key area in which publishers lack control (for data collection, data leakage, cross-device linkages, etc.) is in all the third-party requests from ID syncs. If we eliminate the need for ID syncs, then publishers can take back control of their pages and only let the vendors they trust appear on their websites.
No. DigiTrust members have come together within a working group structure to co-develop a free, open-source CMP solution that integrates DigiTtrust functionality. We also have members with their own proprietary CMP developments, all in accordance with the IAB Transparency and Consent Framework. The DigiTrust CMP offering is a neutral and open-source option. We
certainly expect that other CMPs will be more suitable to differing requirements in the marketplace and we will encourage CMP adopters to choose the solution that best meets their requirements.
DigiTrust is now part of IAB Tech Lab, which we believe provides the ideal forum for building consensus and developing foundational, non-competitive technical standards and software to support identity resolution, GDPR compliance, and much more. We invite anyone who has input into how any of our work should evolve to join us and become active participants in our working groups and, if desired, Board of Directors.

Standardization of the user token enables online publishers to substantially reduce the number of third party requests on their pages, resulting in a better Web experience for their visitors, more trusted and effective integrations with their third party partners, and in some jurisdictions alleviated regulatory pressure. It also enables significantly greater audience recognition for advertisers, which results in more revenue, while simultaneously reducing data leakage.

Standardization of the user token will enable third parties to integrate with each other (on behalf of their publisher or marketer customers) much more easily, with better audience recognition, faster integration time, reduced operational costs, improved delivery of services to their customers, and in some jurisdictions alleviated regulatory pressure.

Standardization of the user token, with consumer notice and consent, will enable marketers to integrate with technology platforms more easily, with faster integration time and improved audience recognition, measurement, etc. Accordingly, marketers will be able to reach targeted audiences at greater scale, across a broader set of platforms and devices, with reduced operational costs.

Standardization of the user token, with their consent, will enable online consumers to be encumbered by substantially fewer third party requests on the pages they visit across the Web, which helps to reduce consumer privacy concerns. Other than that, there is no impact to consumer privacy. The DigiTrust service generates no incremental tracking data of any sort, and relies on conventional cookies, which are broadly used on the Web today already. DigiTrust also fully preserves/respects the privacy options available to and used by consumers today.