SlideShare a Scribd company logo

GDPR, ePrivacy Regulation, consent, and online media

Johnny Ryan
Johnny Ryan

Speech at the Academy of European Law in Trier

Law
1 of 66
Download to read offline
GDPR consent, online media and advertising Academy of European Law johnny@pagefair.com@johnnyryan Dr Johnny Ryan
Recap...
General Data Protection Regulation (GDPR) ePrivacy Regulation (ePR) Area of focus Protection of personal data (Article 8 of the EU Charter of Fundamental Rights) Respect for private life and communications (Article 7 of the EU Charter of Fundamental Rights) Current status Has entered in to force, and will soon be applied. Currently being negotiated. Date of application 25 May 2018 25 May 2018 (could be later - Austrian Presidency?) Geographic impact Global European Economic Area (may widen?)
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…” -GDPR, Article 4 “Personal data”
“Single customer view” Indirectly identifiable: Netflix users’ TV & movies Directly identifiable: IP addresses, where ISP can identify the subscriber
“Behavioural” ad targeting & “programmatic” trading. What this jargon means is: automatic auctions for the right people’s attention.
/// Visitor Site Brand $
/// Visitor Site SSP DSP DMP Brand $ “Demand side”“Supply side” Ad Exchange
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
The Daily Bugle ExchangeExchange Exchange Exchange 1. Page loads. 2. What ad should we show this user? 3. Send details of user to ad exchange(s) to solicit bids from advertisers
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP
The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
The Daily Bugle ADVERTISEMENT ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DMPDSP DMP DMP DSP ? ? ? ? ? ? ? ?
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP W inningbid DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Channel of data leakage Personal data Legend Money DATA LEAKAGE
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
“Controller” “Processor” “Processor” “Processor” Contract Contract Contract Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller GDPR requires a chain of accountability
Risk to BRANDS
Holding first-party personal data that are now non-compliant Buying personal data (directly or indirectly identifiable) from other sources to augment profiles Buying behavioural ads online, which currently requires the sharing of personal data with countless partners. BROKER 3 2 1 Risk (brands)
All potentially liable! The Courts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court. And can take the regulator to court for inaction. Supervisory Authority /// /// Visitor Site SSP Ad Exchange DSP DMP Brand $
CONSENT
Consent • Consent can not be disruptive. Must be obtained freely, without detriment. • Can not be buried in T&C. Must be specific and informed.
Must inform in more detail (while also being clearer), and obtain specific consent
• Who or what type of party is receiving the data • What are the purposes of processing, and legal basis for that • How long are the data stored (or what criteria determine duration) • If this giving that data is part of a contract what are the consequences of not providing data • If the data are being transferred to a third country, what safeguards or binding corporate rules are in place? • In cases of automated decision-making, including profiling, what logic is applied and what is the significance of the outcomes.
We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Text links to tool for withdrawing consent. 
 Article 7, paragraph 3. Text links to tool to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. 
 Article 13, para 1, a, b, and e. EXAMPLE OF A GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand for product offers
We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Thinking of yourself as a visitor to websites, what would you select if shown this message? 79% 21%
Please allow your browsing habits on our sites to be shared with We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months Might GDPR consent requests look like this? [Consortium] and its participants duration “Ad choices”
Please allow your browsing habits on our sites to be shared with Open ID participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months [Ad exchange] [Ad exchange] [DMP] [DMP] [DSP] [DSP] [Verification vendor] i i i i i i i [Consortium] and its participants Might GDPR consent requests look like this? Each controller. and categories of processors.
ON My Data ON Verification OFFBrowsing habits This site All sites Done Ad networks Social profile Ad targeting
My Data This month Today Back Yesterday This week Browsing habits This month This month
ON My Data ON Verification OFFBrowsing habits This site All sites Done ? Ad networks Social profile ? ? ? Ad targeting?
ON My Data ON Commenting Verification This site All sites Done ? Verification service Social profile ? ? ? Ad targeting?
51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200% Can not deny access Article 7(2) prohibits conditionality.
3%46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? 1st party tracking on a website 3rd party tracking on a website 23% 0% 100% 200% No YesYes, if denied access to the site otherwise
3% 3%32%65% 46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No Yes, if denied access to the site otherwise Yes 1st party tracking on a website 3rd party tracking on a website Tracking by any party, anywhere on the web 23% 0% 100% 200%
Google and Facebook
Needs “opt-in” consent, but user has little incentive to agree 4 Needs “opt-in” consent, and may get it 3 Can show an “opt-out” before using data 2 Out of scope of Regulation if business is modified 1 Already out of scope of the Regulation 0 GDPR scale (digital advertising) 5 Needs “opt-in” consent, but is unable to communicate with users
5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Facebook Audience Network • WhatsApp advertising (see assumption 1) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1 and 2) • Instagram ads (see assumption 1) 1 Out of scope of the regulation, if business is modified. 0 Already out of scope of the regulation. Assumption 2. GDPR Article 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR, Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. GDPR scale: FACEBOOK Assumption 1. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
Assumption 1. … the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
Until this week, when we asked Facebook about it, the world’s largest social network enabled advertisers to direct their pitches to the news feeds of almost 2,300 people who expressed interest in the topics of “Jew hater,” “How to burn jews,” or, “History of ‘why jews ruin the world.’” To test if these ad categories were real, we paid $30 to target those groups with three “promoted posts” — in which a ProPublica article or post was displayed in their news feeds. Facebook approved all three ads within 15 minutes.
5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Most personalized AdWords ads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross-device tracking), “customer match”, “remarketing” (see assumption 1) • Gmail ads • Programmatic services (DoubleClick) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • Location targeting in Maps (see assumption 2) 1 Out of scope of the regulation, if business is modified. • AdWords (if all personalized features are removed) on Google properties including Search, Youtube, Maps 0 Already out of scope of the regulation. • “Placement-targeted” ads on Google properties. Assumption 1. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google may be able to further process their data for other purposes. GDPR scale: GOOGLE Assumption 2. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
Agencies Agency Trading Desks DSPs Exchanges Sharing Data / Social Tools SSPs Publisher Tools Ad Servers Media Mgmt Systems and Operations DMPs and Data Aggregators Data Suppliers Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt Ad Networks Vertical / Custom Targeted Networks/AMPs Performance Mobile M A R K E T E R P U B L I S H E R C O N S U M E R
Sharing Data / Social Tools SSPs Publisher Tools Ad Servers P U B L I S H E R C O N S U M E R GDPR AND THE LUMA- SCAPE DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
USERS PUBLISHERS Outlook for Publishers Now: Agencies and adtech take 50% or more of brand spend. Publishers get what's left. BRANDS
USERS PUBLISHERS Outlook for Publishers After 25 May: Publishers take control, and agencies and adtech must rely on them. BRANDS slide 24
PLAN “A”: SEEK CONSENT (AND END DATA LEAKAGE). PEOPLE WILL OPT-IN TO TRACKING FOR ADS? BUT... HOW CONFIDENT ARE YOU THAT
How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% 32% 32% 21% 12% 4% Not at all To a small degree Moderately Highly Very highly
Not at all How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% To a small degree Moderately Highly Very highly How concerned are you about your online behaviour being tracked? 5% 7% 21% 35% 32% 32% 32% 21% 12% 4%
PLAN “B”: INTEREST-BASED ADS WITHOUT PERSONAL DATA. RELEVANT ADVERTISING & MEASUREMENT OUTSIDE THE SCOPE OF THE REGULATION
Sharing Data / Social Tools SSPs Publisher Tools Ad Servers P U B L I S H E R C O N S U M E R DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Sharing Data / Social Tools SSPs Ad Servers Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R P U B L I S H E R C O N S U M E R Vertical / Custom Targeted Networks/AMPs Publisher Tools Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
Sharing Data / Social Tools SSPs Ad ServersM A R K E T E R P U B L I S H E R C O N S U M E R Publisher Tools Data Protection Platform DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
Agencies Agency Trading Desks DSPs Exchanges Ad Networks Sharing Data / Social Tools SSPs Ad Servers Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R P U B L I S H E R C O N S U M E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Consumer Brand Loyalty Schemes Publisher Tools Data Protection Platform Data Suppliers DMPs and Data Aggregators Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
ePrivacy Regulation
tracking choices that must be shown at installation based on the draft text proposed by the European Commission, January 2017 Tracking Preferences Accept all cookies Accept only first party cookies Reject all cookies SELECT AN OPTION TO CONTINUE This is the list of options described in Recital 23, and required in Article 10. Article 10, para. 2, says that a user must select an option before installation can continue.
Tracking Preferences Amended Recital 23 makes rejection of third party trackers and cookies the default. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking this is proposed in recital 23 as amended, (but it seems redundant, since recital 21 says that consent is not required for “technical storage or access which is strictly necessary and proportionate for … the use of a specific service explicitly requested by the user”.) based on the text as amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 tracking choices that must be shown at installation
Tracking Preferences Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking What will people click? 56% 20%19% 5%
NON-TRACKING COOKIES
Set-Cookie: path=/; count=1
Set-Cookie: path=/; currency=DK
1. Much online ad tech exposes personal data to unwarranted parties. 2. The consenting audience will be tiny. 3. Using non-personal data are the answer. @johnnyryanSummary
johnny@pagefair.com @johnnyryan

Recommended

GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech Johnny Ryan
 
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Johnny Ryan
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
Burst Media Case Study
Burst Media Case StudyBurst Media Case Study
Burst Media Case Studycbourguignon
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...Johnny Ryan
 

Recommended

GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech Johnny Ryan
 
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Johnny Ryan
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
Burst Media Case Study
Burst Media Case StudyBurst Media Case Study
Burst Media Case Studycbourguignon
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...Johnny Ryan
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowHannah Flynn
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking PerformanceGed Carroll
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionPaulDonahue16
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCMassociates
 
CCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital AdvertisingCCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital AdvertisingThe Media Kitchen
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolPaul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolSagittarius
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureThe Media Kitchen
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsRaghu KLN
 
Data and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital MarketingData and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital MarketingRoyal Holloway, University of London
 
White-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSPWhite-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSPSmartyAds
 
CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 

More Related Content

Similar to GDPR, ePrivacy Regulation, consent, and online media

Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowHannah Flynn
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking PerformanceGed Carroll
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionPaulDonahue16
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...ForgeRock
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCMassociates
 
CCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital AdvertisingCCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital AdvertisingThe Media Kitchen
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolPaul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolSagittarius
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureThe Media Kitchen
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsRaghu KLN
 
White-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSPWhite-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSPSmartyAds
 

Similar to GDPR, ePrivacy Regulation, consent, and online media (20)

Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back.
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking Performance
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data Collection
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
 
CCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital AdvertisingCCPA and the Future of Privacy-First Digital Advertising
CCPA and the Future of Privacy-First Digital Advertising
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolPaul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore Tool
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless Future
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
 
Data and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital MarketingData and Creativity - Choices in Digital Marketing
Data and Creativity - Choices in Digital Marketing
 
White-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSPWhite-Label AI-Powered Cookieless DSP
White-Label AI-Powered Cookieless DSP
 

More from Johnny Ryan

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slidesJohnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 

More from Johnny Ryan (20)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 

Recently uploaded

POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书SD DS
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
The Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxThe Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxNeeteshKumar71
 
Indian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxIndian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxSauravAnand68
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Companyaneesashraf6
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 

Recently uploaded (20)

POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
如何办理(ISU毕业证书)爱荷华州立大学毕业证学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
The Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptxThe Prevention Of Corruption Act Presentation.pptx
The Prevention Of Corruption Act Presentation.pptx
 
Indian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptxIndian Contract Act-1872-presentation.pptx
Indian Contract Act-1872-presentation.pptx
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
Difference between LLP, Partnership, and Company
Difference between LLP, Partnership, and CompanyDifference between LLP, Partnership, and Company
Difference between LLP, Partnership, and Company
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 

GDPR, ePrivacy Regulation, consent, and online media

  • 1. GDPR consent, online media and advertising Academy of European Law johnny@pagefair.com@johnnyryan Dr Johnny Ryan
  • 2.
  • 4. General Data Protection Regulation (GDPR) ePrivacy Regulation (ePR) Area of focus Protection of personal data (Article 8 of the EU Charter of Fundamental Rights) Respect for private life and communications (Article 7 of the EU Charter of Fundamental Rights) Current status Has entered in to force, and will soon be applied. Currently being negotiated. Date of application 25 May 2018 25 May 2018 (could be later - Austrian Presidency?) Geographic impact Global European Economic Area (may widen?)
  • 5. “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…” -GDPR, Article 4 “Personal data”
  • 6. “Single customer view” Indirectly identifiable: Netflix users’ TV & movies Directly identifiable: IP addresses, where ISP can identify the subscriber
  • 7. “Behavioural” ad targeting & “programmatic” trading. What this jargon means is: automatic auctions for the right people’s attention.
  • 9. /// Visitor Site SSP DSP DMP Brand $ “Demand side”“Supply side” Ad Exchange
  • 10. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
  • 11. The Daily Bugle ExchangeExchange Exchange Exchange 1. Page loads. 2. What ad should we show this user? 3. Send details of user to ad exchange(s) to solicit bids from advertisers
  • 13. The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
  • 14. The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
  • 15. The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
  • 16. The Daily Bugle ADVERTISEMENT ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DMPDSP DMP DMP DSP ? ? ? ? ? ? ? ?
  • 17. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP W inningbid DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Channel of data leakage Personal data Legend Money DATA LEAKAGE
  • 18. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
  • 19. “Controller” “Processor” “Processor” “Processor” Contract Contract Contract Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller GDPR requires a chain of accountability
  • 20.
  • 22. Holding first-party personal data that are now non-compliant Buying personal data (directly or indirectly identifiable) from other sources to augment profiles Buying behavioural ads online, which currently requires the sharing of personal data with countless partners. BROKER 3 2 1 Risk (brands)
  • 23. All potentially liable! The Courts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court. And can take the regulator to court for inaction. Supervisory Authority /// /// Visitor Site SSP Ad Exchange DSP DMP Brand $
  • 25. Consent • Consent can not be disruptive. Must be obtained freely, without detriment. • Can not be buried in T&C. Must be specific and informed.
  • 26. Must inform in more detail (while also being clearer), and obtain specific consent
  • 27. • Who or what type of party is receiving the data • What are the purposes of processing, and legal basis for that • How long are the data stored (or what criteria determine duration) • If this giving that data is part of a contract what are the consequences of not providing data • If the data are being transferred to a third country, what safeguards or binding corporate rules are in place? • In cases of automated decision-making, including profiling, what logic is applied and what is the significance of the outcomes.
  • 28. We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Text links to tool for withdrawing consent. 
 Article 7, paragraph 3. Text links to tool to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. 
 Article 13, para 1, a, b, and e. EXAMPLE OF A GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand for product offers
  • 29. We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Thinking of yourself as a visitor to websites, what would you select if shown this message? 79% 21%
  • 30. Please allow your browsing habits on our sites to be shared with We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months Might GDPR consent requests look like this? [Consortium] and its participants duration “Ad choices”
  • 31. Please allow your browsing habits on our sites to be shared with Open ID participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months [Ad exchange] [Ad exchange] [DMP] [DMP] [DSP] [DSP] [Verification vendor] i i i i i i i [Consortium] and its participants Might GDPR consent requests look like this? Each controller. and categories of processors.
  • 32. ON My Data ON Verification OFFBrowsing habits This site All sites Done Ad networks Social profile Ad targeting
  • 33. My Data This month Today Back Yesterday This week Browsing habits This month This month
  • 34. ON My Data ON Verification OFFBrowsing habits This site All sites Done ? Ad networks Social profile ? ? ? Ad targeting?
  • 35. ON My Data ON Commenting Verification This site All sites Done ? Verification service Social profile ? ? ? Ad targeting?
  • 36.
  • 37. 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200% Can not deny access Article 7(2) prohibits conditionality.
  • 38. 3%46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? 1st party tracking on a website 3rd party tracking on a website 23% 0% 100% 200% No YesYes, if denied access to the site otherwise
  • 39. 3% 3%32%65% 46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No Yes, if denied access to the site otherwise Yes 1st party tracking on a website 3rd party tracking on a website Tracking by any party, anywhere on the web 23% 0% 100% 200%
  • 41. Needs “opt-in” consent, but user has little incentive to agree 4 Needs “opt-in” consent, and may get it 3 Can show an “opt-out” before using data 2 Out of scope of Regulation if business is modified 1 Already out of scope of the Regulation 0 GDPR scale (digital advertising) 5 Needs “opt-in” consent, but is unable to communicate with users
  • 42. 5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Facebook Audience Network • WhatsApp advertising (see assumption 1) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1 and 2) • Instagram ads (see assumption 1) 1 Out of scope of the regulation, if business is modified. 0 Already out of scope of the regulation. Assumption 2. GDPR Article 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR, Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. GDPR scale: FACEBOOK Assumption 1. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
  • 43. Assumption 1. … the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
  • 44. Until this week, when we asked Facebook about it, the world’s largest social network enabled advertisers to direct their pitches to the news feeds of almost 2,300 people who expressed interest in the topics of “Jew hater,” “How to burn jews,” or, “History of ‘why jews ruin the world.’” To test if these ad categories were real, we paid $30 to target those groups with three “promoted posts” — in which a ProPublica article or post was displayed in their news feeds. Facebook approved all three ads within 15 minutes.
  • 45. 5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Most personalized AdWords ads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross-device tracking), “customer match”, “remarketing” (see assumption 1) • Gmail ads • Programmatic services (DoubleClick) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • Location targeting in Maps (see assumption 2) 1 Out of scope of the regulation, if business is modified. • AdWords (if all personalized features are removed) on Google properties including Search, Youtube, Maps 0 Already out of scope of the regulation. • “Placement-targeted” ads on Google properties. Assumption 1. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google may be able to further process their data for other purposes. GDPR scale: GOOGLE Assumption 2. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
  • 46. Agencies Agency Trading Desks DSPs Exchanges Sharing Data / Social Tools SSPs Publisher Tools Ad Servers Media Mgmt Systems and Operations DMPs and Data Aggregators Data Suppliers Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt Ad Networks Vertical / Custom Targeted Networks/AMPs Performance Mobile M A R K E T E R P U B L I S H E R C O N S U M E R
  • 47. Sharing Data / Social Tools SSPs Publisher Tools Ad Servers P U B L I S H E R C O N S U M E R GDPR AND THE LUMA- SCAPE DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
  • 48. USERS PUBLISHERS Outlook for Publishers Now: Agencies and adtech take 50% or more of brand spend. Publishers get what's left. BRANDS
  • 49. USERS PUBLISHERS Outlook for Publishers After 25 May: Publishers take control, and agencies and adtech must rely on them. BRANDS slide 24
  • 50. PLAN “A”: SEEK CONSENT (AND END DATA LEAKAGE). PEOPLE WILL OPT-IN TO TRACKING FOR ADS? BUT... HOW CONFIDENT ARE YOU THAT
  • 51. How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% 32% 32% 21% 12% 4% Not at all To a small degree Moderately Highly Very highly
  • 52. Not at all How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% To a small degree Moderately Highly Very highly How concerned are you about your online behaviour being tracked? 5% 7% 21% 35% 32% 32% 32% 21% 12% 4%
  • 53. PLAN “B”: INTEREST-BASED ADS WITHOUT PERSONAL DATA. RELEVANT ADVERTISING & MEASUREMENT OUTSIDE THE SCOPE OF THE REGULATION
  • 54. Sharing Data / Social Tools SSPs Publisher Tools Ad Servers P U B L I S H E R C O N S U M E R DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
  • 55. DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Sharing Data / Social Tools SSPs Ad Servers Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R P U B L I S H E R C O N S U M E R Vertical / Custom Targeted Networks/AMPs Publisher Tools Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
  • 56. Sharing Data / Social Tools SSPs Ad ServersM A R K E T E R P U B L I S H E R C O N S U M E R Publisher Tools Data Protection Platform DMPs and Data Aggregators Data Suppliers Agencies Agency Trading Desks DSPs Exchanges Ad Networks Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt Vertical / Custom Targeted Networks/AMPs Performance Mobile Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
  • 57. Agencies Agency Trading Desks DSPs Exchanges Ad Networks Sharing Data / Social Tools SSPs Ad Servers Media Mgmt Systems and Operations Media Planning and Attribution Creative Optimization Retargeting Verification / Privacy Measurement and Analytics Ad Servers Tag Mgmt M A R K E T E R P U B L I S H E R C O N S U M E R Vertical / Custom Targeted Networks/AMPs Performance Mobile Consumer Brand Loyalty Schemes Publisher Tools Data Protection Platform Data Suppliers DMPs and Data Aggregators Risk Legend Needs “opt-in” consent, but is unable to ask Needs consent, unlikely to get it Needs consent, may get it OK, if users have consented for “compatible” uses, and do not opt out when notified. Out of scope of Regulation if business is modified Already out of scope of the Regulation
  • 59. tracking choices that must be shown at installation based on the draft text proposed by the European Commission, January 2017 Tracking Preferences Accept all cookies Accept only first party cookies Reject all cookies SELECT AN OPTION TO CONTINUE This is the list of options described in Recital 23, and required in Article 10. Article 10, para. 2, says that a user must select an option before installation can continue.
  • 60. Tracking Preferences Amended Recital 23 makes rejection of third party trackers and cookies the default. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking this is proposed in recital 23 as amended, (but it seems redundant, since recital 21 says that consent is not required for “technical storage or access which is strictly necessary and proportionate for … the use of a specific service explicitly requested by the user”.) based on the text as amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 tracking choices that must be shown at installation
  • 61. Tracking Preferences Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking What will people click? 56% 20%19% 5%
  • 65. 1. Much online ad tech exposes personal data to unwarranted parties. 2. The consenting audience will be tiny. 3. Using non-personal data are the answer. @johnnyryanSummary