Private set intersection MPC protocol included in digital advertising industry standard

For the past few decades, publishers have been able to earn revenue from online content by allowing advertisers to place digital ads on their webpages that target groups of users or even individual users based on those users’ demographics, interests, browsing histories, and so on. This came at the expense of user privacy, as individual users have been tracked across the internet using techniques such as the placement of third-party cookies, which make it possible for organizations to record a user’s activity across different websites.\

A growing awareness among users and organizations of the risks associated with the widespread sharing of individual user data, as well as the codification of user privacy as a right within frameworks such as GDPR and CPRA, has led major players such as Apple and Google to add third-party cookie deprecation to their roadmaps. As a result, organizations within the advertising technology ecosystem are actively exploring and investing in a range of technologies (and vendors providing such) that allow publishers to continue earning advertising revenue from their online content while better addressing the privacy risks faced by individual users. Examples of this include the implementation of contextual targeting techniques (such as Google Topics), leveraging of data clean rooms, and the development or acquisition of solutions that rely on privacy enhancing technologies such as secure multi-party computation (MPC).

Among these efforts is IAB Tech Lab’s work on the Open Private Join and Activation (OPJA) standard, which enumerates specific and concrete workflows that publishers and advertisers can use to minimize sharing of user data when targeting ads. Digiday recently released an accessible high-level overview video describing OPJA. One critical OPJA workflow involves matching first-party data: the personal information users share with publishers and advertisers when they register to use their products and services. The OPJA standard specifies a number of privacy and security design goals for any such matching process, and then presents two reference designs that are motivated by these design goals, including a private set intersection (PSI) MPC protocol. 

Because the privacy and security benefits of MPC protocols necessarily require cooperation between two or more distinct entities, industry-specific consortia such as IAB Tech Lab and standards such as OPJA play a critical role in allowing (and encouraging) organizations to leverage MPC. Reciprocaly, these standards also provide an essential roadmap for researchers and vendors developing new MPC protocols, frameworks, software, and services.

OPJA is the product of close collaboration between IAB Tech Lab, Optable, Magnite, Decentriq, Dstillery, and many other participants within an IAB Tech Lab working group focused on re-architecting the advertising ecosystem in a way that addresses risks to consumers’ privacy. At Magnite, we plan to continue our contributions to the development and adoption of OPJA, which may include input on technical content, participation in the implementation of open-source software libraries, and support for the standard itself within Magnite’s products and services.