PageFair Trusted Partners To Join GDPR Compliance Initiative

Dr Johnny Ryan GDPR

This note announces an initiative among adtech companies to keep online advertising operations outside the scope of the GDPR by using no personal data. Dublin, Ireland (24 January, 2018) – PageFair has announced a joint initiative with eight other advertising companies to help equip website and app publishers with new ways of advertising  that fully comply with Europe’s new GDPR regulations.  Among the members are Adzerk, Bannerflow, Bydmath, Clearcode, Converge Digital, Digitize, SegmentIQ, and Velocidi.  The EU’s new privacy regulations will prohibit the kind of online tracking that has powered advertising up to now, unless every user gives explicit consent to the companies that track them. Publishers, advertisers and tech companies who ignore the regulation could face fines of up to €20 million or 4% of their global turnover.  …

How to audit your adtech vendors’ GDPR readiness (and a call to adtech vendors to get whitelisted as Trusted Partners)

Dr Johnny Ryan GDPR

This note describes how publishers can audit their adtech vendors’ readiness for the GDPR, and opens with a call for adtech vendors to collaborate with PageFair so that they can be whitelisted as Trusted Partners by PageFair Perimeter.  How adtech and media will work under the GDPR We anticipate that the GDPR will indeed be enforced, whether by national regulators or by NGOs or individuals in the courts. We also realise that consent is the only applicable legal basis for online behavioural advertising (See analysis). Personal data can not be processed for OBA in the absence of consent. However, consent dialogues for adtech need a “next” button -or a very long scroll bar- because online behavioural advertising requires many different opt-ins to accommodate many distinct personal data processing purposes.  …

GDPR consent design: how granular must adtech opt-ins be?

Dr Johnny Ryan GDPR

This note examines the range of distinct adtech data processing purposes that will require opt-in under the GDPR.[1] In late 2017 the Article 29 Working Party cautioned that “data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes”.[2] Consent requests for multiple purposes should “allow users to give specific consent for specific purposes”.[3]  Rather than conflate several purposes for processing, Europe’s regulators caution that “the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose”.[4] This draws upon GDPR, Recital 32.[5] In short, consent requests must be granular, showing opt-ins for each distinct purpose. How granular must consent opt-ins be?