| Roles on Shared obligations | LiveRamp | Publisher |
| Obligation to provide information to the Data Subjects |
X (through Publisher privacy policy) |
X |
| Technical operation to collect email addresses from the Data Subjects | X | |
| Technical operation for collecting consent of Data Subjects | X | |
| Development of the consent text | X | |
| Consent management process (through a TCF registered CMP) | X | |
| Provision of contact points for the exercise of Data Subject’s GDPR rights (Publisher’s environment)
Provision of contact points for the exercise of Data Subject’s GDPR rights (LiveRamp’s environment) |
X | X |
| Respect of the Purposes and consent when implementing the Purposes | X | X |
| Security of Data Subject’s Personal Data (when the data is processed on the Publisher’s environments) | X | |
| Security of Data Subject’s Personal Data on the (when the data is processed on LiveRamp’s environments) | X | |
| Personal Data Breach – Notification to Data Subject | X | |
| Personal Data Breach – notification to the competent Supervisory Authority | X | X |
| Response to requests to exercise the rights of the Data Subject (Publisher Environment)
Response to requests to exercise the rights of the Data Subject (LiveRamp Environment) |
X | X |
| Metadata (e.g. timestamp and country code) may be transferred to LiveRamp Inc in the USA for fraud and debugging checks (internal quality assurance and troubleshooting purposes). This transfer is covered by LiveRamp’s intragroup SCCs (Standard Contractual Clauses as of Commission Implementing Decision (EU) 2021/914 of 4 June 2021). | X |