The 3 biggest challenges in GDPR for online media & advertising

Dr Johnny Ryan GDPR 1 Comment

This note explains the three deepest challenges that the online advertising industry must overcome to survive the new European data rules. It also outlines our approach.  The General Data Protection Regulation (GDPR) and the ePrivacy Regulation (ePR) pose particular challenges for publishers, brands, and adtech companies. These go beyond the normal gap analysis and security overhaul that other businesses must undertake to comply with the new rules. Online advertising and media businesses’ ability to function online depends on the outcome of three deep challenges. Deep Challenge 1: Obtaining consent to process an internet user’s personal data. Despite some lingering debate to the contrary, businesses will need consent from internet users to use their personal data for online behavioral advertising. This poses a UX challenge.…

Risks to brands under new EU regulations

Dr Johnny Ryan GDPR Leave a Comment

Brands face serious new risks under the GDPR and the ePrivacy Regulation (ePR), and agencies will not be able to shield them. This note explains why, and describes what these risks are.  When the GDPR and the ePrivacy Regulation (ePR) apply a year from now brands that use personal data in their marketing campaigns will become exposed to new legal risks, irrespective of their arrangements with ad agencies. Though the new rules are European, the exposure will be global.
Access the GDPR/ePR repositoryA repository of GDPR and ePrivacy Regulation explainers, official docs, and current status.Access Now Brands are directly exposed for two reasons. Why agencies can not shield brands The first reason is legal. The first reason is that the text of the General Data Protection Regulation (GDPR) says that “each controller or processor shall be held liable for the entire damage”, where more than one controller or processor are “involved in the same processing”[1]. …

PageFair statement at European Parliament rapporteur’s ePrivacy Regulation roundtable

Dr Johnny Ryan GDPR Leave a Comment

Lightly edited transcription of PageFair remarks at rapporteur’s sessions at the European Parliament in Brussels on 29 May 2017, concerning the ePrivacy Regulation.  Statement at roundtable on Articles 9, and 10.  Dr Johnny Ryan: Thank you. PageFair is a European adtech company. We are very much in support of the Regulation as proposed, in so far as it relates to online behavioural advertising (OBA).…

Why pseudonymization is not the silver bullet for GDPR.

Dr Johnny Ryan GDPR Leave a Comment

Pseudonymization will not save online advertising companies from having to seek consent to use browsing and other personal data. This note explains why. Personally identifiable data (PII) will become toxic in May 2018 when the General Data Protection Regulation is applied, unless data subjects have given consent.[1] Some businesses may try to rely on “pseudonymization”, a partial method of anonymization, to continue to use PII without consent. This would be a mistake, as the GDPR (and a previous opinion from the Article 29 Working Party[2]).…

PageFair statement at European Parliament ALDE shadow rapporteurs session on the proposed ePrivacy Regulation

Dr Johnny Ryan GDPR Leave a Comment

Lightly edited transcription of PageFair remarks at European Parliament ALDE session on 4 May 2017.  Dr Johnny Ryan: Thank you. It’s a pleasure to be with you this afternoon. I’ve been on both sides: the adtech side, and the publisher’s side, of the particular part of this story that I want to talk about. Several years ago I was at The Irish Times as Chief Innovation Officer, and my background before that was academic: I wrote a history of the Internet, which is now a standard text. Now I work at PageFair, a European adtech company, based primarily in Dublin. I want to make clear that my remarks are limited only to the ePrivacy Regulation as it affects online advertising. There may be issues with other domains.…

DSP ‘contextual’ targeting offers solution to strict GDPR regulations

David Barton GDPR Leave a Comment

Programmatic online advertising will not cease to exist because of the GDPR or the proposed ePrivacy Directive. Personally-identifiable information (PII) may seem essential to digital advertising, but it is not the only way to target a relevant audience. Targeting based on context was a reliable method for decades before we came to rely on collecting and cross-referencing vast amounts of intrusive data.

Supporting new European data regulation

Dr Johnny Ryan GDPR Leave a Comment

Unusually for an ad-tech company, PageFair supports the proposed ePrivacy Regulation. Here is why.
Additional note (11 May 2017): our position concerns the proposal’s impact on online behavioural advertising (OBA). Though there are kinks to work out, as we note in our recent statement to Parliament representatives, we strongly endorse the proposal’s broad approach to OBA.  The European Commission has proposed new rules for ePrivacy, which will supplement the GDPR.[1] Unlike colleagues in other digital advertising companies, PageFair commends the proposed privacy protections for online advertising.
Access the GDPR/ePR repositoryA repository of GDPR and ePrivacy Regulation explainers, official docs, and current status.Access Now PageFair has taken this position for two reasons. First, personal data are not required for online advertising.  The online advertising system can deliver relevant ads without the need to use personally identifiable information (PII), or third party cookies that collect PII.…

Scott Cunningham, IAB TechLab founder, on advertising in crisis (interview podcast) 

Dr Johnny Ryan Adblocking Leave a Comment

In 2015 Scott Cunningham, the founder of IAB TechLab, told world “we messed up” on behalf of the advertising industry. His was the first major industry mea culpa that began a shift toward addressing user problems with advertising on the web. When we spoke last week I challenged him about the IAB’s DEAL strategy on adblocking, which he devised, and which may lean too far toward recommending that all publishers restrict access to users. His response is worth reading, and makes clear that DEAL is not an all or nothing approach. Only a small number of publishers with very exclusive content may be able to sustain a strategy that blocks adblock users from visiting their content. Most can not. Scott shared the background to the IAB’s LEAN principles for more respectful, subdued advertising formats.…

Why the GDPR ‘legitimate interest’ provision will not save you

Dr Johnny Ryan GDPR, Uncategorized Leave a Comment

The “legitimate interest” provision in the GDPR will not save behavioral advertising and data brokers from the challenge of obtaining consent for personally identifiable data. As previous PageFair analysis illustrates, personally identifiable data (PII) will become toxic except where it has been obtained and used with consent once the General Data Protection Regulation is applied in May 2018. Even so, many advertising intermediaries believe that they can continue to use PII data without consent because of an apparent carve-out related to “legitimate interest” contained in the GDPR. This is a false hope.

Europe’s new privacy regime will disrupt the adtech Lumascape

Dr Johnny Ryan GDPR Leave a Comment

In a year and a half, new European rules on the use of personal information will disrupt advertising and media across the globe. Here are the three biggest impacts.  Since 1996 when cookies were first repurposed to track users around the Web there has been an assumption that gathering and trading users' personal information is the essence of advertising online. This is about to change.