GDPR: what you need to know now
GDPR: You’ve heard of it. It’s coming but what is it? What does it stand for? ownerIQ is here with the answers to prep you on GDPR and what it means for adtech.
GDPR stands for General Data Protection Regulation and takes effect on May 25, 2018. GDPR will be replacing the existing European Union (EU) data protection law. GDPR will affect all organizations in the EU as well as organizations outside of the EU which provide services to, or process personal data of, individuals physically located in the EU. ownerIQ has been preparing for GDPR for quite some time. While we’re implementing controls to prevent the collection of personal data from EU individuals (described below), we’ve also incorporated some of the responsible practices spurred by GDPR (e.g., Data Mapping, Data Inventory, Privacy Impact Assessments).
WHAT IS THE GDPR?
The General Data Protection Regulation (GDPR) is the new data protection regime in the European Economic Area (EEA) that will replace the current Data Protection Directive 95/46/ EC (Data Protection Directive). The GDPR covers the processing of personal data, which can include, for example, IP address, mobile device identifiers, location data, and any other personal information related to an identifiable natural person. The GDPR focuses on 7 data protection principles: (i) limitation of purpose, (ii) data minimization, (iii) accountability, (iv) data retention periods, (v) fair, lawful and transparent processing, (vi) data security, and (vii) accuracy. Companies will be expected to be in compliance with the GDPR by May 25, 2018.
WHO DOES THE GDPR APPLY TO?
The GDPR applies to all European Economic Area (EEA) companies with an establishment in the EEA as well as companies outside the EEA that either (i) offer goods or services to EEA end users; or (ii) monitor the behavior of EU end users (i.e., place cookies or other browsing technology on website visitors’ devices). Any website available to EEA users with any kind of tracking technology (e.g., analytics, adtech pixels/cookies) is subject to the GDPR.
WHAT IS OWNERIQ DOING ABOUT IT?
ownerIQ is based and does business ONLY in the U.S. and Canada. Our focus has always been the U.S. and Canada. GDPR does not change that. What it does change is that we are now implementing technical controls in place to prevent the tangential collection or use of personal data from devices located in the European Economic Area (EEA). This will be implemented in advance of the May 25th GDPR deadline. In other words, our pixel on your website(s) is set to not fire or place a cookie on devices which appear to be physically located in the European Economic Area.
WHAT CAN YOU DO NOW?
If you run business in the European Economic Area (EEA), you’re probably already deeply considering the GDPR. If you have a website that incidentally has EEA visitors, you need to be thinking of a minimally invasive plan to stay in compliance in regards to your EEA website visitors. For adtech pixels, the interplay of GDPR definition of consent and the ePrivacy Directive means adtech cookies mostly like need OPT-IN consent for EEA website traffic.We strongly recommend that you adopt a consent tool as a way of doing this aimed exclusively at visitors from the EEA.
Our adtech industry colleagues in the IAB Europe developed a consent tool, the Transparency and Consent Framework. We highly recommend it for websites which are accessible in the EEA. For more information on how to sign up and implement on your websites, please see the FAQs and Publisher Fact Sheet. A demo webinar is scheduled for today, Friday, April 27, 2018, at 11 AM EST, which you can register for here. Even if you cannot attend, register to receive a recording of the demo.
If you use the IAB Europe’s Transparency and Consent Framework on websites which have our pixel, we ask that you set-up the user consent pop up for EU IP addresses only. If you apply it to all website visitors regardless of location, your non-EEA adtech cookies (ours included) will be prevented from firing and collecting data for online ad campaigns. In other words, our pixel won’t work on U.S. and Canadian website visitors if the framework is set to pop up for ALL traffic.
Also, consult your legal counsel.
It would really help us if you could let us know via THIS SURVEY how you will handle consent for GDPR/ePrivacy.
More questions? The Q is here for you. Let us know.