Sending Data Subject Rights Requests
See the appropriate sections below for information on sending requests to LiveRamp, on retrieving subject access request information from LiveRamp, on retrieving opt-outs and deletions from LiveRamp, and on requests to correct inaccurate personal information.
See the appropriate sections below for information on sending requests to LiveRamp, on retrieving subject access request information from LiveRamp, on retrieving opt-outs and deletions from LiveRamp, and on requests to correct inaccurate personal information.
At times, a consumer might make one of the following data subject rights requests:
Request to opt out of the sale or sharing of their personal information
Request that their personal information be deleted
Request access to information about what personal information is being held and how it is being used (subject access requests)
Request to correct inaccurate personal information
For questions on implementation, create a case on the LiveRamp Community portal. If you do not have access to the portal, contact your LiveRamp account team.
How LiveRamp Processes Requests
The sections below explain how LiveRamp processes the various types of consumer requests for all workflows except Measurement Enablement. For information on how we process requests for that workflow, see the "Consumer Requests for Measurement Enablement Workflows" section of this article.
Opt-Out, Deletion, and Correction Requests
LiveRamp has developed processes to incorporate opt-outs and deletion requests into our data delivery workflow. These processes affect both customers and partners who send us data and customers and partners who receive data from us. Once we've ingested the request data, LiveRamp implements the requests in our systems.
For deletions: We delete that consumer's information from that client's databases in our systems. Deletion requests are completed within 45 days.
Customer Profiles regularly checks for new requests and removes records from all segments associated with the deletion request. This is not the same as the segment deletion feature, which can be enabled to remove users from specific segments.
Analytics Environment: Records containing the deletion request will be deleted from all datasets.
For opt-outs: We store that information in an opt-out database. We then check all future uploaded Activation and Data Marketplace files containing consumer personal information against the client's and LiveRamp's opt-out database to ensure opted-out consumers are no longer part of workflows until their preference status has changed. Clients should remove opted-out consumers from the Measurement Enablement workflow files before uploading.
Customer Profiles suppresses delivered RampIDs from being distributed on a go-forward basis. This does not include retroactive opt-outs to downstream destinations unless the organization is also a LiveRamp Connect customer and the destinations to which they distribute have deletions-enabled integrations or are participating in processing opt-out request files sent by LiveRamp Data Stewardship.
Analytics Environment: Opt-out requests will populate a CONSUMER_OPTOUT table in the _wh dataset. This table will contain the request type, RampID, and date of the request for the user. If you want to ensure users are opted out in their activities, perform a join on this table to suppress overlapping users. If a user accidentally includes an opted-out in a segment for targeting in Customer Profiles, it will be suppressed in Customer Profiles.
For corrections: To simplify the process of correcting inaccurate personal information, the consumer will be fully deleted following a deletion request (see above), and replaced after you resubmit the consumer information with the corrected attributes. Correction requests are completed within 45 days.
Caution
To ensure continued compliance, once you have received a deletion request, refrain from uploading or including any personal information associated with that consumer, unless you intend to replace that consumer's information with their corrected attributes to fulfill a correction request.
For data buyers: LiveRamp cannot apply your buyer opt-outs to third-party segments inside destination platforms. To honor the requests, we recommend creating a suppression file of opted-out users and apply it to the relevant segments before distributing those segments to any destination.
For both request types, we convert the input identifiers to the identifiers that are used for each active destination and then make those opt-outs and deletions available to your favorite downstream Activation destinations.
Subject Access Requests
When you send us a subject access request, we run lookups against all the data we are currently holding in your LiveRamp audiences in all of the LiveRamp systems that the consumer's personal information has been used in (such as Data Marketplace or in Activation workflows). However, we do not run lookups in LiveRamp data or other client data.
We then generate a file with the information on that consumer, which you can then download from the LiveRamp SFTP. See the "Retrieving Subject Access Request Information from LiveRamp" section of this document for more information.
Customer Profiles will form a request for a file containing the information on the data subject, and LiveRamp Data Stewardship will make the SAR file available via a case in LiveRamp Community.
Analytics Environment will send the information about the RampID in the request to LiveRamp Data Stewardship, who will make the SAR file available via a case in LiveRamp Community.
Sending Requests to LiveRamp
If you're a LiveRamp client or partner who sends consumer personal information to LiveRamp, the process to follow to deliver requests is very similar to the usual way you would upload files into LiveRamp. This includes clients who use Activation and Data Marketplace, as well as Match Network partners and RampID Expansion partners.
For the most effective propagation of your consumer requests, we highly recommend that you either send consumer request files containing PII (such as name and postal, phone number, and email address) or RampIDs.
Note
For clients using Measurement Enablement, the opt-out methods are different. See the "Consumer Requests for Measurement Enablement Workflows" section of this article for more information.
For subject access requests: Create a unique alphanumeric request ID for each row of data in the uploaded file so that we can use that ID to identify the data we're passing back to you. Use "CCID" for the column header of that column. Subject access requests are not passed downstream.
LiveRamp Resellers: If you are a reseller of LiveRamp services, direct your clients who leverage the service and wish to deliver opt-outs or deletions via LiveRamp to prepare files for delivery according to the directions below. See the "Retrieving Opt-Outs and Deletions from LiveRamp" article if you will need to process these opt-out or deletion requests on behalf of your clients.
Create a case in the LiveRamp LiveRamp Community portal to confirm the types of identifiers you'll be sending (PII, cookies, mobile device IDs, etc.) and to request that the appropriate folders be created on the LiveRamp SFTP.
Create column-based files of your request data by request type (opt-outs, deletions, subject access requests), and within each request type, segregate your data into separate files by identifier type (if necessary):
Note
For file examples and downloadable templates for each identifier type, see "File Formatting Examples and Templates".
After you have sent an initial request file, only include new requests in subsequent files. Do not send a consumer requests file that contains requests that you have sent previously.
PII (such as name and postal, phone number, email address) (recommended)
RampIDs (recommended)
Plaintext mobile device IDs (IDFAs and AAIDs)
SHA-1-hashed IDFAs
SHA-1-hashed AAIDs
Cookies
For subject access request files, add a column with a unique request ID for each consumer.
Caution
For opt-outs and deletion requests: Only include identifier fields in your request files. Do not include any other fields.
Format your files the same way you would format other column-based files to upload to LiveRamp. See "Formatting File Data" for more information.
Once the LiveRamp Technical Support team has provided the folder and subfolder locations, upload your request files to the appropriate folders or subfolders on the LiveRamp SFTP. See "Upload a File via LiveRamp's SFTP" for instructions.
Note
You can use your existing LiveRamp SFTP credentials. If you don't currently upload files to the LiveRamp SFTP, the Technical Support team will give you SFTP credentials.
If you want to check the status of your uploaded request files, create a support case.
Consumer Requests for Measurement Enablement Workflows
Consumer requests for Measurement Enablement workflows are implemented differently from other LiveRamp workflows:
For deletions: Because Measurement Enablement is a "file in, file out" workflow where we only store input data for 15 days (in the event that there's an issue with file processing), deletions effectively happen automatically after the 15-day period ends.
Note
Ingested data is retained in other LiveRamp systems for 30 days.
For opt-outs: Because Measurement Enablement is a "file in, file out" workflow, clients are expected to apply their own opt-outs to their Measurement Enablement workflow files before uploading to LiveRamp.
For subject access requests: Because Measurement Enablement does not involve long-term data storage, we do not process subject access requests on consumer data uploaded for these workflows.
For Measurement Enablement workflows where you're sending personal information to a measurement partner, you and your partner determine whether it is necessary to forward opt-outs or deletions. Follow these steps If you choose to forward these requests:
You and the partner agree upon an expected format for the requests.
You create a case in the LiveRamp LiveRamp Community portal to set up a non-billable measurement that will be used to deliver opt-outs and deletion requests.
You use the provided SFTP location to deliver opt-outs or deletions to your partner.
Retrieving Subject Access Request Information from LiveRamp
Within 45 days of receiving a subject access request from you, we do our lookup and generate a JSON file containing the relevant information. To retrieve the JSON files, download the file from the "/SAR_Output" subfolder on your account on the LiveRamp SFTP.