Privacy Manager
LiveRamp Privacy Manager is an innovative enterprise Consent Management Platform (CMP) for all third-party tracking technologies on all of your websites and mobile applications. With a full Audit Trail, the CMP enables every site and app to fully comply with the GDPR and other data protection and privacy regulations without any negative business impact.
The Privacy Solutions team at LiveRamp is dedicated to providing a better online value exchange for consumers. In order to achieve this goal, LiveRamp has created a trusted and privacy-compliant platform to power Preference (CCPA) and Consent (GDPR) management across web and native applications.
LiveRamp Privacy Manager is a self-service SaaS solution. We provide extensive help documentation on this site that contains step-by-step instructions on how to configure and implement the Privacy Manager.
The Support team offers guidance to the right content in the help documentation, explains product functionalities and implementation processes, and gives guidance/advice with bug reporting and product feedback.
Incident Handling
The following diagram describes incident severity, description, response time, and resolution.
Problem Severity | Description | Initial Response Time | Incident Resolution |
|---|---|---|---|
Level 1 - Emergency | Production application down or major malfunction resulting in Privacy Manager inoperative condition. The specific functionality is mission-critical to the business and the situation is considered an emergency (for example, failure of consent string processing on all browsers or devices, complete service unavailability) | Within 2 hours | At least temporary incident resolution within 24 hours with further communication on the planning of the permanent fix rollout if applicable. |
Level 2 - Elevated | Critical loss of application functionality or performance resulting in a high number of users unable to perform their normal functions. Major feature/product failure; inconvenient workaround or no workaround exists. The program is usable but severely limited. (e.g. partial consent string unavailability, specific devices or browsers affected) | Within 24 hours (excluding weekend and public holidays) | Upon testing, troubleshooting, and verification by the client within 2 weeks. The time LiveRamp is awaiting a response from the Client is not counted in the total resolution commitment of 2 weeks. |
Level 3 - Standard | A customer is able to use the software; however, there is a non-critical loss of functionality. Software updates cannot be installed or some minor functionality fails after update (for example, Singular Privacy Manager (CMP) malfunctioning on live or testing environment, up to 10% live users) | Within 24 hours (excluding weekend and public holidays) | Upon testing, troubleshooting, and verification by the client with no specific commitments on both ends. |
LiveRamp Privacy Manager focuses exclusively on obtaining and documenting consent, as well as providing instructions to downstream partners to comply with the choices made by the consumer (CCPA) or the data subject (GDPR).
The data LiveRamp Privacy Manager collects is limited to the user-agent, including device type and browser family for reporting purposes. When it comes to proof-of-compliance, we assign each user a unique identifier per domain or application, called an Audit ID, and connect the consent choices to that identifier.
LiveRamp has product offerings outside of Privacy Manager and if the client chooses to do so, these offerings can be consolidated together with Privacy Manager. However, unless explicitly requested and configured by the client, the Privacy Manager is a fully standalone application exclusively dealing with Consent and Preferences. Data are not used for any other purpose than providing Consent and Preference solutions to our customers and their clients.
Our CMP is built on top of Amazon Managed Web Services with a serverless architecture. Privacy Manager is fully cloud-based (AWS) and is event-driven. AWS cloud servers are located in Ireland (EU-West-1), Germany (EU-Central-1), France (EU-West-3), and the U.S. (U.S. East). We do not offer the option for the clients to host the solution on-premise.
We take great care of our customers’ data, therefore we have put multiple measures in place to protect it:
We audit our infrastructure every 36 hours against frameworks like CIS and PCI.
For threat detection, we have a Smart Security Information Event Management (SIEM) system in place. In addition, we have anomaly detection systems with machine learning in place at our cloud provider.
Lastly, we have a Security Operation Center (SOC) that monitors our infrastructure 24/7.
In addition, we have processes in place for employees working with personal information (both in training and guidelines) and use MFA for all critical systems.
We have implemented several Data Loss Prevention (DLP) solutions, including:
Disk mirroring managed by AWS Managed Services through the use of S3 Buckets Backup / Recovery process
Glacier for backup storage and is based on versioning which implies that during recovery the latest version will be applied
An automated disaster recovery plan
Infrastructure as Code (IaC) which provides us with the ability to do a complete recovery in a matter of hours apart from consent data transfer
Uninterruptible power supply (UPS) and Fire safety installations which are part of Amazon Data Center safety measures
Emergency plans (documented and tested) Measures against DDOS attacks
LiveRamp acts as a “Data Processor” under the GDPR. We act as a data processor under GDPR to the extent we process personal data about EU citizens on behalf of the clients. In this instance, our clients are considered data controllers. LiveRamp processes the personal data according to the contract and written instructions from the data controller. For more information or to access our Data Processing Agreement, please contact privacy-manager@liveramp.com.
Description of processing:
LiveRamp processes Personal Data as necessary to perform the Privacy Manager Services. These Processing activities include the provision of a CMP (Consent Management Platform).
Controllers can choose the parties that will receive consent statuses, including but not limited to the IAB (Interactive Advertising Bureau) TCF (Transparency & Consent Framework) sharing and propagation of consent status.
Purposes of processing:
The purpose of the processing is the provision of the aforementioned CMP (Consent Management Platform) Services by LiveRamp pursuant to the Services Agreement, as instructed by the Controller in this Data Processing Agreement.
Categories of personal data:
Consent status and associated data, as per Customer parametrization in the Services dashboard.
Types of sensitive Personal Data subject to Processing according to the Agreement:
We do not process any sensitive personal information.
Categories of data subjects:
Visitors of the online properties (websites and apps) of the Customer.
Applicable retention time limit (or criteria for determining this):
As per Customer parametrization in the Services dashboard. Generally, the maximum storage duration can be for five (5) years.
List of Subprocessors
LiveRamp Privacy Manager supports elements of the WCAG 2.1 standard where applicable in a complex interface like that of a CMP. Our CMP supports the following elements:
Text Alternatives for Non-text Content
Controls, Input: If non-text content is a control or accepts user input, then it has a name that describes its purpose.
Decoration, Formatting, Invisible: If non-text content is pure decoration, is used only for visual formatting, or is not presented to users, then it is implemented in a way that it can be ignored by assistive technology.
Navigable
Link Purpose (In Context) - Level A: The purpose of each link can be determined from the link text alone or from the link text together with its programmatically determined link context, except where the purpose of the link would be ambiguous to users in general.
Headings and Labels - Level AA: Headings and labels describe the topic or purpose.
Clients receive full access to the Privacy Manager UI and features by using the LiveRamp Console. Privacy Manager will ensure full compatibility with the latest official browser releases. The following browsers are supported.
Note
All updates are backward compatible meaning we will keep using the same API calls and trigger events. The API will only change if the IAB Transparency and Consent Framework (TCF) has a major release (such as the switch from TCF 1.1 to 2.0 in Q2 2020).
Desktop Browsers
The latest versions of most desktop browsers are supported.
Mobile Browsers
The latest versions of most mobile browsers are supported.
The following browsers are tested with every release:
Privacy Manager Mobile SDK
The latest versions of the following OS are supported.
