Adtech must change to protect publishers under the GDPR (IAPP podcast)

Dr Johnny Ryan GDPR

The follow up to the International Association of Privacy Professionals’ most listened to podcast of 2017.  Angelique Carson of the International Association of Privacy Professionals quizzes PageFair’s Dr Johnny Ryan on the crisis facing publishers, as they grapple with adtech vendors and attendant risks ahead of the GDPR. The podcast covers: Why personal data can not be used without risk in the RTB/programmatic system under the GDPR. Where consent falls short for publishers. How vulnerable the online advertising system is, because of central points of legal failure. The GDPR is part of a global trend. New privacy standards are on the way in other massive markets including China (and in important tech ecosystems such as Apple iOS, Firefox). This is the follow up to an earlier IAPP and PageFair podcast discussion (which was the International Association of Privacy Professionals’ most listened to podcast of 2017).…

The regulatory firewall for online media and adtech

The PageFair Team GDPR

This note announces Perimeter, a regulatory firewall to enable online advertising under the GDPR. It fixes data leakage from adtech and allows publishers to monetize RTB and direct ads, while respecting people’s data.  PageFair takes a strict interpretation of the GDPR. To comply, all media owners need to protect their visitors’ personal data, or else find themselves liable for significant fines and court actions. In European Law, personal data includes not only personally identifiable information (PII), but also visitor IP addresses, unique IDs, and browsing history.[1] The problem is that today’s online ads operate by actively disseminating this kind of personal data to countless 3rd parties via header bidding, RTB bid requests, tracking pixels, cookie syncs, mobile SDKs, and javascript in ad creatives.…

How publishers verify their adtech partners’ GDPR readiness

The PageFair Team GDPR

PageFair believes that the GDPR will be strictly enforced. This means all unique identifiers (such as user IDs) and IP addresses will be regarded as personal data under the Regulation, and therefore must not be used in a way that would distribute them in the programmatic advertising system without consent.[1] This is why we launched Perimeter, to protect publishers from risk under the GDPR. When publishers install PageFair Perimeter on their sites or in their apps, Perimeter will block adtech that uses unique identifiers without consent. Adtech services that do not use personal data where consent is absent will be whitelisted. Criteria for whitelisting in on sites/apps protected by Perimeter (where required consent is absent) No use of unique IDs No storage of IP addresses or user agent details Adtech vendors can perform necessary campaign measurement, attribution, and frequency capping using non-personal data methods as we have outlined here.…

Adtech consent is meaningless unless one stops data leakage

Dr Johnny Ryan GDPR

Websites and advertisers can not prevent personal data from leaking in programmatic advertising. If not fixed, this will render consent to use personal data meaningless.  The GDPR applies the principle of transparency:[1] People must be able to easily learn who has their personal data, and what they are doing with it. Equally importantly, people must have surety that no other parties receive these data. It follows that consent is meaningless without enforcement of data protection: unless a website prevents all data leakage, a visitor who gives consent cannot know where their data may end up. But the online advertising system leaks data in two ways. This exposes brands, agencies, websites, and adtech companies to legal risk. How data leakage happens  If “programmatic”advertising or “real time bidding” was ever a mystery to you, take 43 seconds to watch this PageFair video.…