Kontagent CEO Addresses Facebook MMP Ban in Blog Post
“We have held a longstanding relationship with Facebook,” wrote Yang (pictured). “As a social and mobile analytics provider, we work with Facebook data to provide our many customers with important information like virality and app install tracking. We will continue to provide our customers with this information; however, we will not be accessing Facebook data to attribute app installs moving forward.
“As background, Facebook has been auditing all of their mobile measurement partners. We received the results of the audit last week and were notified yesterday that we’re no longer a part of their Mobile Measurement Program, which shares information we use to attribute app installs generated by its install-based ad network. The rest of our relationship with Facebook remains intact, but we are no longer participating in this narrow, but important area. More specifically, we will continue working with Facebook as a market-leading provider of analytics for their social and mobile app developers as well as for attribution on the web.
“Addressing our participation in the Mobile Measurement Program, I’d like to mention that no data leakage, user privacy or security integrity failures occurred. Data security and privacy are primary concerns at our company and is also a growing and important global issue. We’ve been in the business of data for 7 years and have never had a privacy and data security issue. We take this issue very seriously and I can strongly state privacy was not the concern as communicated to us by our representatives at Facebook (and their auditing firm).
“We ran into issues with Facebook’s policy due to the length of time we stored MMP data and the ultimate location where that data was stored.
“…So how did we not comply with Facebook’s policy? In an effort to be fully transparent, I’ll get into the specific details. This is a lengthy explanation, but we think it’s important to convey all of the details about the situation and the steps that we take everyday to protect end user data.
“…Facebook’s auditor determined that we stored MMP data for more than the time period allowed by Facebook’s policy. Our intention was to go above and beyond what was asked to protect this data, but we dropped the ball on an important data storage timeline requirement.
“In the interest of privacy and security, we encrypted all of the data we collected via MMP. This was not required by Facebook, but we did this because it has significant end-user privacy benefits. Specifically, no raw ad campaign information is ever stored unencrypted. This means that if our systems were hacked or our customers downloaded this data, as we permit since it’s their data, they would receive encrypted, useless data without the keys.
“If you’re familiar with how encryption works, then you know that it involves keys that allow us to encrypt and decrypt data. We used a unique encryption key per each day of data, which demonstrates our serious commitment to privacy and security. Addtionally, these keys were stored on separate hardware from the MMP data. Our method for “deleting” this data was to destroy the unique daily keys according to the timing requirement outlined in Facebook’s policy. The underlying unencrypted data was never stored, and the daily encryption keys were deleted promptly.
“To be very clear, retaining the data even without the keys does represent a risk because hackers could try to break in and attempt to decrypt it. Storing the encrypted data beyond the required timeframe was an error on our part and could have been easily resolved had we been given the opportunity to remedy the situation.
“…The policy states that data collected via MMP is to be stored separately from all other data collected. As noted above, we stored our encryption keys separately, but not the encrypted data. As a result, we did not comply with the MMP.
“We understand there may also be a concern that by commingling the data, it is easier to use MMP data for purposes other than attribution. Kontagent absolutely DID NOT use it for any purpose other than attribution.
“…Facebook requested that we notify our customers who utilized this information of Facebook’s requirement that they notify their own end users that this information was being collected. This could have been accomplished through a simple change to our Terms of Service (and was actually changed yesterday morning).
“…During Facebook’s audit we learned that the issue was not a failure to communicate with our clients, but that we did not display the program’s disclosure requirement in a prominent location in our marketing materials.
“…In short, Kontagent created an encryption policy that we designed to completely protect user privacy while addressing Facebook’s policy in one elegant solution. In hindsight, while our intentions were good, we overthought the solution when a more basic approach would have better met Facebook’s requirements.
“I completely respect the audits that Facebook conducts to ensure their partners are properly compliant. We feel each of these requirements can be quickly addressed and we hope to have to the opportunity to participate in MMP again.
“Facebook has built a tremendous platform in mobile, and in a breathtakingly short period of time, has become a dominant player in the mobile performance ad space. User acquisition is but one component of the Kontagent+PlayHaven combination, but it’s important that we are able to help our customers measure users from every relevant channel and we will continue to do so. In the meantime we will be working hard to continue to grow the relationship with Facebook and hopefully expand it in other ways as we look to integrating more social capabilities into our platform – a common request from our customers.”
I like the way Andy came out – I don’t like the blog was closed for comment. Because this could be very good learning lesson for more venders then we know. Most vendors of this type data could be just as open to this type of “TOS” issue by the big guys.
It would be a very good way to establish a dialog on the “Standards of data storage.”
I would ask Andy how long were they stowing the data. If would share that with us.
Great Job Stepping Up Andy!!
Leave a Comment
- DataXu Marries Personalized Storytelling and Programmatic with Acquisition of JasperLabs
- LinkedIn Launches Sponsored Updates API and Partner Program
- MediaMath Acquires Tactads to Enable Cookieless, Cross-Device Targeting and Measurement
- The Built-for-Mobile Ad Space Heats Up: AOL Introduces Mobile App Install Native Ads
- Rocket Fuel Publishes 11 Best Practices for Programmatic Advertising