Pixel Implementation Guidelines
An advertiser or agency implementing pixels including Appnexus, Google DBM & MiQ’s Capture pixel technology on their webpages must adhere to the following guidelines in order to ensure that data is gathered in a safe and compliant manner.
- Prohibited Datasets
The following types of data are prohibited from being passed into MiQ pixels:
- Personally Identifiable Information
Contact information or any data defined as PII in the USA are prohibited, including:
- Postal or email addresses
- Phone numbers
- Social security numbers
For the avoidance of doubt, online identifiers used for advertising & analytics purposes such as customer IDs, cookie & device Ids, IP addresses and granular location data, all of which may be defined as personal data, are permitted to be passed into MiQ pixels.
Please note: when implementing a universal pixel on your website(s) all information present in web URLs will be passed into the pixel. As a result please be mindful not to place the pixel on any part of the website where PII, such as an email address used to log in, may be present in the URL.
- Sensitive data categories
Any data fields which may reveal the following attributes about a user:
- ethnic origin;
- trade union membership;
- biometrics (where used for ID purposes);
- sex life; or
- sexual orientation.
Further information on sensitive data categories can be found on the ICO website.
1.3 Vulnerable data subjects
Any data that relates to vulnerable users, for example:
- Under 16s
- Gambling or drug addicts
- The elderly
- The mentally ill/unstable
- Restricted Datasets
The following data are restricted and may only be passed into a pixel with the prior approval of MiQ following a review from their DPO.
Some standard advertising data fields may have high risk implications depending on their context
- Accept/reject flags/passbacks for financial products which require a credit check – for example loans, mortgages and credit cards
- Conversions for drug and pharmaceutical products
- Transparency & Consent
As a result advertisers that use pixels to attribute digital activity or perform retargeting, regardless of the technology used, are likely to need a transparency & consent solution in place on their site in order to continue using this technology at any meaningful scale. The solution for this which has been developed by the IAB and wider advertising community is the IAB Transparency & Consent Framework. The below are some steps which will enable you to leverage the IAB framework and its benefits:
- Setup a CMP on your website. A CMP is a consent management provider which helps to read and/or set a user’s consent status. A CMP is not necessarily the company that surfaces the user interface to a user (although it can be the same). Go here for a list of IAB registered CMPs and here for more information on Google’s approach to consent management. In addition, MiQ have partnered with Pluto, a user-first CMP also registered with the IAB, which we can assist advertisers to implement, on-request, from May 16th.
- Configure the CMP. The configuration of the CMP and any interface is completely in the control of the website owner. User Interface (Consent Modal) – you can use pre-configured user experiences provided by the CMP, or customise this yourself Vendors – vendors are the 3rd parties which will be presented within the consent modal on your site. You may include any company listed in the IAB’s Global Vendor List here. On MiQ campaigns:
- MiQ (vendor 101), Appnexus, Google (Doubleclick) & your adserver/floodlight tech (e.g. DCM, Sizmek, Flashtalking) are crucial in order for us to gather & use pixel data
- Exchange partners such as Rubicon, Pubmatic, OpenX & MoPub may be useful if you adopt a “global” consent approach (see below)
- Any 3rd party trackers which may be added in the creative by you or your agency are also useful to include, for example Nielsen, [m]Platform, Adobe, Oracle Type of consent – the IAB supports 2 main types of consent:
- Global – consent preferences gathered on this site will be valid across all IAB-integrated sites. Advertisers may want to consider this in order to a) reduce the number of consent notices that are served on their site and b) get maximum scale against their attribution/retargeting outputs.
- Server Specific – consent preferences are only valid on the site where it is gathered. While this may offer lower scale it may be preferred by advertisers who want a direct/distinctive communication with their users about privacy.
- Configure your pixels. Once consent is being gathered, the final step is to re-configure your pixels/floodlights in order to ensure that they only load after consent has been gathered. Your agency and/or adserver/tag manager account manager can support you with this. If you do not use a tag management system or floodlight technology, then we can provide you with revised pixels that will only load on consented users. Please let us know if this is the case and we can assist further.
Regardless of steps 1 & 2, we request that all advertisers make this step-3 change prior to May 25th.