Data usage policies overview policies-overview
Last update: Sun Jul 02 2023 00:00:00 GMT+0000 (Coordinated Universal Time)
In order for data usage labels to effectively support data compliance, data usage policies must be implemented. Data usage policies are rules that describe the kinds of marketing actions that you are allowed to, or restricted from, performing on data within Experience Platform.
There are two types of policies available:
- Data governance policy: Restrict data activation based on the marketing action being performed and the data usage labels carried by the data in question.
- Consent policy: Filter the profiles that can be activated to destinations based on your customers’ consent or preferences
Data usage policies are not to be confused with
access control policies, which determine whether certain Platform users in your organization can access certain data fields, and are configured through the Permissions tab.
This document provides a high-level overview of data usage policies, and provides links to further documentation for working with policies in the UI or API.
Marketing actions marketing-actions
Marketing actions, (also called marketing use cases) in the context of the data governance framework, are actions that an Experience Platform data consumer can take, for which your organization wants to restrict data usage. As such, a data usage policy is defined by the following:
- A specific marketing action
- The conditions under which that action is restricted from being performed
An example of a marketing action might be the desire to export a dataset to a third-party service. If there is a policy in place saying that specific types of data (such as Personally Identifiable Information (PII)) cannot be exported, and you attempt to export a dataset that contains an “I” label (Identity data), you will receive a response from the Policy Service telling you that a data usage policy has been violated.
Marketing actions by themselves do not restrict data usage. They must be included in enabled data usage policies in order for those actions to be evaluated for policy violations.
When data usage happens in your organization’s service, relevant marketing actions should be indicated so that any policy violations can be identified. You can then use the Policy Service API to check for policy violations in your integration.
You can set up marketing use cases on destinations to automate policy enforcement. See the
destinations documentation for more information on the configuration options for your particular destination.
See the appendix to this document for a list of available Adobe-defined marketing actions. You can also define your own custom marketing actions using the Policy Service API or the Experience Platform user interface. More information on working with marketing actions and policies is provided in the next section.
Managing data usage policies manage
Once data usage labels have been applied, data stewards can use the Policy Service API or the Experience Platform UI to manage and evaluate policies related to marketing actions being taken on data containing data usage labels. You can create and update policies, determine the status of a policy, and work with marketing actions to evaluate whether a specific action violates a data usage policy.
All data usage policies (including core policies provided by Adobe) are disabled by default. In order for an individual policy to be considered for enforcement, you must manually enable that policy through the API or UI.
For step-by-step instructions on working with marketing actions and data usage policies in the API, see the tutorial on creating and evaluating data usage policies. For more information the key operations provided by the Policy Service API, see the Policy Service developer guide.
For information on how to work with marketing actions and policies in the Platform UI, see the data usage policy user guide.
Next steps
This document provided an introduction to data usage policies within the Data Governance framework. You can now continue to read the process documentation linked to throughout this guide to learn more about how to work with policies in the API and UI.
Appendix
The following section provides additional information about data usage policies.
Adobe-defined marketing actions core-actions
The table below describes the core marketing actions that are provided out-of-the-box by Adobe.
The core marketing actions should be seen as a starting point to help you identify what usage policies to create and check for violations. The definitions and how they are interpreted depend on your organization’s needs and policies.
Marketing action
Description
Analytics
An action that uses data for analytics purposes, such as measuring, analyzing, and reporting on customers’ usage of your organization’s sites or apps.
Combine with directly identifiable data
An action that combines any Personally Identifiable Information (PII) with anonymous data. Contracts for data sourced from ad networks, ad servers, and third-party data providers often include specific contractual prohibitions on the use of such data with directly identifiable data.
Cross Site Targeting
An action that uses data for cross-site ad targeting. The combination of data from several sites, including a combination of on-site data and off-site data or a combination of data from several off-site sources, is referred to as cross-site data. Cross-site data is typically collected and processed to make inferences about users’ interests.
Data Science
An action that uses data for data science workflows. Some contracts include explicit prohibitions on data use for data science. Sometimes these are phrased in terms that prohibit the use of data for Artificial Intelligence (AI), machine learning (ML), or modeling.
Data Export
An action that exports data to any location or destination outside Adobe products and services. For example, downloading data to your local machine, copying data from the screen, scheduling delivery of data to a location outside Adobe, Customer Journey Analytics Scheduled Projects, Download Reports, Reporting API, and so on.
Email Targeting
An action that uses data in email targeting campaigns.
Export to Third Party
An action that exports data to processors and entities that do not have direct relationships with customers. Many data providers have terms in the contracts that prohibit the export of data from where it was originally collected. For example, social network contracts often restrict the transfer of data you receive from them.
Onsite Advertising
An action that uses data for onsite ads, including the selection and delivery of advertisements on your organization’s websites or apps, or to measure the delivery and effectiveness of such advertisements.
Onsite Personalization
An action that uses data for onsite content personalization. Onsite personalization is any data that is used to make inferences about users’ interests, and is used to select which content or ads are served based on those inferences.
Segment Match
An action that uses data for Adobe Experience Platform Segment Match, which allows for two or more Platform users to exchange audience data. By enabling policies that reference this action, you can restrict what data is used for Segment Match. For example, if the core policy “Restrict data sharing” is enabled, any data with a
C11 label cannot be used for Segment Match.
Single Identity Personalization
An action that requires that a single identity be used for personalization purposes instead of stitching identities from multiple sources.