Home Data-Driven Thinking An Evolution, Not A Revolution: Underscoring The Nuances Of GDPR
OPINION: Data-Driven Thinking

An Evolution, Not A Revolution: Underscoring The Nuances Of GDPR

By AdExchanger

SHARE:

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Guillaume Marcerou, global privacy director at Criteo.

When General Data Protection Regulation (GDPR) goes into effect on May 25, it will unify the various data privacy laws that exist across all 28 member states of the EU, including the UK.

This is a nuanced but critical point. Major global corporations with EU offices are already accustomed to complying with country-level data privacy and security requirements and are thus already complying with key elements of GDPR.

As the clock winds down to the regulation, it is imperative that marketers understand the intricacies of the policies, beginning with the areas for interpretation most commonly misconstrued.

The True Purpose Of GDPR

The GDPR aligns data protection policies across EU member states while providing consistent application and enforcement by local data protection authorities in each EU member state. Its objectives are to:

  • Modernize the legal system to protect personal data in an era of globalization and technological innovation.
  • Strengthen individual rights while reducing administrative burdens to ensure a free flow of personal data within the EU.
  • Bring clarity and coherence to personal data protection rules and ensure consistent application and effective implementation across the EU.

User Consent Qualifications

Since 2009 and the amendment of the ePrivacy EU Directive – also known as the cookie directive – in-browser messages have been the rule to obtain cookie consent within the EU.

There is an important difference between unambiguous and explicit consent.

Explicit consent means the user must opt in. This applies to sensitive personal data such as race, religion, sexual orientation, political affiliation and health status.

The GDPR requires companies to obtain unambiguous consent from users. For example, a message may be first shown to inform users, and then if users click any link on the page, they must acknowledge the use of cookies. This includes a user continuing to browse a website. Since online identifiers – cookies – alone are categorized as nonsensitive personal data, an explicit opt-in is not required.

This definition of nonambiguous consent is supported by numerous international governing bodies and agencies, including the guidance issued by the Spanish Data Protection Authority and other authorities.

Important Definitions

Consent can only be valid if it is “freely given,” where the data subject can exercise a real choice, and there is no risk of deception, intimidation, coercion or significant negative consequences if he or she does not consent. Ultimately, users must have the ability to refuse services directly from the cookie message without suffering any consequences.

For consent to be valid, it must be “specific” and “informed” by appropriate information. In other words, blanket consent without specifying the exact purpose of the processing is not acceptable. For example, an opt-out message that specifically informs users they are consenting to “cross-site tracking technology” would not pass muster.

Finally, consent must be “nonambiguous” and derive from an active behavior from which consent can be reasonably deduced. For example, a nonambiguous action would be when an individual continues to browse a website by clicking on a link on the page and accepting the use of cookies to monitor his or her browsing after specifically being informed by an in-browser message. By continuing to browse the website he or she accepts the use of third-party cookies for personalized advertising purposes.

The GDPR is a positive development that will foster trust in the digital economy and provide an environment of transparency, control and certainty for advertisers and customers. If GDPR provides efficient tools to reinstate trust in the ecommerce ecosystem, it comes with a shared responsibility for all actors to review their practices to effectively make this trust happen.

Follow Criteo (@criteo) and AdExchanger (@adexchanger) on Twitter.

Must Read

AdExchanger Senior Editors Anthony Vargas and Alyssa Boyle.
AI

POSSIBLE 2026: AdExchanger's Hot Takes

AdExchanger Senior Editors Alyssa Boyle and Anthony Vargas share their takeaways from three days chatting about agentic AI at POSSIBLE.

Platforms

Reddit Reports A 75% Boost In Q1 Ad Revenue As It Reaches For 100 Million Daily US Users

Generative AI search has pushed traffic off a cliff across most of the internet, but not on social platforms. Reddit included.

possible 2026

POSSIBLE 2026: Can AI Help Agencies Finally Break Down Those Silos?

Domenic Venuto, indie agency Horizon Media’s chief product and data officer, sat down with AdExchanger during POSSIBLE at the Fontainebleau in Miami to unpack the role of AI in today’s media and advertising landscape.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Google news

Google Touts Its AI Ad Tech Adoption And New AI Max Features

Google announced new features and ad types for AI Max, its AI-based bidding product for search and shopping or sponsored product ads. The company also touted “hundreds of thousands” of advertisers using AI Max.

Hand pressing blue AI button on keyboard. Digital collage of artificial intelligence interface.
Meta earnings

Meta’s Ad Machine Is Purring, So Why Did Its Stock Drop?

Meta’s Q1 call sounded like an AI and hardware pitch, but under the hood it was still about one thing: investing in AI to squeeze more money out of its ads business.

Marketers

Alphabet Exceeds $100 Billion In Q1 And Its Profits Almost Doubled

Alphabet earned $109.9 billion in Q1 this year, up from $90.2 billion a year ago. And that’s not even the truly gobsmacking number.

Popular

  1. Comic: It's Coming For You
    Agencies

    Omnicom Has An AI-Powered Plan To Cut Out Ad Tech Middlemen

    Omnicom is rebuilding its media machine around Acxiom and agentic AI in a bid to push more spend to publishers and sidestep the “messy middle.”

  2. Marketers

    Supplement Brand Ritual Taps Chord To Help Understand Its Historical Data

    With its new funding, commerce data platform Chord plans to help brands access their data more easily by unifying it within one platform.

  3. Comic: S.P. O’Middleman’s
    Commerce

    The Trade Desk Makes Its DSP Available Within Skai And Pacvue

    The Trade Desk announced that it will begin allowing mutual clients to use its DSP within the Pacvue or Skai platforms.

  4. possible 2026

    POSSIBLE 2026: Can AI Help Agencies Finally Break Down Those Silos?

    Domenic Venuto, indie agency Horizon Media’s chief product and data officer, sat down with AdExchanger during POSSIBLE at the Fontainebleau in Miami to unpack the role of AI in today’s media and advertising landscape.

  5. Template interface video player. Social media concept. Mockup video channel. Web windows player. Video content, blogging.
    AI

    Zefr Builds A New Front Door For YouTube Buys

    Zefr’s new agentic hub lets advertisers set up campaigns agentically using natural language prompts, thanks to an AdCP integration.