Consumer_Action_Taskforce

LiveRamp

Revision as of 21:24, 7 May 2025 by Nullpoint420 (talk | contribs) (Add LiveRamp logo)

LiveRamp is a data broker company that operates a data connectivity platform specializing in identity resolution and data onboarding services. The company enables businesses to connect customer data across platforms and technologies for targeted marketing and analytics purposes.[1] Originally founded as a startup in 2011 and acquired by Acxiom in 2014 for $310 million, LiveRamp later became the parent company's name after spinning off Acxiom's Marketing Solutions division to Interpublic Group in 2018.[2]

LiveRamp
Basic Information
Release Year 2014 (as LiveRamp acquisition by Acxiom), 2018 (as rebranded company)
Product Type Data broker / Data connectivity platform
In Production Yes
Official Website https://liveramp.com/

Consumer impact summary

User privacy

LiveRamp's core business revolves around collecting, processing, and facilitating the exchange of vast amounts of personal data, raising significant privacy concerns.[3] The company maintains identity databases on approximately 700 million consumers globally, including 45 million in the UK and 25 million in France.[4] LiveRamp creates unique identifiers called "RampIDs" that connect individuals' online activities with their offline identities, enabling comprehensive tracking across devices and platforms.[5] This extensive profiling occurs largely without consumers' meaningful awareness or explicit consent, as the company operates behind the scenes of the digital advertising ecosystem.[6]

User freedom

The company's data collection practices significantly impact consumer autonomy by enabling highly personalized advertising that can influence consumer behavior.[7] LiveRamp's identity resolution technology allows companies to track individuals across multiple devices and platforms, even when users believe they are browsing anonymously.[8] This undermines users' ability to truly opt out of tracking and creates an environment where consumers have limited control over how their personal information is used in the digital marketplace.[9]

Business model

LiveRamp's business model centers on monetizing consumer data through its "data onboarding" services, which transform offline customer data into digital identifiers for targeted advertising.[10] The company operates a comprehensive Data Marketplace where businesses can purchase segments of consumer data for marketing purposes.[11] While LiveRamp positions itself as privacy-conscious, its fundamental business relies on extensive data collection, sharing, and profiling that blurs the lines between public and private information.[12]

Market control

As one of the dominant players in the data broker industry, LiveRamp wields significant market power through its identity resolution infrastructure.[13] The company's extensive partnerships with over 650 platforms, including major social media networks and publishers, create a far-reaching data ecosystem that is difficult for consumers to avoid.[1] LiveRamp's position as an infrastructure provider for the advertising technology industry allows it to establish industry standards and protocols that prioritize commercial interests over consumer privacy protections.[7]

Incidents

2003 Data breach (as Acxiom)

In 2003, LiveRamp's predecessor company Acxiom experienced a massive data breach involving 1.6 billion personal records.[2] The breach occurred during data transmission between Acxiom and its clients via an FTP server located outside the company's firewall.[14] Described by prosecutors as the "largest ever invasion and theft of personal data" at that time, the incident exposed names, addresses, and email addresses of millions of consumers.[7] This breach highlighted the significant risks inherent in large-scale data collection and the vulnerability of centralized personal data repositories.[15]

FTC complaint over military data sharing (2003)

The Electronic Privacy Information Center filed a complaint with the Federal Trade Commission against Acxiom (LiveRamp's predecessor) and JetBlue Airways in 2003.[2] The complaint alleged that the companies provided consumer information to Torch Concepts, a company hired by the U.S. Army to analyze how public and private records might be used to defend military bases.[16] This occurred without consumer consent, notice, or the ability to opt out, despite Acxiom's public statements about individual choice regarding data dissemination.[2] This incident demonstrated how data collected for commercial purposes can be repurposed for surveillance with minimal consumer knowledge or consent.

Rejection of bulk opt-out requests (2003)

In 2003, the for-profit privacy company Private Citizen, which helped consumers unsubscribe from telemarketing lists and direct mailings, discovered that Acxiom had begun rejecting batches of opt-out notices sent on behalf of subscribers.[16] Acxiom insisted that each person had to individually submit opt-out requests directly to the company, creating a significant barrier to consumers exercising their privacy rights. This practice effectively prevented many consumers from removing their information from Acxiom's databases and demonstrated how data brokers can create intentional barriers to service cancellation.

Complaints of unlawful data processing (2024, ongoing)

In February 2024, the Open Rights Group (ORG) submitted formal complaints to the UK Information Commissioner's Office and the French data protection authority CNIL against LiveRamp.[8] The complaints allege that LiveRamp's "privacy-invasive profiling" breaches European data protection laws due to the lack of a clear legal basis and meaningful transparency for data subjects. ORG claims LiveRamp's processing activities include "indiscriminate collection and processing of personal data" out of proportion to its objectives, reuse of personal data collected for other contexts, and inadequate security measures for sensitive data.[8] The complaint also notes that LiveRamp offers inconsistent information about its lawful basis for processing across different jurisdictions.

Identity surveillance system allegations (2024, ongoing)

In 2024, research institute Cracked Labs released a 61-page report detailing LiveRamp's extensive "identity surveillance system".[3] The report revealed that LiveRamp maintains identity databases on 700 million consumers globally using identifiers like cookies and mobile IDs to create unique "RampIDs" for each individual, tied to their real-world identity. These RampIDs allow LiveRamp's clients to combine and link personal data across databases, track website and mobile app usage, create personal profiles, and transmit consumer records to adtech firms.[3] The technology enables tracking of individuals even when they believe they are protecting their privacy, such as by not logging into sites or providing only partial information.[8] This sophisticated system operates largely without consumer awareness or meaningful consent.

See also

References

  1. 1.0 1.1 "LiveRamp - The Data Collaboration Platform of Choice". LiveRamp. Retrieved 2025-05-07.
  2. 2.0 2.1 2.2 2.3 "LiveRamp - Wikipedia". Wikipedia. 2024-12-11. Retrieved 2025-05-07.
  3. 3.0 3.1 3.2 "'Like a stalker': LiveRamp reported to ICO". Computing. Retrieved 2025-05-07.
  4. "LiveRamp Data Broker Privacy Class Action Lawsuit Investigation". Sauder Schelkopf. 2025-01-25. Retrieved 2025-05-07.
  5. "LiveRamp Explained: Data Connectivity & Identity [2025]". Improvado. Retrieved 2025-05-07.
  6. "The Little-Known Data Broker Industry Is Spending Big Bucks Lobbying Congress". The Markup. 2021-04-01. Retrieved 2025-05-07.
  7. 7.0 7.1 7.2 "LiveRamp (formerly Acxiom) - selling you - without owning your data". Digital Innovation and Transformation. 2020-04-21. Retrieved 2025-05-07.
  8. 8.0 8.1 8.2 8.3 "Open Rights Group accuses LiveRamp of 'unlawful' data processing". Computer Weekly. Retrieved 2025-05-07.
  9. "Your Rights - California Consumer Privacy Act". LiveRamp. 2022-01-31. Retrieved 2025-05-07.
  10. "Solutions: Data Marketplace". LiveRamp. 2024-11-18. Retrieved 2025-05-07.
  11. "Getting Started with Data Buying". LiveRamp Documentation. Retrieved 2025-05-07.
  12. "Data Broker Profiles – Acxiom and LiveRamp". DataBrokers. 2019-01-09. Retrieved 2025-05-07.
  13. "LiveRamp Holdings, Inc. SEC Filing". U.S. Securities and Exchange Commission. Retrieved 2025-05-07.
  14. "Acxiom data intercepted by hacker". Privacy International. Retrieved 2025-05-07.
  15. Troy Hunt (2022-11-22). "Data Breach Misattribution, Acxiom & Live Ramp". Troy Hunt's Blog. Retrieved 2025-05-07.
  16. 16.0 16.1 "Privacy International". Privacy International. Retrieved 2025-05-07.
Retrieved from "https://consumerrights.wiki/index.php?title=LiveRamp&oldid=14145"