Overview of GDPR
The General Data Protection Regulation (GDPR) is a set of legal framework that sets regulatory guidelines on how to process personal data of people residing across EU nations.
In January 2012, the European Commission set out plans for data protection reforms across EU. Four years later agreement was made on what is to be involved and how to enforce. GDPR finally came into effect on 25th May 2018 and applies to all the organizations, businesses of member states of EU. The regulation gives more data control to individuals over how their personal data is to be used and processed by organizations. Personal data is defined as any information that reveals the identity of a living person i.e. name, contact number, location, IP address, etc. Data Processing is any set of operations performed on personal data. There are six lawful bases of data processing legal obligations, public interests, contractual obligation, legitimate interests, consent, vital interests. This will help the data subjects in acknowledging rights to inform, access, rectification, object, decision-making, etc.
Why User Privacy is Important than Cookies?
Cookies are small text files sent from a website storing data on a user’s device that contains information regarding his visit to the specific webpage. When the user requests another page from the server, those text files are sent back to the server. The website creating cookie can get access to the information that one provides during his visit to the webpage. Though it cannot access any personal information in your device except the ones you provide in the page, yet cookies are a breach to an individual’s privacy. One can develop a user’s detailed profile by the cookies used during the period of his browsing. Hence due to privacy concerns, the usage of cookies is reducing and there is more control over which sites to accept cookies from or how long it is to be stored or used. It is done to ensure that User’s privacy is of utmost importance.
Understanding the Need of GDPR Compliance for Publishers
In UK, GDPR is supplemented by the Data Protection Act,2018. Failure to comply will lead to a heavy penalty of maximum 24 million Euros or 4% of annual turnover whichever is maximum. Thus data security should be an integral part of GDPR compliance. An organization should take appropriate and proportionate measures to secure personal data. GDPR compliance enables more transparency and accountability to an individual over his personal data. So, publishers complying with GDPR will enhance their reputation by building more trusted relations with their existing and potential clientele.
5 Best GDPR Compliant Ad Networks for Publishers
Description: Media.net is a global leader in AdTech and a member of NAI (Network Advertising Initiative). So it is committed to responsible data collection, processing and establishing legitimate data management practices. The provision of providing personal Data is completely voluntary and they do not collect it from their partner sites unless a customer is providing them. They collect personal, technical, contact, usage and financial data whenever required.
Description: Izooto is a data enabled platform allowing e-commerce businesses to retain, engage and retarget web users with personalized push notifications. It empowers brand marketers to use personalized follow-ups, and choose to re-engage and bring customers back to their website. Each browser, including Chrome, Firefox, has its own notification delivery service. iZooto claims to simplify this with its one simple tag. Marketers can add that tag and can go live anytime easily.
Features: As per their unwavering commitment to data security and customer protection, izooto is liable to GDPR compliance. They evaluate new requirements and restrictions imposed by the GDPR and take necessary action to ensure that customer data is handled in compliance with applicable law. As they are data processors they implement best data security practices as Data minimization, Log pseudonymization, Data transparency.
Description: Setupad is a marketing and an advertising company. It has built a tool for website monetization and yield optimization that connects several ad platforms into a single auction. Their top priority is to monetize cross-border traffic and to help publishers gain incremental revenues. Users abroad are able to receive quality targeted advertising if publishers are willing to separate their foreign traffic and sell it purely in RTB fashion. Setupad connects website’s media space to top SSPs (Supply Side Platforms) in a Header Bidding way, which allows more buyers to participate and CPM prices to increase. Setupad does all necessary yield optimization and allows publishers to get back to their true calling – quality content creation.
Features: Setupad collects and stores Personal Information that is directly provided through the Website during the registration process or otherwise. That information is used in a non personally identifiable way for the purpose of advertisement operations only. It does not share any raw data to any third party. Cookies are sometimes employed by Setupad for proper website operation, gathering personally non-identifiable data, to provide users with customized and relevant experience, for the purpose of advertising campaign tracking, and interest-based advertising. It applies strict measures to protect the collected data against accidental/unlawful destruction and loss, alteration, unauthorized disclosure, processing or access. Setupad is a member of the Interactive Advertising Bureau and complies with the highest industry standards on digital advertising and user’s privacy protection.
4. Google AdX
Description: It is a real-time market place which offers a huge inventory to a large number of advertisers through programmatic RTB ( Real Time Bidding). Here publishers can set floor prices and control the bidding on their available ad units and there are more possible buyers through different types of auctions. They can also sell their ad unit inventories through Open Auction, Private Auction or Preferred Deal.
Features: Google is asking publishers in Europe to obtain consent for the usage of personal data and ad targeting under GDPR. Companies operating in the EU are required to gain opt-in consent for the collection and usage of those personal data. It also wants publishers to maintain records of consent and provide opt-out instructions for users who later might change their decisions. Google is developing technology to offer “non-personalized” ads in cases where consent hasn’t yet been obtained. This is without regard to individual users’ online behavior.
Description: It is one of the world’s leading native advertising and content discovery platform for businesses to increase their ROI and monetize the audiences by innovative thoughts, useful products. A lot of publishers use Revcontent as it works well with social sites where the AdSense CPC is not very high.
Features: Revcontent automatically collects specific user data in order to provide recommendations and promote content relevant to the user’s interests when he access websites and mobile applications. The information is on how one interacts with their Services. They collect browser and device Information, click data, usage data to customize the user experience. Revcontent does not rent or sell this information to other companies and store the information as long as is necessary for legitimate business purposes.
GDPR compliance by organizations through implementing technical and organizational measures not only do they benefit in data governance but also cyber resilience helping customers prevent frequent cyber attacks. They should appoint either a data protection officer to ensure the business is compliant.