Data Deletion and Right-To-Be-Forgotten

 

NOTE: This documentation references many concepts addressed in the glossary of terms. Please visit this page before you continue.

In accordance with consumers' right to be forgotten (RTBF), you can delete consumer's personal data when it’s necessary to comply with various data protection and privacy regulations. We give you the tools to request data deletion via API or directly through the admin UI within the Salesforce DMP. That way, you can determine a plan of action for complying with the regulations that apply to you.

Many data protection and privacy regulations can require you to delete consumers’ personal data when consumers request it, or when it’s no longer necessary to keep it. If you have consumers or users who want the data that you’ve collected on them deleted, review these procedures.

Requesting Data Deletion via API

Reference technical API documentation for details on requesting deletes via API.

Requesting Data Deletion via JavaScript Consent Tag

The JavaScript Consent Tag allows you to execute delete requests asynchronously without a browser refresh. The JavaScript Consent Tag can be called after the page is loaded to send any consumer consent information that should be tracked. Please reference the technical documentation for further details.

Note: The JavaScript Consent Tag requires the Salesforce DMP JavaScript Control Tag to be deployed on the page. The JavaScript Consent Tag must be used as is: any edit or modification of the tag will not be supported by Salesforce DMP and may result in compliance failure. Please consult with your legal team accordingly.

The JavaScript Consent Tag snippet can be retrieved by navigating to Manage>> Sites in the Salesforce DMP UI and clicking the </> (Actions) button on the right.

The consent:remove method can be called to initiate a RTBF (request to be forgotten) request for a data subject. The function call should be executed as follows, with optional parameters and callback:

Krux('ns:mynamespace', 'consent:remove', parameters, callback);

Requesting Data Deletion in the DMP

Follow these steps to request data deletion for a user.

  1. Click the Consumer Rights Management tile
  2. Click Raise a new request and select Right to be forgotten request
  3. Select the user identification type for your request
    1. List a single ID or set of IDs in the text box
    2. For multiple IDs, input one ID per row
  4. Enter the applicable user identifiers
  5. Click Submit

GDPRDelete1.pngGDPRDelete2.png

 

Requesting Data Deletion via File

If you choose not to integrate via other supported methods, you can request deletes via file. All requests collected through files process daily, so the system will not register the request until after daily jobs have processed.

Location

Please upload files to the following location.

s3://krux-partners/client-{NAME}/uploads/consent-data/{DATE}/

Format

Device Format:
idt^dt^idv^ACTION^PR^{FLAGS}^TS

Bridge Key Format:
idt^bk^idv^ACTION^PR^{FLAGS}^TS

Note: For the remove action, policy regime (pr), flags, and timestamp (ts) are optional. For more detail on the consent flags format, please refer to Consent Flags section of the DMP Consumer Rights Management Concepts and Glossary document.

Examples of valid records for data deletion requests:

device^kxcookie^abcdef123^remove^global^dc=1&tg=1&al=1&cd=1&sh=0&re=1^1515471711277000

device^idfa^6D92078A-8246-4BA4-AE5B-76104861E7DC^remove^^dc=1&tg=0&al=0&cd=1&sh=0&re=0^

bk^email_sha256^f660ab912ec121d1b1e928a0bb4bc61b15f5ad44d5efdc4e1c92a25e99b8e44a^remove^global^^1515471711277000

bk^email_sha256^f660ab912ec121d1b1e928a0bb4bc61b15f5ad44d5efdc4e1c92a25e99b8e44a^remove^^^

Regardless of whether or not you submit data for the optional policy regime or timestamp, include all of the delimiters. Data will not process without all delimiters.

Compression

The DMP supports gzip and lzo compression types, but recommends lzo with an lzo index file. If you choose to use gzip, the maximum supported size is 1GB per file submitted. Alternatively, the DMP does support plain text files.

Data Deletion Impact

After you request that data be deleted for a given user, we delete all data from the DMP that is tied to the identifier you submitted. This happens within 90 days of the initial request. Deleted data includes, but is not limited to:

  1. Segments
  2. Ad Impressions
  3. Events
  4. Transactions
  5. User's Page Views
  6. User Attributes
  7. Heartbeats

We don't immediately delete this data due to potential audit requirements.

Consent History
We don't delete consent logs even if the user opted out or invoked their right to be forgotten. These logs are required to prove our decision making related to various consent, opt-in, and opt-out behavior.

KUID and BK Relationships (user match)
These data are required to show that when device data was deleted based on a bridge key input, we executed those changes against all devices known to be associated with that bridge key.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.