Home Data-Driven Thinking An Evolution, Not A Revolution: Underscoring The Nuances Of GDPR
OPINION: Data-Driven Thinking

An Evolution, Not A Revolution: Underscoring The Nuances Of GDPR

By AdExchanger

SHARE:

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Guillaume Marcerou, global privacy director at Criteo.

When General Data Protection Regulation (GDPR) goes into effect on May 25, it will unify the various data privacy laws that exist across all 28 member states of the EU, including the UK.

This is a nuanced but critical point. Major global corporations with EU offices are already accustomed to complying with country-level data privacy and security requirements and are thus already complying with key elements of GDPR.

As the clock winds down to the regulation, it is imperative that marketers understand the intricacies of the policies, beginning with the areas for interpretation most commonly misconstrued.

The True Purpose Of GDPR

The GDPR aligns data protection policies across EU member states while providing consistent application and enforcement by local data protection authorities in each EU member state. Its objectives are to:

  • Modernize the legal system to protect personal data in an era of globalization and technological innovation.
  • Strengthen individual rights while reducing administrative burdens to ensure a free flow of personal data within the EU.
  • Bring clarity and coherence to personal data protection rules and ensure consistent application and effective implementation across the EU.

User Consent Qualifications

Since 2009 and the amendment of the ePrivacy EU Directive – also known as the cookie directive – in-browser messages have been the rule to obtain cookie consent within the EU.

There is an important difference between unambiguous and explicit consent.

Explicit consent means the user must opt in. This applies to sensitive personal data such as race, religion, sexual orientation, political affiliation and health status.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Google Gives Retailers Its Seal Of Approval; The Benefits Of Brands Getting Political

The GDPR requires companies to obtain unambiguous consent from users. For example, a message may be first shown to inform users, and then if users click any link on the page, they must acknowledge the use of cookies. This includes a user continuing to browse a website. Since online identifiers – cookies – alone are categorized as nonsensitive personal data, an explicit opt-in is not required.

This definition of nonambiguous consent is supported by numerous international governing bodies and agencies, including the guidance issued by the Spanish Data Protection Authority and other authorities.

Important Definitions

Consent can only be valid if it is “freely given,” where the data subject can exercise a real choice, and there is no risk of deception, intimidation, coercion or significant negative consequences if he or she does not consent. Ultimately, users must have the ability to refuse services directly from the cookie message without suffering any consequences.

For consent to be valid, it must be “specific” and “informed” by appropriate information. In other words, blanket consent without specifying the exact purpose of the processing is not acceptable. For example, an opt-out message that specifically informs users they are consenting to “cross-site tracking technology” would not pass muster.

Finally, consent must be “nonambiguous” and derive from an active behavior from which consent can be reasonably deduced. For example, a nonambiguous action would be when an individual continues to browse a website by clicking on a link on the page and accepting the use of cookies to monitor his or her browsing after specifically being informed by an in-browser message. By continuing to browse the website he or she accepts the use of third-party cookies for personalized advertising purposes.

The GDPR is a positive development that will foster trust in the digital economy and provide an environment of transparency, control and certainty for advertisers and customers. If GDPR provides efficient tools to reinstate trust in the ecommerce ecosystem, it comes with a shared responsibility for all actors to review their practices to effectively make this trust happen.

Follow Criteo (@criteo) and AdExchanger (@adexchanger) on Twitter.

Must Read

Online Advertising

Inside The Fall Of Oracle’s Advertising Business

By now, the industry is well aware that Oracle, once the most prominent advertising data seller in market, will shut down its advertising division. What’s behind the ignominious end of Oracle Advertising?

Forget about asking for permission to collect cookies. Google will have to ask for permission to not collect them.
privacy sandbox testing

Criteo: The Privacy Sandbox Is NOT Ready Yet, But Could Be If Google Makes Certain Changes Soon

If Google were to shut off third-party cookies today and implement the current version of the Privacy Sandbox, publishers would see their ad revenue on Chrome tank by around 60% on average.

Commerce Media

Platforms Are Autogenerating Creative – And It’s Going To Be Terrible

This week, we’re diving into the most important thing in advertising – the actual creative – and how major ad platforms are well on their way to an era of creative innovation. Actually, strike that. I meant creative desolation.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: TFW Disney+ Goes AVOD
CTV

Disney Expands Its Audience Graph And Clean Room Tech Beyond The US

Disney expands its audience graph and clean room tech to Latin America, marking the first time it will be available outside the US. The announcement precedes this week’s launch of Disney+ with ads in Latin America.

Native Advertising

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.

Mozilla acquires Anonym
Privacy

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Popular

  1. Online Advertising

    Inside The Fall Of Oracle’s Advertising Business

    By now, the industry is well aware that Oracle, once the most prominent advertising data seller in market, will shut down its advertising division. What’s behind the ignominious end of Oracle Advertising?

  2. Online Video

    Instream Or Out? Why It’s So Hard To Accurately Label Video Inventory

    Publishers and SSPs aren’t incentivized to accurately label their video inventory. But increased pressure from the buy side could correct the skewed pricing dynamics that result from outstream being sold as instream.

  3. CTV Roundup

    This Startup Is Serving Up A Cocktail Of CTV And DOOH

    BarBoards, an Austin-based startup that launched in February, is the latest DOOH tech platform hoping to win TV ad dollars by running ads on screens in restaurants and bars.

  4. Lou Paskalis, Chief Strategy Officer at Ad Fontes Media, and Founder & CEO of AJL Advisory
    OPINION: Data-Driven Thinking

    The Best Of Cannes 2024: Key Moments And Trends For The Year Ahead

    The challenges facing digital advertising feel bigger than ever. But when you’re in Cannes, you can’t help but focus on the positives. Here are the six biggest ad industry trends and positive takeaways from this year’s show.

  5. Commerce Media

    How Old-School Retailers Like Academy Are Getting Hip And Adapting To Digital-First Sales

    Academy Sports and Outdoors, a sporting goods chain founded in 1938, is trying to get trendy.