The Aggregation Service ensures data remains secure through the reporting process.
Here's a simplified explanation of how it works:
- Data reception: The Aggregation Service receives encrypted data from APIs like Attribution Reporting or Private Aggregation.
- Decryption: The data is decrypted within a secure Trusted Execution Environment (TEE). This ensures that the data remains protected and inaccessible to unauthorized parties.
- Aggregation: The decrypted data from multiple users is combined and summarized within the TEE, ensuring that individual user data is never exposed, as only the aggregated results are accessible for analysis.
- Noise addition: To further protect privacy, the Aggregation Service adds noise to the data, ensuring that no individual's information can be extracted from the reports.
- Report generation: The final aggregate and anonymized data is returned as a summary report, allowing you to gain insights into overall trends and patterns without compromising user privacy.
The following diagram provides an example of the Aggregation Service in action.
| 1. Data source Browsers encrypt data from the Attribution Reporting API, then send to ad tech server on a timing delay. |
2. Ad tech server endpoint Vendor stores and batches encrypted reports |
3. Aggregation Service Batch is sent to TEE to decrypt, add noise, and aggregate. Receive back unencrypted aggregated value. |
For a more technical understanding, refer to the developer documentation.