Responsible Advertising & Data Governance

Maintain strong governance and oversight processes to deliver optimal outcomes for stakeholders and limit the risks associated with online advertising and data use.

Our Approach

Publishers rely on Magnite’s technology to sell advertising inventory across a variety of channels and formats, including desktop, mobile, and CTV. We help the world’s leading agencies and brands reach millions of consumers in a transparent, efficient, and brand safe manner, while respecting end user privacy.

Responsible Advertising

Magnite operates its platforms in a transparent and fair manner by actively working to identify and eliminate fraudulent transactions, non-human traffic, malware, abusive content, harmful disinformation, and brand unsafe inventory violations. We have developed a number of guidelines relating to inventory quality and advertising quality standards covering all of our platforms and across all formats.

Our inventory quality guidelines address inventory authorization, legal compliance (e.g. respecting laws and sanctions in originating countries), intellectual property infringements, transparency, viewability, performance characteristics and acceptable content standards. We also utilize a tapestry of industry, proprietary, and third-party technology to identify and eliminate machine, bot, and other non-human generated traffic in real-time. These guidelines ensure only high quality inventory is available for sale through Magnite platforms, while also ensuring that all parties are compensated fairly for any transaction over the Magnite platforms and protected from fraud. Magnite also maintains processes, and third-party technology for sellers with concerns about any undesired and/or malicious ad serving on their media.

Our advertisement quality guidelines provide direction and baseline requirements on the types of creatives permitted through our platforms. These guidelines cover legal compliance (including laws, and standards set by industry organizations such as the NAI), ad and landing page behaviors, acceptable content, and bid response requirements. Magnite works closely with buyers to address concerns about any ad serving against undesired and/or malicious content. We also reserve the right to reject, suspend, or remove from our platforms any ad in our sole discretion.

Magnite’s policies and guidelines relating to inventory quality, ad quality and privacy are available to the public and can be found here.

Privacy & Data Governance

Magnite is committed to processing personal data in a manner that is responsible and compliant with applicable – and evolving – data protection legislation and best practices, which we regularly review to ensure we adhere to the highest standards. As part of this commitment, it is important to note, Magnite does not process any raw or clear text personal information for the provisioning of our services. This means Magnite does not process, as an example, a user’s name, email address, phone number, or postal address to perform our services or for our services to work. The types of data we collect include IP addresses, cookie identifiers, device identifiers, and other device-related information such as web page URL, browser or app where a user is viewing content. Any information Magnite processes in delivery of its services is limited to a pseudonymized identifier.

Magnite recognizes its obligations associated with data processing to all stakeholders, including stockholders, clients, employees, and suppliers. To demonstrate Magnite’s stance and responsible practices towards processing personal data, Magnite has implemented a Privacy Program that is governed by a framework aligning with privacy principles outlined in the Fair Information Practice Principles and data protection laws around the world such as the General Data Protection Regulation, and the California Consumer Privacy Act. These principles outline that:

  • Personal data is processed lawfully, fairly, and in a transparent manner;
  • Personal data collected or processed is done so only for the limited purposes disclosed;
  • Personal data is processed only as needed, for data minimization;
  • Storage limitations and retention periods are established for personal data;
  • Magnite ensures the accuracy, integrity, confidentiality, and security of personal data it processes;
  • Magnite maintains accountability over its processing activities and these principles.

Magnite’s Privacy Program and Privacy Governance Manual outline how we comply with these principles when processing personal data. These programs are led by Magnite’s chief privacy officer and monitored by our appointed data protection officer. The Magnite Privacy Governance Manual documents the organizational approach and policy to processing of personal data, data privacy, and data protection management of personal data. The manual details how personal data processing will be governed, managed and secured in order to meet the privacy standards of Magnite and legal regulatory requirements. This manual applies to all personal data processing conducted by Magnite, either in the provision of services to its clients, customers, or partners, or in the management of its own employees or contractors.

Furthermore, Magnite employees are required to complete annual training related to data privacy and data protection to ensure that they are constantly apprised of the company’s evolving practices and standards.

Privacy by Design

In addition to assessing risk and maintaining compliance with data protection regulations, the Privacy Program and Governance Manual help Magnite foster a culture of privacy by design as a necessary component for processing personal data by Magnite entities, and to ensure business strategies and development take the processing of personal data into account by building in privacy features to new products and services. Privacy by Design enables Magnite to ensure compliance with data protection regulations, and to keep data privacy and data protection best practices at the focus of new products and services.

Memberships

As part of Magnite’s cohesive privacy framework and governance program, Magnite prides itself on membership in and compliance with self-regulatory groups within the advertising industry, including the Digital Advertising Alliance (DAA), the European Interactive Digital Advertising Alliance (EDAA), the Network Advertising Initiative (NAI), and the Interactive Advertising Bureau (IAB). Based on our membership, Magnite is required to adhere to set frameworks, principles and regulations with respect to how personal data is used for behavioral marketing, and other types of digital marketing. These codes focus on transparency and user choice as critical functions that must be provided to consumers or end users. Magnite not only provides its own choice mechanisms, but also participates in the self-regulatory regime for user choice.

Find all of Magnite’s policies relating to data and privacy here.

Security Measures

Cybersecurity is a critical aspect of our business. As the world’s largest independent omni-channel sell-side advertising platform, we face a multitude of cybersecurity threats, and our customers rely on us to safeguard their data. These challenges make it imperative that we take information security seriously, and we expend considerable resources on cybersecurity.

Magnite has a range of technical and organizational security measures and controls to protect personal data and ensure the ongoing confidentiality, integrity and availability of Magnite’s solutions and services. These include:

  • Programs and policies – including an independent information security program and various data policies – all of which are regularly reviewed, reported on and, when necessary, improved upon.
  • Processes and controls for configuration, monitoring, maintenance and disposal of technology and information systems according to prescribed internal and adopted industry standards. This also includes vulnerability testing to evaluate and protect against threats to Magnite’s technology; transmission controls to protect information in transit; and access restrictions of key data, systems and facilities.
  • Reviews of third-party software and service vendors, software development processes, as well as keeping an inventory of systems, applications and operating systems.
  • Procedures such as incident response plans, business resiliency/continuity for key infrastructure.
  • Regular training for employees around data security and privacy as well as employing a Data Protection Officer.

Please refer to our latest 10-K for additional information regarding our Cybersecurity practices.