Background
Brand safety in advertising is the function by which brands can ensure that their ads show in safe environments. For example, an airline advertiser may not want to show their ads next to an article about the spread of COVID-19. Similarly, a mortgage lender or bank may not want their ads to show up next to an article about housing crisis. There are many reasons and triggers for brand safety and today DSP’s and SSP’s manage brand safety by honoring an allow list or block list of sensitive domains, subdomains, urls or keywords. Keywords are the most granular brand safety signal and are useful where a site could carry content from many different categories and the details about the environment cannot be captured just by a url.

Problems with Brand Safety in PARAKEET Model
PARAKEET protects user identity by anonymizing user interests and context when the ad request is sent to the SSP and DSP. The anonymization of the context makes it harder for the advertiser’s brand safety signals to be applied. For example, if the only contextual signal is the main domain, then the SSP or DSP are unable to enforce brand safety at sub-domain or keyword levels.
This problem also exists for other privacy preserving proposals, where the interest group ad request contains no contextual information and hence hinders brand safety enforcement for those ad responses.

Proposals for Brand Safety in PARAKEET

_Option 1 – Sending validated brand safety signals in the request path.

Conceptually, the advertiser working with a DSP can define which context groups are to be avoided because of brand safety. This can be based on keywords or topics that are considered unsafe for their ads. PARAKEET can enable the sharing of brand safety categorization from the publisher context along with the ad request.

The brand safety tool provider reviews publisher side context (url, title, keywords on the page etc.) and associates that contet with a brand safety taxonomy classification.
For example, multiple references to the keyword ‘COVID’ or the url of the page about the spread of COVID in a local region, may result in the context being classified as being about ‘public health’.

When a user later visits a publisher page, publisher provided code can obtain a signed brand safety category signal from the brand safety tool provider and send it on to PARAKEET as part of the request.

Alternatively, when PARAKEET gets an ad request from the publisher, it can request the brand safety tool provider for the brand safety category for that context (url). The signed response from the brand safety service can be cached for future use for that context(url).

In either case, PARAKEET can validate the signature as one coming from an authorized brand safety tool provider and check if the brand safety signal could be a risk to privacy and enable user identification. The privacy check would include how many users visit that page in the recent past to minimize identification. If the check passes and brand category is passed down, the SSP would get this signal and pass it on downstream and DSPs can read the brand safety signal and enforce exclusions as specified by the advertiser for their campaigns. If the check fails or if the brand safety signal is not from an authorized tool provider, then the ad request will proceed without brand safety signal.

We will need to work with the industry to define a taxonomy that is acceptable for ensuring brand safety and how large that taxonomy list needs to be while accounting for privacy concerns. We can review this proposal and define this within industry groups like IAB and W3C Web advertising group.

_Option 2 – using MPC and homomorphic encryption.
Another option is to use secure multi-party compute. In this model, the first request through the browser has anonymized interest group and restricted context information (just the domain for example) as proposed in PARAKEET. If the DSP or SSP examine the domain context and need additional brand safety checks, they can respond with their ads and indicate that they need a further brand safety check for this request. At that point, the browser will send an encrypted request with full context. The DSP or SSP can run brand safety on encrypted context string. An evaluation model will need to be built to run on encrypted contextual data across the browser service and the DSP or SSP, such that it can send out a binary safe or unsafe signal without the browser service needing to know the model parameters for brand safety evaluation, nor for the SSP or DSP to know the unencrypted, granular, context detail to enforce brand safety.
SSP or DSP or third parties that specialize in brand safety can train the model offline on current web content and add it to the flow. The result for the browser service needs to be guaranteed to only return a brand safety binary signal.
The browser service can send back a signal indicating that brand safety was the reason why one or more ads were withheld to the publisher and it can optionally return a winning ad.