Research result: what percentage will consent to tracking for advertising?

Dr Johnny Ryan GDPR Leave a Comment

This note presents the results of a survey of 300+ publishers, adtech, brands, and various others, on whether users will consent to tracking under the GDPR and the ePrivacy Regulation.  In early August we published a note on consent, and asked whether people would click “yes”. We would like to thank the 300+ colleagues who responded to our research request. Now we present the results. Tracking for a single brand, on a single site. 305 respondents were asked by a publisher to permit a named brand and its analytics partners to track them on the site. A previous note explains the design of this notice. It is important to note that this is a limited consent notice. It asks to track behaviour on one site only, and for one brand only, in addition to “analytics partners”.…

How the GDPR will disrupt Google and Facebook

Dr Johnny Ryan GDPR 9 Comments

Google and Facebook will be disrupted by the new European data protection rules that are due to apply in May 2018. This note explains how.  Google and Facebook will be unable to use the personal data they hold for advertising purposes without user permission. This is an acute challenge because, contrary to what some commentators have assumed, they cannot use a “service-wide” opt-in for everything. Nor can they deny access to their services to users who refuse to opt-in to tracking.[1] Some parts of their businesses are likely to be disrupted more than others. The GDPR Scale When one uses Google or Facebook.com one willingly discloses personal data. These businesses have the right to process these data to provide their services when one asks them to. …

Here is what GDPR consent dialogues could look like. Will people click yes?

Dr Johnny Ryan GDPR Leave a Comment

This note presents sketches of GDPR consent dialogues, and invites readers to participate in research on whether people will consent.  Consent requests In less than a year the General Data Protection Regulation (GDPR) will force businesses to ask Internet users for consent before they can use their personal data. Many businesses lack a direct channel to users to do this. Therefore, it is likely that they will have to ask publishers to seek consent on their behalf. This is a sketch of what a GDPR consent request by a publisher on behalf of a third party may look like, with references to the elements required in the GDPR. Click to expand: Information that data subjects must be given in GDPR-compliant consent requests.…

Why the GDPR ‘legitimate interest’ provision will not save you

Dr Johnny Ryan GDPR, Uncategorized Leave a Comment

The “legitimate interest” provision in the GDPR will not save behavioral advertising and data brokers from the challenge of obtaining consent for personally identifiable data. As previous PageFair analysis illustrates, personally identifiable data (PII) will become toxic except where it has been obtained and used with consent once the General Data Protection Regulation is applied in May 2018. Even so, many advertising intermediaries believe that they can continue to use PII data without consent because of an apparent carve-out related to “legitimate interest” contained in the GDPR. This is a false hope.

Europe’s new privacy regime will disrupt the adtech Lumascape

Dr Johnny Ryan GDPR Leave a Comment

In a year and a half, new European rules on the use of personal information will disrupt advertising and media across the globe. Here are the three biggest impacts.  Since 1996 when cookies were first repurposed to track users around the Web there has been an assumption that gathering and trading users' personal information is the essence of advertising online. This is about to change.