PageFair Trusted Partners To Join GDPR Compliance Initiative

Dr Johnny Ryan GDPR

This note announces an initiative among adtech companies to keep online advertising operations outside the scope of the GDPR by using no personal data. Dublin, Ireland (24 January, 2018) – PageFair has announced a joint initiative with eight other advertising companies to help equip website and app publishers with new ways of advertising  that fully comply with Europe’s new GDPR regulations.  Among the members are Adzerk, Bannerflow, Bydmath, Clearcode, Converge Digital, Digitize, SegmentIQ, and Velocidi.  The EU’s new privacy regulations will prohibit the kind of online tracking that has powered advertising up to now, unless every user gives explicit consent to the companies that track them. Publishers, advertisers and tech companies who ignore the regulation could face fines of up to €20 million or 4% of their global turnover.  …

GDPR consent design: how granular must adtech opt-ins be?

Dr Johnny Ryan GDPR

This note examines the range of distinct adtech data processing purposes that will require opt-in under the GDPR.[1] In late 2017 the Article 29 Working Party cautioned that “data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes”.[2] Consent requests for multiple purposes should “allow users to give specific consent for specific purposes”.[3]  Rather than conflate several purposes for processing, Europe’s regulators caution that “the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose”.[4] This draws upon GDPR, Recital 32.[5] In short, consent requests must be granular, showing opt-ins for each distinct purpose. How granular must consent opt-ins be?