In less than a year the General Data Protection Regulation (GDPR) will force businesses to ask Internet users for consent before they can use their personal data. Many businesses lack a direct channel to users to do this. Therefore, it is likely that they will have to ask publishers to seek consent on their behalf.
This is a sketch of what a GDPR consent request by a publisher on behalf of a third party may look like, with references to the elements required in the GDPR.
- Who is collecting the data, and how to contact them or their European representative.
- What the personal information are being used for, and the legal basis of the data processing.
- The “legitimate interest” of the user of the data (This refers to a legal basis that may be used by direct marketing companies).
- With whom the data will be shared.
- Whether the controller intends to transfer data to a third country, and if so has the European Commission deemed this country’s protections adequate or what alternative safeguards or rules are in place.
- The duration of storage, or the criteria used to determine duration.
- That the user has the right to request rectification to mistakes in this personal information.
- That the user has the right to withdraw consent.
- How the user can lodge a complaint with the supervisory authority.
- What the consequences of not giving consent might be.
- In cases of automated decision-making, including profiling, what the logic of this process is, and what the significance of the outcomes may be.
What percentage of people are likely to click “OK”?
In addition to the consent requirements in the GDPR, the forthcoming ePrivacy Regulation requires that users be presented with a menu of tracking preferences when first they install a browser or setup a new system that connects to the Internet. See a sketch of this menu below.
The menu above is as it might have appeared under the original proposal from the European Commission, in January 2017. However, the European Parliament is developing amendments to the Commission’s proposal. Below is a sketch of the menu as it might appear under the latest text from June 2017.
Notice that “accept only first party tracking” is pre-selected. This is because Recital 23 in the current draft stipulates that the default setting should prevent “cross-domain tracking” by third-parties. Click here to see an animated version of these menu designs.
This menu may change again as the Regulation is further developed. But assuming that some version of this tracking preferences menu becomes law across the European Union, how many people can be expected to opt back into tracking for online advertising?
We would like to find out, and reveal the answer.
We are surveying sample industry-insiders’ insights into this question. Your shared insights may illuminate this issue. Please click the button below to take the survey.
We have designed the survey to take 70 seconds to complete.
(We will be happy to share high resolution wireframes of GDPR consent requests with colleagues who complete the survey.)
Thank you for your input.