Summary of the report
In recent years, a wide range of companies has started to monitor, track, and follow people in virtually every aspect of their lives. A vast landscape of data companies has emerged that consists not only of large players such as Google and Meta, but also thousands of other businesses from various industries that continuously share and trade digital profiles with each other. Companies have started to combine and link data from the web and smartphones with the customer data and offline information that they have been amassing for decades. Many businesses try to record and measure every interaction with a consumer, including on websites, platforms, and devices they do not control themselves. They can seamlessly collect rich data about their customers and others in real-time, enhance it with information from third parties, and utilize the enriched profiles for digital advertising, which is often based on real-time auctions of consumer profiles. The lawfulness of many of these data practices under the GDPR is disputed and subject to ongoing debate and litigation.
LiveRamp, formerly known as Acxiom, is a major player in this marketing data industry. As a consumer data broker, the company sells data about 700 million consumers globally from 150 data providers through its “data marketplace”. Perhaps more importantly, LiveRamp operates a massive identity surveillance system that assigns every person a proprietary identifier, which is tied to identifying attributes such as names, postal addresses, email addresses, phone numbers and digital IDs referring to browsers, smartphones and other devices. Its AbiliTec and RampID systems maintain and constantly update comprehensive identity records about whole populations: the address where they live, the devices they use, and people they share a household with. LiveRamp explains that “people are dynamic”. Each time they “move houses, change jobs, switch phones, share computers, and upgrade their tech”, this may create a new identity record in its systems. “Over time, each of these events builds a more complete picture of that person’s identity”. LiveRamp’s identity graph systems can be considered private population registers, and their identity databases and proprietary identifiers facilitate the exchange of personal data across databases and companies. Many businesses in the digital marketing industry utilize LiveRamp’s identity surveillance technology to recognize, track, follow, profile and target people across the digital world and trade profile information about them. The company also promotes its identity graph systems as a solution to sell behavioral advertising without third-party cookies. LiveRamp is based in the US, listed at the NYSE and has offices in London and Paris. As of 2023, LiveRamp operates in many countries across the planet including the UK, France, Germany, Belgium, Spain, Italy, Poland and Romania.
This report investigates LiveRamp’s identity surveillance technology and data practices that rely on it with a focus on Europe, France and the UK. It builds on previous research and is largely based on a detailed analysis of software documentation available online. To a smaller extent, it relies on an analysis of promotional materials and legal documents such as privacy policies. The report represents a working document that aims to serve as evidence for the further investigation of LiveRamp’s data practices by scholars, policymakers, journalists, privacy advocates and regulators. As a “technical report”, it assumes some knowledge from readers about today’s marketing data industry. The report documents a wide range of data practices:
LiveRamp's identity graph systems
Section 2 of the report examines the basic functionality of LiveRamp’s identity surveillance technology. It shows that LiveRamp maintains population-scale identity databases that contain comprehensive identity records about 700 million people globally, 45 million people in the UK and 25 million people in France. The AbiliTec identity graph links different “offline” identifiers to each other, including names, postal addresses, email addresses and phone numbers (section 2.1). The RampID system links digital identifiers to a person’s AbiliTec record, including mobile device IDs, cookie IDs, connected TV IDs and other proprietary IDs (section 2.2). LiveRamp claims to have data about 14 billion devices globally.
LiveRamp rarely provides raw identifiers such as email addresses to its clients. Typically, companies send consumer records that contain identifying information to LiveRamp, which tries to find matching person records in its identity databases and then returns a pseudonymous “RampID” identifier that refers to a partial or full person record in the company’s identity databases. LiveRamp’s clients can utilize the RampID system to combine and link personal data across databases and exchange personal data across companies. They can utilize it to track website and mobile app users, recognize and profile people by “onboarding” entire customer databases and then transmit consumer records to adtech firms or large platforms for ad targeting and other purposes via LiveRamp’s “Connect” platform (section 2.2.5). In order to maintain its identity graph databases (section 2.3) and constantly keep them updated, LiveRamp obtains and purchases identity data from “offline” data sources, “match partners” and other data providers (section 2.4).
Several documents provided by LiveRamp describe how its clients can utilize the company’s identity data to recognize, track and profile people across the digital world, buy and sell data, target them with ads and personalize websites, mobile apps and other services (section 2.5). LiveRamp’s UK and French services privacy policies describe the legal justification of its data practices (section 2.6).
Applications for LiveRamp's identity graph systems
Section 3 of the report further explores applications that rely on LiveRamp’s identity surveillance technology. LiveRamp’s “Connect” platform allows clients to “distribute” consumer records to Google, Facebook, large publishers, adtech firms and other data companies. Clients can utilize LiveRamp’s identity data to transmit lists of RampIDs and other identifiers referring to persons with certain characteristics to third-party companies, referred to as “destinations”, which link the transmitted data to their own databases that contain records about millions of people (section 3.1.1). Data brokers and other businesses can utilize LiveRamp’s identity data and its “data marketplace” to sell consumer data to other companies, including in the UK and in France (section 3.1.2).
RampIDs can serve as “universal identifiers” in the broader data and adtech industry. RampIDs are transmitted via the RTB bidstream in digital advertising in order to link and match personal data across a large number of publishers, advertisers and adtech intermediaries. This occurs 60 billion times a day, according to LiveRamp (section 3.2). Google utilizes RampIDs as “join keys” between its advertising clients’ data and its own massive data sets (section 3.2.4).
Via LiveRamp’s Authenticated Traffic Solution (ATS) product, publishers such as websites, mobile apps and other digital services can turn their users’ email addresses into pseudonymous RampIDs, which can then be transmitted via the RTB bidstream in order to enable adtech firms and advertisers to profile and target these users. ATS introduces the concept of “identity envelopes”, which contain encrypted RampIDs. Identity envelopes can be decrypted and linked to other identifiers in different ways (section 3.3).
Concluding remarks
Section 4 summarizes some of the findings in this report and provides concluding remarks. LiveRamp’s identity surveillance technology relies on pseudonymization that is claimed to be “one way”. The company rarely or never provides raw identifiers such as names, postal addresses, email addresses or phone numbers to other firms. Instead, clients and partners can send consumer records that contain identifying information from different sources to LiveRamp, which returns pseudonymous RampIDs that can be utilized to combine and link consumer records across databases. A data broker can, for example, utilize RampIDs to sell personal data about millions of people to data buyers, who can then utilize RampIDs to transmit the records to third-party companies who match these records to billions of consumer records they process themselves. While RampIDs are formally “vendor-specific”, many of LiveRamp’s clients are themselves data intermediaries who process personal data on hundreds of millions of people on behalf of many of their own clients. As such, RampIDs can be utilized to exchange personal data across many actors. In addition, RampIDs specific to one company can be converted into RampIDs specific to another company. While this process is governed and controlled by LiveRamp, the findings in this report suggest that adtech intermediaries such as SSPs and DSPs can utilize this “translation” process across vendor-specific RampIDs. This translation process also facilitates the exchange of personal data across many actors.
Each time a company utilizes a RampID to link and match personal data, it processes a pseudonymous identifier that is tied to a person’s partial or full identity record maintained by LiveRamp. As a result, pseudonymization turns from a measure that protects data subjects from re-identification and personal data linkage across contexts to a more powerful means to join personal data across databases and companies than a name.
The findings in this report suggest that LiveRamp’s “Authentic Traffic Solution” (ATS) product and its encrypted “identity envelopes” may be considered a thin compliance layer over the RampID system, just as the RampID system may be considered a thin compliance layer over LiveRamp’s “offline” identity databases that contain names, postal addresses, email addresses and phone numbers. LiveRamp’s intrusive data practices may disproportionally affect the rights and freedoms of hundreds of millions of people in the UK, France and other countries, and raise questions about the lawfulness of LiveRamp’s data practices under the GDPR and UK data protection legislation.
Limitations
This report investigates LiveRamp’s data practices largely based on publicly available information provided by the company. This includes software documentation and promotional materials, which might be ambiguous and incomplete. Every effort has been made to accurately interpret these corporate sources, but we cannot accept any liability in the case of eventual errors. While LiveRamp’s software documentation consists of several thousands pages and provides comprehensive information about how its clients can utilize the company’s systems, it remains largely unclear how clients and other organizations actually implement and customize the functionality provided by these systems.