How to audit your adtech vendors’ GDPR readiness (and a call to adtech vendors to get whitelisted as Trusted Partners)

Dr Johnny Ryan GDPR Leave a Comment

This note describes how publishers can audit their adtech vendors’ readiness for the GDPR, and opens with a call for adtech vendors to collaborate with PageFair so that they can be whitelisted as Trusted Partners by PageFair Perimeter.  How adtech and media will work under the GDPR We anticipate that the GDPR will indeed be enforced, whether by national regulators or by NGOs or individuals in the courts. We also realise that consent is the only applicable legal basis for online behavioural advertising (See analysis). Personal data can not be processed for OBA in the absence of consent. However, consent dialogues for adtech need a “next” button -or a very long scroll bar- because online behavioural advertising requires many different opt-ins to accommodate many distinct personal data processing purposes.  …

GDPR consent design: how granular must adtech opt-ins be?

Dr Johnny Ryan GDPR Leave a Comment

This note examines the range of distinct adtech data processing purposes that will require opt-in under the GDPR.[1] In late 2017 the Article 29 Working Party cautioned that “data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes”.[2] Consent requests for multiple purposes should “allow users to give specific consent for specific purposes”.[3]  Rather than conflate several purposes for processing, Europe’s regulators caution that “the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose”.[4] This draws upon GDPR, Recital 32.[5] In short, consent requests must be granular, showing opt-ins for each distinct purpose. How granular must consent opt-ins be?

The regulatory firewall for online media and adtech

The PageFair Team GDPR Leave a Comment

This note announces Perimeter, a regulatory firewall to enable online advertising under the GDPR. It fixes data leakage from adtech and allows publishers to monetize RTB and direct ads, while respecting people’s data.  PageFair takes a strict interpretation of the GDPR. To comply, all media owners need to protect their visitors’ personal data, or else find themselves liable for significant fines and court actions. In European Law, personal data includes not only personally identifiable information (PII), but also visitor IP addresses, unique IDs, and browsing history.[1] The problem is that today’s online ads operate by actively disseminating this kind of personal data to countless 3rd parties via header bidding, RTB bid requests, tracking pixels, cookie syncs, mobile SDKs, and javascript in ad creatives.…

How publishers verify their adtech partners’ GDPR readiness

The PageFair Team GDPR Leave a Comment

PageFair believes that the GDPR will be strictly enforced. This means all unique identifiers (such as user IDs) and IP addresses will be regarded as personal data under the Regulation, and therefore must not be used without consent.[1] This is why we launched Perimeter, to protect publishers from risk under the GDPR. When publishers install PageFair Perimeter on their sites or in their apps, Perimeter will block adtech that uses unique identifiers without consent. Adtech services that do not use personal data where consent is absent will be whitelisted. Criteria for whitelisting in on sites/apps protected by Perimeter (where required consent is absent) No use of unique IDs No storage of IP addresses or user agent details Adtech vendors can perform necessary campaign measurement, attribution, and frequency capping using non-personal data methods as we have outlined here.…

Overview of how the GDPR impacts websites and adtech (IAPP podcast)

The PageFair Team GDPR Leave a Comment

In this podcast, the International Association of Privacy Professionals interviews PageFair’s Dr Johnny Ryan about the challenges and opportunities of new European privacy rules for website operators and brands.  Update: 3 January 2018: This podcast was the International Association of Privacy Professionals’ most listened to podcast of 2017.  The conversation begins at 4m 14s, and covers the following issues. Risks for website operators How “consent” is an opportunity for publishers to take the upper hand in online media Brands’ exposure to legal risk, and the agency / brand / insurer conundrum Personal data leakage in RTB / programmatic adtech How the adtech industry should adapt As we told Wired some months ago, it’s not just that websites might expose yourself to litigation, it’s that you might expose your advertisers to litigation too.…

Frequency capping and ad campaign measurement under GDPR

Sean Blanchfield GDPR Leave a Comment

This note describes how ad campaigns can be measured and frequency capped without the use of personal data to comply with the GDPR.  It is likely that most people will not give consent for their personal data to be used for ad targeting purposes by third parties (only a small minority [1] of people online are expected to consent to third party tracking for online advertising). Even so, sophisticated measurement and frequency capping are possible for this audience. This note briefly outlines how to conduct essential measurement (frequency capping, impression counting, click counting, conversion counting, view through measurement, and viewability measurement) in compliance with the EU’s General Data Protection Regulation. This means that publishers and advertisers can continue to measure the delivery of the ads that sustain their businesses, while simultaneously respecting European citizens’ right to protection of their personal data.…

Consent to use personal data has no value unless one prevents all data leakage

Dr Johnny Ryan GDPR Leave a Comment

Websites and advertisers can not prevent personal data from leaking in programmatic advertising. If not fixed, this will render consent to use personal data meaningless.  The GDPR applies the principle of transparency:[1] People must be able to easily learn who has their personal data, and what they are doing with it. Equally importantly, people must have surety that no other parties receive these data. It follows that consent is meaningless without enforcement of data protection: unless a website prevents all data leakage, a visitor who gives consent cannot know where their data may end up. But the online advertising system leaks data in two ways. This exposes brands, agencies, websites, and adtech companies to legal risk. How data leakage happens  If “programmatic”advertising or “real time bidding” was ever a mystery to you, take 43 seconds to watch this PageFair video.…

European Commission proposal will kill 3rd party cookies

Dr Johnny Ryan GDPR 4 Comments

The 3rd-party cookie – the lifeblood of online advertising – may be about to die.  A proposal this month from the European Commission to reform the ePrivacy Directive (ePD) requires mandatory privacy options and educates users to distinguish between 1st and 3rd-parties in a way that will make 3rd-party cookies extinct.
Access the GDPR/ePR repositoryA repository of GDPR and ePrivacy Regulation explainers, official docs, and current status.Access Now The Commission’s proposal also applies beyond cookies. The proposed reform of the ePD will further add to the the disruption that Europe’s new regulatory regime for privacy – the GDPR – will wreak upon to the media and advertising landscape when it applies in May 2018. Caveat: the proposal is subject to negotiation between the Commission, the European Parliament, and the Council of Ministers.…

PageFair at Ad:Tech New York 2013

The PageFair Team Adblocking, Uncategorized Leave a Comment

PageFair will be attending Ad:Tech New York– a digital marketing event on November 6th and 7th. Please feel free to join us in conversation about advertising, adblocking, and what we have in store for the future. Some of the keynote speakers will include Sheryl Connelly of Ford Motor Company, Pete Blackshaw of Nestlé, and Kevin Jonas of the Jonas Brothers. A list of exhibiting companies can be found here. If you’d like to connect while we are in NYC, please contact us on Twitter or through our contact form.…