The mathematical formulas convert people’s names and other purchase information, including the time stamp, location, and the amount of the purchase, into anonymous strings of numbers. The formulas make it impossible for Google to know the identity of the real-world shoppers, and for the retailers to know the identities of Google’s users, said company executives, who called the process “double-blind” encryption.
The companies know only that a certain number of matches have been made. In addition, Google does not know what products people bought.
“Through a mathematical property we can do double-blind matching between their data and our data,” said Jerry Dischler, vice president of product management for AdWords, Google's online advertising service, in an interview. “Neither gets to the see the encrypted data that the other side brings.”
The tech giant declined to describe its mathematical formulas in anything more than broad terms, citing a pending patent. Dischler said the work was based on a 2011 research paper by three MIT scientists, which was funded by Google and Citigroup.
Dischler described the modeling as a “revolutionary” step forward for both Google and advertisers. He added that users who signed into Google’s services had consented to Google sharing their data with third parties.
But the company would not say how merchants had obtained consent from consumers to pass along their credit-card information. Google said it requires its partners to use only personal data that they have the “rights” to use, but it would not say whether that meant the consumers had consented.
In the past, both Google and Facebook have obtained purchase data for a more limited set of consumers who participate in store loyalty programs. Those consumers are more heavily tracked by retailers, and often give consent to share their data with third parties as a condition of signing up.
Tuesday’s initiative enables Google to use transaction data from a much wider swath of consumers than ever before, but the lack of detail on how personal data was being handled caused concern for privacy advocates.
Paul Stephens, of Privacy Rights Clearinghouse, a consumer advocacy group based in San Diego, said only a few pieces of data can allow a marketer to identify an individual, and he expressed skepticism that Google’s system for guarding the identities of users will stand up to the efforts of hackers, who in the past have successfully stripped away privacy protections created by other companies after data breaches.
“What we have learned is that it’s extremely difficult to anonymize data,” he said. “If you care about your privacy, you definitely need to be concerned.”
Such data providers have been the targets of cybercriminals in the past. In 2015, a hack of data broker Experian exposed the personal information of 15 million people.
Timberg reported from Washington.
ncG1vNJzZmivp6x7uK3SoaCnn6Sku7G70q1lnKedZLumw9Joq6GdXajEqsDCoWawqF9nfXKDjmlsaGpjZLSwu8alnGamn6x6rLrOsKpmr5iau27Fzq5kmqqVYq61ecBmmpqrmGK%2FprPIrKueql2Wu6V5x6iuZqWlmLVuxc6uZJqqlWLAsbHNnaCnn18%3D