YouGov Direct’s “GDPR-compliant” blockchain — GDPR-laundering as a service

YouGov Direct’s “GDPR-compliant” blockchain — GDPR-laundering as a service

 

YouGov is a British polling company. They’re known for reasonably-respected, statistically valid polls on political issues of the day. These function as advertising for the company’s bread-and-butter — running commercial surveys for companies that collect responses from panels of online users, typically doing surveys from home.

In February, YouGov announced “a new digital advertising platform”: YouGov Direct — which aims to overcome both ineffective ad targeting and consumers’ problems controlling the use of their data through harnessing … can you guess? … blockchain technology!

Through YouGov Direct, panellists will be able to choose which personal attributes to make available to third parties while remaining anonymous. For example, a user might decide to share information about favourite hobbies and withhold data related to health history. In exchange for sharing their data, users will earn additional rewards.

The really eye-catching claim is that YouGov Direct’s blockchain will be GDPR-compliant:

YouGov Direct’s transparent and verifiable record of transactions provides assurance that ads are reaching actual humans as opposed to bots and will support businesses in meeting the requirements of the forthcoming EU General Data Protection Regulation (GDPR).

Can the Blockchain provide GDPR laundering?

YouGov Direct is a pitch to advertisers. They will make panelist demographic data available to their customers — the advertisers.

In GRITBook (Greenbook Research Industry Trends Report), 2018 Q1-Q2, YouGov co-founder and CEO Stephan Shakespeare outlines the problems he’s pitching this as the solution to:

Brands will be able to use high quality data for targeting — no longer subject to whatever questionable data has been packaged up and distributed through Data Management Platforms (DMPs) for which the provenance cannot often be proved.

The GDPR is a laser-targeted nightmare for internet advertising companies who compile shadow profiles of consumers — but they do this because they’re desperate to find a way to make Internet ads work at all. Particularly as the big boys, Google and Facebook, will cope with the GDPR much better than smaller companies will.

A solution to this quandary — targeted demographic data, but, somehow, GDPR-laundered! — is a tantalising offer to a desperate industry. Even more so if the technology is magical, buzzwordy and ill-understood.

How YouGov’s blockchain works

YouGov’s technical Medium post is the closest we have to a white paper. It’s written entirely as hypotheticals, using “would” — none of this exists yet.

Panelists get a “blockchain address,” with only YouGov knowing which panelist has which address.

Advertisers run a campaign as a simple smart contract, constrained on desired user attributes and a time period. Every time a user views an ad, the smart contract gets a ping. A separate panelist consent grant is used for each campaign. There’s a complicated bit with sidechains for each advertising campaign.

Payment will be to and from the public Ethereum blockchain — not using actual money.

The process also blithely assumes “the immutability and transparency of distributed ledger technology” — if you buy something branded “blockchain,” you get all possible positive attributes for free!

When a panelist leaves …

The obvious problem with this idea — the GDPR also applies to the panelists.

YouGov can require that a panelist allows their data to be in YouGov’s blockchain-derived private database while they’re participating in the YouGov Direct network — but if they leave, they can demand their demographic data is removed. Completely.

Even if YouGov’s blockchain is somewhat decentralised  … the company administers it. What do they have in place to deal with the circumstance of a panelist wanting to GDPR their commercially-valuable personal information out of the “immutable” blockchain?

And that’s without going into the customer companies compiling shadow profiles on people, as they presently do. Will YouGov’s GDPR-laundering be as immune to data compilation as YouGov and their customers will need it to be?

I’m at a loss as to how anything about this, as described, doesn’t lead in a few small ill-considered steps to Cambridge Analytica, but on the blockchain.

GDPR is antimatter to blockchains

As well as writing this news blog, I consult on blockchain and cryptos. When people ask about GDPR and PII, I warn them: don’t put Personally Identifying Information (PII) into an append-only ledger, under any circumstances.

“Immutable” and “GDPR” don’t belong in the same system.

You will have to remove Personally Identifying Information at some point — putting it into an append-only ledger is only making a rod for your own back. Use a conventional database.

Yes, but what about the people?

YouGov Direct have a lot of experienced people involved … all of whom are from advertising and marketing, and zero of whom appear to have any blockchain expertise. There must be someone, but they don’t list them.

Shakespeare managed, not one, but two entire lengthy interviews about YouGov Direct without revealing a single detail about how any of this works. Reading his descriptions of Blockchain, I’m not convinced he knows either.

He did note in the second interview that he was inspired by Imogen Heap’s approach to blockchain. Readers of chapter 12 of the book will recall that Heap’s essay into the blockchain space achieved total sales of one hundred and thirty three dollars and twenty cents

In GRITBook, Shakespeare did reveal one important detail about the nuts and bolts of YouGov Direct’s blockchain:

We believe Blockchain will have an impact on the market research industry by enabling the ability to reduce the friction between brands and organizations that wish to engage with consumers with the appropriate controls and value exchange for the consumer participants through the use of smart contracts.

You heard the man — it’ll use … computer programs!

I mean, at least they’re not running an ICO.

YouGov Direct will be going live over the course of Financial Year 2019, starting this summer.

Thanks to Cate Lapitalism for the pointer.



Become a Patron!

Your subscriptions keep this site going. Sign up today!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.