The little SFBX glossary
Essential words in our sector:
- CMP stands for Consent Management Platform. The CMP is a technological platform specifically dedicated to the collection, recording, restitution and proof of consent given by Internet/mobile users in the field of personal data management on the various digital platforms (websites, applications, connected TV, etc.). It also ensures the transmission of end-user consent parameters to all partners wishing to use the data collected and for which the request for authorization has been submitted.
- Consent : means any manifestation of free, specific, informed and unambiguous will by which the person concerned accepts, by a declaration or a clear positive act, that personal data concerning him or her be the subject of processing, as defined by the Personal Data Regulation. This consent must be obtained prior to the deposit and reading of cookies or tracers on the digital platform used by the Internet user/mobinaut. Consent is not a new concept, since it was already included in the Data Protection Act and then in the ePrivacy Directive. However, the RGPD completes its definition and specifies this notion on certain aspects, in order to allow the persons concerned to exercise a real and effective control on the processing of their data. Consent is one of the 6 legal bases provided for by the GDPR authorizing the implementation of personal data processing with legal obligation, contract, public interest mission, safeguarding vital interests and legitimate interest.
- Personal data This is any information relating to a natural person who is likely to be identified or identifiable, directly (e.g. surname or first name) or indirectly (e.g. an identification number, biometric data, voice or image). The identification of a person can be made from a single piece of data (e.g. a name, a fingerprint, a postal address, an e-mail address, a telephone number, a social security number, etc.) or from a combination of data (e.g. a man with such and such an occupation, living at such and such an address and born on such and such a day).
- Notice Notice: this is the name we give to the consent window that appears on all digital platforms (websites, applications, connected TV, etc.), collecting personal data. This window informs and asks for consent to place cookies/trackers on the users' computer/phone/TV (etc..). Through this notice, the user is able to make informed choices by knowing all the partners and purposes for which these cookies or trackers are deposited. This window must comply with the requirements of the RGPD, the ePrivacy directive and the guidelines and recommendations of the CNIL. For example: the presence of the buttons "Accept all", "Refuse all" and "Customize my choices".
- Publishers : (publishers in French). Publishers provide the capacity and inventory in their applications or websites that allow advertisers to serve ads. They are the ones who must collect consent directly from their visitors. In the IAB Framework, publishers are digital media that publish content on the Internet or mobile applications. Publishers represent the first party, i.e. the website or application that the user has sought to access.
- Tracers The CNIL uses the term "tracer" to refer to what is more generally known as a cookie, i.e. the reading and/or writing of information on a user terminal, whether on a computer browser, a smartphone, a voice assistant, a connected TV or any other connected object.
The tracers are for example :
- HTTP cookies,
- flash" cookies,
- the result of the calculation of a unique fingerprint of the terminal in the case of "fingerprinting" (calculation of a unique identifier of the terminal based on elements of its configuration for tracing purposes),
- invisible pixels or "web bugs",
- any other identifier generated by a software or operating system (serial number, MAC address, unique terminal identifier (UTI), or any set of data that is used to calculate a unique fingerprint of the terminal (e.g. via a "fingerprinting" method)
On the regulator's side
- CNIL The Commission Nationale de l'Informatique et des Libertés (CNIL) was created by the Data Protection Act of 6 January 1978. It is responsible for ensuring the protection of personal data contained in computer files and processing or paper, both public and private. Thus, it is responsible for ensuring that information technology is at the service of the citizen and that it does not infringe on human identity, human rights, privacy, or individual or public freedoms. The CNIL is an independent administrative authority (AAI), i.e. a public body that acts on behalf of the State, without being placed under the authority of the government or a minister. It is composed of 18 elected or appointed members and is supported by departments. It has a role of alert, advice and information to all publics but also has a power of control and sanction.
- Data Protection Act : Created in 1978, amended in 2004 and then in 2019 to incorporate the ePrivacy Directive and then the RGPD. It regulates all processing of personal data. It therefore applies to all sectors that use personal data in the course of their activities. Several provisions are included in this law, namely:
- The obligation to declare files containing personal data to the CNIL,
- The prohibition of collecting sensitive data, i.e. data relating to religion, health, politics, etc. (with some exceptions),
- The principle of fair data collection,
- The obligation to ensure the security of all data collected,
- The obligation to inform the individuals concerned of the collection of theirrs their data,
- The right to access, modification and deletion of the data in question,
- RGPD The acronym RGPD stands for " General Data Protection Regulationrotection of Data " (in English "General Data Protection Regulation" or GDPR). The GDPR regulates the processing of personal data on the territory of the European Union, since May 2018. The legal context is adapting to keep up with changes in technology and our societies (increased digital uses, development of online commerce...). This This new European regulation is a continuation of the French Data Protection Act of 1978 and strengthens the control of European citizens over the use that can be made of their data. It harmonizes the rules in Europe by providing a single legal framework for professionals. It allows them to develop their digital activities within the EU based on user trust. Any organization, regardless of its size, country of establishment and activity, may be affected. Indeed, the GDPR applies to any organization, public and private, which processes personal data on its behalf or not, as soon as:
- it is established in the territory of the European Union,
- or that its activity directly targets European residents.
- ePrivacy Directive Directive on Privacy and Electronic Communications (2002/58): European directive of July 12, 2002 on the protection of privacy in the electronic communications sector. This European directive aims to specifically protect privacy on Internet. It was transposed and integrated into the Data Protection Act in 2004.
On the market side
- ALS : for Service Level Agreement, is a contract or part of a contract by which an IT provider undertakes to provide a set of services to one or more customers. In other words, it is a contractual clause that defines the precise objectives and the level of service that a client is entitled to expect from the signatory service provider.
- KPI : For Key Performance Indicator, is a quantified element that must be determined before the launch of an action, in order to assess the impact and determine the ROI (return on investment). The analysis takes into account several KPI to estimate, for example, the number of visitors to calculate the rate of consent of a website in digital marketing or the rate of subscription to a product.
The IAB lexicon
- IAB : The IAB (Interactive Advertising Bureau) is an international association created in 1998, bringing together the players in Internet advertising and whose mission is threefold: to structure the digital advertising market, to encourage its use and to optimize its effectiveness.
- TCF : For Transparency & Consent Framework developed under the aegis of the IAB Europe, proposes common rules to be adopted when processing personal data or accessing and/or storing information on a user's terminal, such as cookies, advertising identifiers, device identifiers and other tracking technologies. The aim is therefore to provide users with greater transparency on the use of their personal data, as well as to collect their consent and transmit it to all advertising actors identified in the GVL. In practice, the IAB Framework functions as a system for communicating the status of user consent between first parties (i.e. publishers), third parties (i.e. advertisers) and the consent management provider (i.e. the CMP) used on the first party's website.
- GVL : For Global Vendors List, is the registry of vendors that participate in the TCF. All vendors, including sell-side platforms (SSPs), demand-side platforms (DSPs), ad servers, and data management platforms used on a publisher's site, may apply to join the GVL.
- Purpose : For "purpose" in French. The 12 collection purposes defined by the IAB are called IAB purposes.
- Store and/or access information stored on a terminal
- Select standard ads
- Create a custom ad profile
- Select custom ads
- Create a profile to display personalized content
- Select custom content
- Measuring ad performance
- Measuring content performance
- Leverage market research to generate audience data
- Develop and improve products
- Ensure security, prevent fraud and debug
- To technically distribute the advertisements or content
- Stack Stack is a defined group of IAB purposes. A stack is a defined group of IAB purposes. In total, the IAB has defined 42. This list can be found on the IAB website Europe website.
- Vendors For vendors in French. In the IAB Framework, these are third-party advertisers with whom the publisher has chosen to partner. Vendors display third-party content on the publisher's website or application. They are the ones who place cookies or marketing trackers on the end user's browser or application in order to display relevant ads to potential customers.
Words related to our activities
- Blockchain : Developed from 2008, blockchain is primarily a technology for storing and transmitting information. This technology offers high standards of transparency and security because it operates without a central control body. More concretely, the blockchain allows its users - connected in a network - to share data without intermediaries.
- Environment Centric : understanding the environmental impact of products and technological infrastructures from the moment they are built.
- Privacy by default the controller must provide the highest level of protection to data subjects by default, which implies that security and protection measures are taken systematically when processing personal data.
- Privacy by design Privacy by design is a concept that requires companies to integrate the principles of the RGPD into the design of a project, a service or any other tool related to the handling of personal data. The idea is to impose that each new technology intended to process personal data must be designed to offer a high level of data protection.
- Privacy by security Privacy by security: all data collected is anonymized, encrypted and hashed, which ensures security in the processing and integrity of the data.
- UX design : for User Experience Design, is a set of methods whose objective is to place the human being at the heart of the design process by identifying his or her needs and obstacles in a given context.
Terminologies to be found in our products
- Extra purposes purposes: the client can create his own, non-IAB purposes to be included in the consent notice or not, in the latter case, they will be called floating purposes.
- Extra vendors The customer can add his non-IAB partners by linking them with IAB or non-IAB purposes.
- Organic data : cThis is data collected on the user's device for which there is no need for system permission. This data is basic and non-intrusive. Examples: manufacturer, OS, version, etc...
- AMP Accelerated Mobile Pages, is a publishing format created by Google to accelerate the display of pages on mobile devices.
- MAU / UU : For Monthly Active Users / Unique users. This is the monthly number of active users.
Exclusive to certain offers
- A/B testing Premium] A/B testing is a procedure to test the impact of a change in the version of a variable on the achievement of an objective (click, validation, etc.).
- Cohorts [Premium] : This feature allows you to present a consent window to a specific group of people with the knowledge of their identifiers.
- Consent guard Premium] This AppConsent feature allows you to do a first level scan of the cookies deposited on a website.
- External ID's Premium] : With this feature, the client can choose the ID associated with a user consent.
- Rollback [Standard / Premium] This feature allows customers to rollback to previous versions of their records with one click.
- ATT [Standard / Premium] : On iOS, user consent for ad tracking is managed by the AppTrackingTransparency (ATT) system. App developers will now be required to use the AppTrackingTransparency framework if their app collects user data and shares it with third parties for tracking purposes between apps and websites. If the user does not actively accept ATT, IDFA will not be available and tracking of apps across websites and apps will be prohibited.