In order to deliver better customer experiences, you need to collect and store your customers’ personal data. When using this data, it is important to understand and respect your customers’ privacy. New legal and organizational regulations are giving users the right to access or delete their personal data from your data stores upon request.
Adobe Experience Platform Privacy Service was developed in response to a fundamental shift in how businesses are required to manage the personal data of their customers. The central purpose of Privacy Service is to automate compliance with data privacy regulations which, when violated, can result in major fines and disrupt data operations for your business.
Privacy Service provides a RESTful API and user interface to help you manage customer data requests. With Privacy Service, you can submit requests to access and delete personal customer data from Adobe Experience Cloud applications, facilitating automated compliance with legal and organizational privacy regulations.
In order to make use of Privacy Service, several key decisions need to be made in terms of your organization’s privacy requirements, the kinds of identity data you collect from your customers, and the best way to interface your CRM system with the service.
These decisions can be summarized through the following questions:
The sections below provide general guidance on these important prerequisite steps, and also provide links to further Privacy Service documentation for more details.
Depending on the nature of your business and the jurisdictions it operates under, your data operations may be subject to legal privacy regulations. These regulations often give your customers the right to request access to the data you collect from them, and the right to request the deletion of that stored data. These customer requests for their personal data are referred to as “privacy requests” throughout the documentation.
For details on the different legal privacy regulations that Privacy Service manages requests for, including key terms and answers to frequently asked questions, refer to the privacy regulations documentation.
If your data operations fall under the purview of any of the supported regulations, review their documentation for important information such as the specific privacy rights they afford your customers, and compliance windows for honoring privacy requests. This information should be taken into account when determining how to integrate Privacy Service into your CRM system, and how customers should interact with your website in order to make privacy requests.
In addition to legal regulations, any organizational or industry standards applicable to your organization should also be considered when making these decisions.
Depending on the Experience Cloud applications that you are using, you must label the specific data fields that should be accessed or deleted in response to privacy requests. The process for labelling data varies between applications. To learn how to label data for each supported Adobe application, see the document on Experience Cloud applications.
In order for Privacy Service to process a privacy request from a customer, at least one unique identity value for that customer must be provided in the request itself. A unique identity value is any piece of information that can be used to identify an individual person and their stored personal data within your Experience Cloud data stores. Privacy Service uses this identity information to locate and process the customer’s personal data according to the nature of the request (access, delete, or opt-out).
Depending on the Experience Cloud applications your CRM system utilizes, the type and number of identity values you must provide for each customer will vary. Some applications utilize their own internal customer ID values (such as Adobe Target IDs), while other solutions rely on global identifiers from Adobe Experience Cloud Identity Service (ECID) which track customer activity across all Experience Cloud applications. In addition, generic personal information like an email address or phone number can also serve as valid identity data.
The document on identity data for privacy requests provides more detailed information on the types of identity information that are accepted for Privacy Service. The document also provides guidance on how to leverage Adobe technologies to effectively retrieve the appropriate identity information from your customers as they interact with your website, and send that data to Privacy Service in API requests.
Once you have determined your business’ privacy needs, and decided which identity values to send to Privacy Service, you can start making privacy requests. Privacy Service allows you to send privacy requests through either the API or the UI.
The sections below provide links to documentation that cover how to make generic privacy requests in the API or UI. However, depending on the Experience Cloud applications you are using, the fields you must send in the request payload may be different from the examples shown in these guides.
As you follow along with the API or UI guides, please refer to the document on Privacy Service and Experience Cloud applications for further documentation on how to format privacy requests for your particular Experience Cloud application(s).
It is also important to note that privacy requests are processed asynchronously across Experience Cloud applications. Once a request is received by Privacy Service, each application can take anywhere from minutes to weeks to complete the request. The amount of time it takes to complete each request is specific to the application you are working with, and the amount of data that needs to be processed.
The Privacy Service API provides several endpoints for creating and managing privacy jobs using RESTful API calls, allowing you to programmatically approach privacy regulation compliance for your Experience Cloud applications. For detailed steps on how to use the API, see the Privacy Service API guide.
The Privacy Service UI currently only supports access and delete requests. All opt-out requests must be made through the API instead.
The Privacy Service UI allows you to create and monitor privacy jobs using a graphical interface. The UI includes a Status Report widget that provides a visual representation of the status of all active requests, and allows you to create new requests by using the built-in Request Builder or by uploading JSON files. For more information on using the UI, see the Privacy Service user guide.
Once you have made privacy jobs, you have several options for monitoring their status and results:
|Privacy Service UI||The Privacy Service UI provides a monitoring dashboard that allows you to view a visual representation of the status of all active requests. See the Privacy Service user guide for more information.|
|Privacy Service API||You can programmatically monitor the status of Privacy jobs by using the lookup endpoints provided by the Privacy Service API. See the Privacy Service API guide for detailed steps on how to use the API.|
|Privacy Events||Privacy Events leverage Adobe I/O Events sent to a configured webhook in order to facilitate efficient job request automation. They reduce or eliminate the need to poll the Privacy Service API in order to check if a job is complete or if a certain milestone within a workflow has been reached. See the tutorial on subscribing to Privacy Events for more information.|
This document provided a high-level overview of Privacy Service and the major steps required to start using the service’s capabilities. Please refer to the documentation linked to throughout the overview for more in-depth information about the various aspects of working with Privacy Service.