Why pseudonymization is not the silver bullet for GDPR.

Dr Johnny Ryan EU, Privacy, Regulation Leave a Comment

Pseudonymization will not save online advertising companies from having to seek consent to use browsing and other personal data. This note explains why. Personally identifiable data (PII) will become toxic in May 2018 when the General Data Protection Regulation is applied, unless data subjects have given consent.[1] Some businesses may try to rely on “pseudonymization”, a partial method of anonymization, to continue to use PII without consent. This would be a mistake, as the GDPR (and a previous opinion from the Article 29 Working Party[2]).…

Supporting new European data regulation

Dr Johnny Ryan Privacy, Regulation Leave a Comment

Unusually for an ad-tech company, PageFair supports the proposed ePrivacy Regulation. Here is why.  The European Commission has proposed new rules for ePrivacy, which will supplement the GDPR.[1] Unlike colleagues in other digital advertising companies, PageFair commends the proposed privacy protections for online advertising. Additional note (11 May 2017): our position concerns the proposal’s impact on online behavioural advertising (OBA). Though there are kinks to work out, as we note in our recent statement to Parliament representatives, we strongly endorse the proposal’s broad approach to OBA. PageFair has taken this position for two reasons. First, personal data are not required for online advertising.  The online advertising system can deliver relevant ads without the need to use personally identifiable information (PII), or third party cookies that collect PII.…

Why the GDPR ‘legitimate interest’ provision will not save you

Dr Johnny Ryan Privacy, Uncategorized Leave a Comment

The “legitimate interest” provision in the GDPR will not save behavioral advertising and data brokers from the challenge of obtaining consent for personally identifiable data. As previous PageFair analysis illustrates, personally identifiable data (PII) will become toxic except where it has been obtained and used with consent once the General Data Protection Regulation is applied in May 2018. Even so, many advertising intermediaries believe that they can continue to use PII data without consent because of an apparent carve-out related to “legitimate interest” contained in the GDPR. This is a false hope.

Europe’s new privacy regime will disrupt the adtech Lumascape

Dr Johnny Ryan EU, Privacy, Regulation Leave a Comment

In a year and a half, new European rules on the use of personal information will disrupt advertising and media across the globe. Here are the three biggest impacts.  Since 1996 when cookies were first repurposed to track users around the Web there has been an assumption that gathering and trading users' personal information is the essence of advertising online. This is about to change.

Reprieve for IT departments as EU court rules on IP addresses

The PageFair Team EU, Privacy Leave a Comment

If you run a website, you might want to breathe a sigh of relief. A decision this morning from the European Court of Justice means that websites can continue to collect and store visitor IP addresses. It would have been a shock to many if the ruling had gone the other way.