NOTE: This documentation references many concepts addressed in the glossary of terms. Please visit this page before you continue.
In accordance with consumers' right to be forgotten (RTBF), you can delete consumer's personal data when it’s necessary to comply with various data protection and privacy regulations. We give you the tools to request data deletion via API or directly through the admin UI within the Salesforce Audience Studio. That way, you can determine a plan of action for complying with the regulations that apply to you.
Many data protection and privacy regulations can require you to delete consumers’ personal data when consumers request it, or when it’s no longer necessary to keep it. If you have consumers or users who want the data that you’ve collected on them deleted, review these procedures.
Requesting Data Deletion via API
Reference technical API documentation for details on requesting deletes via API.
Requesting Data Deletion via JavaScript Consent Tag
The JavaScript Consent Tag allows you to execute delete requests asynchronously without a browser refresh. The JavaScript Consent Tag can be called after the page is loaded to send any consumer consent information that should be tracked. Please reference the technical documentation for further details.
Note: The JavaScript Consent Tag requires the Salesforce Audience Studio JavaScript Control Tag to be deployed on the page. The JavaScript Consent Tag must be used as is: any edit or modification of the tag will not be supported by Salesforce Audience Studio and may result in compliance failure. Please consult with your legal team accordingly.
The JavaScript Consent Tag snippet can be retrieved by navigating to Manage>> Sites in the Salesforce Audience Studio UI and clicking the </> (Actions) button on the right.
The consent:remove method can be called to initiate a RTBF (request to be forgotten) request for a data subject. The function call should be executed as follows, with optional parameters and callback:
Krux('ns:mynamespace', 'consent:remove', parameters, callback);
Requesting Data Deletion in Audience Studio
Follow these steps to request data deletion for a user.
- Click the Consumer Rights Management tile
- Click Raise a new request and select Right to be forgotten request
- Select the user identification type for your request
- List a single ID or set of IDs in the text box
- For multiple IDs, input one ID per row
- Enter the applicable user identifiers
- Click Submit
Requesting Data Deletion via File
If you choose not to integrate via other supported methods, you can request to have a RTBF pipeline set up for you. All requests collected through files process daily, so the system will not register the request until after daily jobs have processed.
Audience Studio updates the consolidated consent but does not delete the consent data available to the API. Customers querying the API will see the old values of consent flags even after RTBF has been processed.
For Audience Studio customers, RTBF requests made through the file method get applied to the Audience Studio consent API, so that consent data stored for API lookup can also be deleted. In other words, you can now check that their RTBF requests updated all consent flags to false via the consent API.
RTBF requests through FILE do work, but if you need a confirmation of deletion (which could take up to 90 days from the moment of logging the request) then it's better to use API instead because FILE method will not give confirmation of deletion.
Location
Please upload files to the following location:
s3://krux-partners/client-{NAME}/uploads/consent-data/YYYY-MM-DD/
Format
Device Format:
idt^dt^idv^ACTION^PR^{FLAGS}^TS
Bridge Key Format:
idt^bk^idv^ACTION^PR^{FLAGS}^TS
Note: For the remove action, policy regime (pr), flags, and timestamp (ts) are optional. For more detail on the consent flags format, please refer to Consent Flags section of the Audience Studio Consumer Rights Management Concepts and Glossary document.
Examples of valid records for data deletion requests:
device^kxcookie^abcdef123^remove^global^dc=1&tg=1&al=1&cd=1&sh=0&re=1^1515471711277000
device^idfa^6D92078A-8246-4BA4-AE5B-76104861E7DC^remove^^dc=1&tg=0&al=0&cd=1&sh=0&re=0^
bk^email_sha256^f660ab912ec121d1b1e928a0bb4bc61b15f5ad44d5efdc4e1c92a25e99b8e44a^remove^global^^1515471711277000
bk^email_sha256^f660ab912ec121d1b1e928a0bb4bc61b15f5ad44d5efdc4e1c92 a25e99b8e44a^remove^^^
Regardless of whether or not you submit data for the optional policy regime or timestamp, include all of the delimiters. Data will not process without all delimiters.
Compression
Audience Studio supports gzip and lzo compression types, but recommends lzo with an lzo index file. If you choose to use gzip, the maximum supported size is 1GB per file submitted. Alternatively, Audience Studio does support plain text files.
Data Deletion Impact
After you request that data be deleted for a given user, we delete all data from Audience Studio that is tied to the identifier you submitted. This happens within 90 days of the initial request. Deleted data includes, but is not limited to:
- Segments
- Ad Impressions
- Events
- Transactions
- User's Page Views
- User Attributes
- Heartbeats
We don't immediately delete this data due to potential audit requirements.
Once the data deletion is complete, we will drop a SUCCESS file on the following location:
s3://krux-partners/client-{NAME}/rtbf/requestID/YYYY-MM-DD/_SUCCESS
Consent History
We don't delete consent logs even if the user opted out or invoked their right to be forgotten. These logs are required to prove our decision making related to various consent, opt-in, and opt-out behavior.
KUID and BK Relationships (user match)
These data are required to show that when device data was deleted based on a bridge key input, we executed those changes against all devices known to be associated with that bridge key.
0 Comments