How to audit your adtech vendors’ GDPR readiness (and a call to adtech vendors to get whitelisted as Trusted Partners)

Dr Johnny Ryan GDPR Leave a Comment

This note describes how publishers can audit their adtech vendors’ readiness for the GDPR, and opens with a call for adtech vendors to collaborate with PageFair so that they can be whitelisted as Trusted Partners by PageFair Perimeter.  How adtech and media will work under the GDPR We anticipate that the GDPR will indeed be enforced, whether by national regulators or by NGOs or individuals in the courts. We also realise that consent is the only applicable legal basis for online behavioural advertising (See analysis). Personal data can not be processed for OBA in the absence of consent. However, consent dialogues for adtech need a “next” button -or a very long scroll bar- because online behavioural advertising requires many different opt-ins to accommodate many distinct personal data processing purposes.  …

GDPR consent design: how granular must adtech opt-ins be?

Dr Johnny Ryan GDPR Leave a Comment

This note examines the range of distinct adtech data processing purposes that will require opt-in under the GDPR.[1] In late 2017 the Article 29 Working Party cautioned that “data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes”.[2] Consent requests for multiple purposes should “allow users to give specific consent for specific purposes”.[3]  Rather than conflate several purposes for processing, Europe’s regulators caution that “the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose”.[4] This draws upon GDPR, Recital 32.[5] In short, consent requests must be granular, showing opt-ins for each distinct purpose. How granular must consent opt-ins be?