SlideShare a Scribd company logo

GLG webcast impact of GDPR on ad tech

Johnny Ryan
Johnny Ryan

Slides from my webinar for GLG on GDPR and the ePrivacy Regulation

Data & Analytics
1 of 31
Download to read offline
©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. October 24, 2017 IMPACT OF GDPR ON AD TECH Dr. Johnny Ryan Head of Ecosystem for PageFair
©2014 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED.©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Dr.JohnnyRyan Dr. Johnny Ryan is Head of Ecosystem for PageFair, where he works on the challenge of sustaining the open Web, and protecting personal data in the online advertising system. He is a Fellow of the Royal Historical Society, and a member of the World Economic Forum’s expert network on media, entertainment and information. His previous roles include being Chief Innovation Officer of The Irish Times. His second book “A History of the Internet and the Digital Future” is on the reading list at Harvard and Stanford. For many years he was a Senior Researcher at the Institute of International & European Affairs, focussing on European policy. His first book, based on his work at the IIEA, was the most cited source in the European Commission’s impact assessment that decided against pursuing Web censorship across the European Union.
New EU data regulationsand their impact on onlinemedia Dr JohnnyRyan
Contents 1. What thenew European rules (the GDPR and the ePR) are. (a)Global impact and risk 2.The three big challenges for online media & advertising. 3.Outlook (a) Adtech data players. (b) Google. (c) Facebook. (d) Publishers. slide 1
General Data Protection Regulation (GDPR) ePrivacy Regulation (ePR) Area of focus Protection of personal data (Article 8 of the EU Charter of Fundamental Rights) Current status Has entered in to force, and will soon be applied. Date of application 25 May 2018 Geographic impact Global Respect for private life and communications (Article 7 of the EU Charter of Fundamental Rights) Currently being negotiated between lawmaking institutions. 25 May 2018 (or later) European Economic Area (may widen) slide 2
513+ million people • Processing data by, or for, an EU business. • Businesses that offer services to, or sell to, or monitor and profile users in the EU. EuropeanEconomicArea Geographicscope slide 3
Penalties 4% of total worldwide annual turnover (or €20M, whichever is higher) for infringements related to the legal basis for processing, consent, and processing of sensitive data (including profiling), notification about users rights and the processing of their data, the rights of users (e.g. data rectification, erasure, portability, etc.), transfers of data outside of the EU,and failure to comply with a supervisory authority’s order to cease processing or to suspend a dataflow 2% of total worldwide annual turnover (or €10M,whichever is higher) for infringements relating to the consent of a child, processing that does not require identification, data protection by design, the tasks of the data protection officer, and certification plus court actions by data subjects and their representatives.slide 4
3 BigChallenges 1. Risk: Not getting consent 2. Risk: Data leakage 3. Risk: Data portability slide 5
“Personaldata” “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…” -GDPR, Article 4 slide 6
“Single customer view” Indirectly identifiable: Netflix users’ TV & movies Directly identifiable: IP addresses, where ISP can identify the subscriber slide 7
Tracking Preferences TRACKING QUESTIONS THAT MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Amended Recital 23 makes rejection of third party trackers and cookies the default. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking this is proposed in recital 23 as amended, but recital 21says that consent is not required for “technical storage or access which is strictly necessary and proportionate for …the use of a specific service explicitly requested bythe user”. Browsers etc. must present users with a menu like this the first time they are used. This is the list of options described in Recital 23, and required in Article 10. slide 8
We would like to share your browsing habits on our site with Ad Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13,para 1,c, and para 2,f. Durat ion Article 13,para 2, a. Text links to t o o l f o r withdrawing consent. Article 7, paragraph 3. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. Article 13,para 1,a, b, ande. EXAMPLE OF A GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand f o r product offers Text links to t o o l to complain to supervisory authority, and to access, correct, and transfer data, etc. Article 13,para 2, b, c, and d. slide 9
Please allow your browsing habits on our sites to be shared with [Consortium] and its participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months [DSP] i You can c[aVnecriefilcaattiaonvteimndeobr]ycilicking Please allow your browsing habits on our sites to be shared with [ConsoOrtipuemn]IaDnpdairtsticpipaartnictsipants We will then[Abdeeaxbclheatnogied]entifyoffiers that are more in[Atedreesxticnhgatnogeyo]u, and iprocess business tr[aDnMsaPc]tions with our piartners. (Alternativ[DelMy,Pw]ewill use generiic ads, which mig[hDtSbPe]less interesting ito you.) Might GDPR consent requests l o o k like this? 12 s m l o i n d ths e 10
• Consent can not be disruptive. Must be obtained freely, without detriment. (Consent Walls may or may not be permissible) You must tell the user: • Who or what type of party is receiving the data • What are the purposes of processing, and legal basis for that • How long are the data stored (or what criteria determine duration) • If this giving that data is part of a contract what are the consequences of not providing data • If the data are being transferred to a third country, what safeguards or binding corporate rules are in place? • In cases of automated decision-making, including profiling, what logic is applied and what is the significance of the outcomes. Consent slide 11 GDPR & ePrivacy Regulation: Businesses must obtain consent to use personal data. • It must be specific and informed. Can not be buried in “Terms & Conditions”.
Usercontrols • Ability to opt-out at any time • Ability to delete one’s data • Ability to move one’s data to another service slide 12
Visitor Site SSP Ad Exchange DSP requestpage requestsegment sync deliversegment servepage Adrequest cookietoSSP adrequest requestbid deliver ad sync Risk:howa‘programmatic’adis served $BrandDMP storedata slide 13
“Controller” “Processor” “Processor” “Processor” Contract Contract Contract Risk GDPR requires a newchain of accountability Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller slide 14
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DMP DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of dataleakage Personal data Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money Risk DATA LEAKAGE IN ONLINE ADVERTISING This is the current process of real-time bidding that isused in online behavioural advertising. slide 15
countless partners. BROKER 3 Buying behavioural ads online, which currently requires the sharing of personal data with 2 Buying personal data (directly or indirectly identifiable) from other sources to augment profiles 1 Holding first-party personal data that are now non-compliant Risk(brands) slide 16
All potentially liable! TheCourts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court.And can take the regulator to court for inaction. SupervisoryAuthority Visitor Site SSP AdExchange DSP DMP $Brand Risk slide 17
Risk:usercanmovedatatoa competitorsplatform slide 18
Outlook:adtech slide 19 Acxiom 10-K
4 Must ask for specific consent for these specific purposes, and can not deny access to the service if the user says “no”. •FacebookAudience Network • WhatsAppadvertising (see assumption 1) 3 Requires consent, but likely to obtain. 2 Can use consent obtained for other purposes, but must inform users and show how to opt-out. • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1and 2) • Instagramads (see assumption 1) 1Out of scope of the regulation, if business ismodified. 0 Already out of scope of the regulation. Assumption 1.That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPRArticle 6, paragraph 4. GDPR Recital 61says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPRArticle 21,paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”. The recent Facebook scandal over the segmentation of teens who “feel worthless” is relevant. Assumption 2. GDPRArticle 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR,Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. Outlook:Facebook slide 20
10-k, 3 February 2017 Q2 Earnings call, 26 July 2017 Outlook:Facebook slide 21
4 Must ask for specific consent for these specific purposes, and can not deny access to the service if the user says “no”. • Most personalized AdWordsads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross- device tracking), “customer match”, “remarketing” (see assumption 3) • Gmailads • Programmaticservices (DoubleClick) 3 Requires consent, but likely to obtain. 2 Can use consent obtained for other purposes, but must inform users and show how to opt-out. • Location targeting in Maps (see assumption 1) 1Out of scope of the regulation, if business ismodified. • AdWords(if all personalized features are removed) on Google properties including Search,Youtube,Maps 0 Already out of scope of the regulation. Assumption 1.That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPRArticle 6, paragraph 4. GDPRRecital 61says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPRArticle 21,paragraph 2and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPRRecital 70 saysthis alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”. The recent Facebook scandal over the segmentation of teens who “feel worthless” is relevant. Assumption 3. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google might be able to further process their data for other purposes. Outlook:Google slide 22
USERS PUBLISHERS OutlookforPublishers Now:Agencies and adtech take 50% or more of brand spend. Publishers get what's left. BRANDS ADTECH slide 23
USERS PUBLISHERS OutlookforPublishers After 25 May: Publishers take control, and agencies and adtech must rely on them. ADTECH BRANDS slide 24
Summary (a) Advertising technology and data businesses face enormous disruption. (b) Parts of Google will be disrupted. (c) Parts of Facebook will be disrupted. (d) Publishers face short term difficulty, but have the potential to transform their position. (e) Trust in websites, rather than clicks, may become the key currency. slide 25
©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Q&A Please submit your questions via the text box on the left side of your window. All questions will remain anonymous.
©2017GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Disclaimer By making contact with this/these Council Members and participating in this event, you specifically acknowledge, understand and agree that you must not seek out material non-public or confidential information from Council Members. You understand and agree that the information and material provided by Council Members is provided for your own insight and educational purposes and may not be redistributed or displayed in any form without the prior written consent of Gerson Lehrman Group. You agree to keep the material provided by Council Members for this event and the business information of Gerson Lehrman Group, including information about Council Members, confidential until such information becomes known to the public generally and except to the extent that disclosure may be required by law, regulation or legal process. You must respect any agreements they may have and understand the Council Members may be constrained by obligations or agreements in their ability to consult on certain topics and answer certain questions. Please note that Council Members do not provide investment advice, nor do they provide professional opinions. Council Members who are lawyers do not provide legal advice and no attorney-client relationship is established from their participation in this project. You acknowledge and agree that Gerson Lehrman Group does not screen and is not responsible for the content of materials produced by Council Members. You understand and agree that you will not hold Council Members or Gerson Lehrman Group liable for the accuracy or completeness of the information provided to you by the Council Members. You acknowledge and agree that Gerson Lehrman Group shall have no liability whatsoever arising from your attendance at the event or the actions or omissions of Council Members including, but not limited to claims by third parties relating to the actions or omissions of Council Members, and you agree to release Gerson Lehrman Group from any and all claims for lost profits and liabilities that result from your participation in this event or the information provided by Council Members, regardless of whether or not such liability arises is based in tort, contract, strict liability or otherwise. You acknowledge and agree that Gerson Lehrman Group shall not be liable for any incidental, consequential, punitive or special damages, or any other indirect damages, even if advised of the possibility of such damages arising from your attendance at the event or use of the information provided at this event.
©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED.

Recommended

GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Johnny Ryan
 
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Johnny Ryan
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsRaghu KLN
 
Burst Media Case Study
Burst Media Case StudyBurst Media Case Study
Burst Media Case Studycbourguignon
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...Johnny Ryan
 

Recommended

GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Johnny Ryan
 
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...
The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represe...Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Johnny Ryan
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsRaghu KLN
 
Burst Media Case Study
Burst Media Case StudyBurst Media Case Study
Burst Media Case Studycbourguignon
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...Johnny Ryan
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Johnny Ryan
 
UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016Andrey Plotnikov
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 
What is GDPR ? by M32
What is GDPR ? by M32What is GDPR ? by M32
What is GDPR ? by M32Pneus Touchette Distribution inc.
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty Jakub Otrząsek
 
Legal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketingLegal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketingJoost Hoogstrate
 
GIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - ConsentGIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - ConsentIAB Europe
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload) IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)IAB Europe
 
Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 
CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 

More Related Content

Similar to GLG webcast impact of GDPR on ad tech

Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project Gerry L. H.
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Johnny Ryan
 
UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016Andrey Plotnikov
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowVisitor Analytics
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Johnny Ryan
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty Jakub Otrząsek
 
Legal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketingLegal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketingJoost Hoogstrate
 
GIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - ConsentGIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - ConsentIAB Europe
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Johnny Ryan
 
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload) IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)IAB Europe
 
Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadVisitor Analytics
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc
 

Similar to GLG webcast impact of GDPR on ad tech (20)

Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back.
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
 
UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016UXPSystems_whitepaper_Privacy_Nov182016
UXPSystems_whitepaper_Privacy_Nov182016
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
 
What is GDPR ? by M32
What is GDPR ? by M32What is GDPR ? by M32
What is GDPR ? by M32
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty GDPR - Australian perspective - the challenge, the opportunity and your duty
GDPR - Australian perspective - the challenge, the opportunity and your duty
 
Legal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketingLegal stuff for Startups in digital marketing
Legal stuff for Startups in digital marketing
 
GIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - ConsentGIG Working Paper 03/2017 - Consent
GIG Working Paper 03/2017 - Consent
 
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working TogetherTrustArc Webinar-Advertising, Privacy, and Data Management Working Together
TrustArc Webinar-Advertising, Privacy, and Data Management Working Together
 
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
Brendan Eich's letter to Senator Thune and Senator Nelson, Senate Committee o...
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
 
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload) IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
IAB Europe GIG: Working Paper on Controller - Processor Criteria (reupload)
 
Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
 
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-AdvertisingTrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
TrustArc-Webinar-Slides-2022-09-20-Cross-Contextual-Advertising
 

More from Johnny Ryan

Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Johnny Ryan
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slidesJohnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Johnny Ryan
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Johnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionJohnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Johnny Ryan
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationJohnny Ryan
 

More from Johnny Ryan (20)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 
The Adtech Crisis and Disinformation
The Adtech Crisis and DisinformationThe Adtech Crisis and Disinformation
The Adtech Crisis and Disinformation
 

Recently uploaded

B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...Boston Institute of Analytics
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfJohn Sterrett
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Colleen Farrelly
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Jack DiGiovanna
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Cantervoginip
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样vhwb25kk
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhijennyeacort
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceSapana Sha
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 

Recently uploaded (20)

Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
NLP Data Science Project Presentation:Predicting Heart Disease with NLP Data ...
 
DBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdfDBA Basics: Getting Started with Performance Tuning.pdf
DBA Basics: Getting Started with Performance Tuning.pdf
 
Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024Generative AI for Social Good at Open Data Science East 2024
Generative AI for Social Good at Open Data Science East 2024
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
Building on a FAIRly Strong Foundation to Connect Academic Research to Transl...
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
ASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel CanterASML's Taxonomy Adventure by Daniel Canter
ASML's Taxonomy Adventure by Daniel Canter
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
Call Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort ServiceCall Girls in Saket 99530🔝 56974 Escort Service
Call Girls in Saket 99530🔝 56974 Escort Service
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
 
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝DelhiRS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
RS 9000 Call In girls Dwarka Mor (DELHI)⇛9711147426🔝Delhi
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 
Call Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts ServiceCall Girls In Dwarka 9654467111 Escorts Service
Call Girls In Dwarka 9654467111 Escorts Service
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 

GLG webcast impact of GDPR on ad tech

  • 1. ©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. October 24, 2017 IMPACT OF GDPR ON AD TECH Dr. Johnny Ryan Head of Ecosystem for PageFair
  • 2. ©2014 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED.©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Dr.JohnnyRyan Dr. Johnny Ryan is Head of Ecosystem for PageFair, where he works on the challenge of sustaining the open Web, and protecting personal data in the online advertising system. He is a Fellow of the Royal Historical Society, and a member of the World Economic Forum’s expert network on media, entertainment and information. His previous roles include being Chief Innovation Officer of The Irish Times. His second book “A History of the Internet and the Digital Future” is on the reading list at Harvard and Stanford. For many years he was a Senior Researcher at the Institute of International & European Affairs, focussing on European policy. His first book, based on his work at the IIEA, was the most cited source in the European Commission’s impact assessment that decided against pursuing Web censorship across the European Union.
  • 3. New EU data regulationsand their impact on onlinemedia Dr JohnnyRyan
  • 4. Contents 1. What thenew European rules (the GDPR and the ePR) are. (a)Global impact and risk 2.The three big challenges for online media & advertising. 3.Outlook (a) Adtech data players. (b) Google. (c) Facebook. (d) Publishers. slide 1
  • 5. General Data Protection Regulation (GDPR) ePrivacy Regulation (ePR) Area of focus Protection of personal data (Article 8 of the EU Charter of Fundamental Rights) Current status Has entered in to force, and will soon be applied. Date of application 25 May 2018 Geographic impact Global Respect for private life and communications (Article 7 of the EU Charter of Fundamental Rights) Currently being negotiated between lawmaking institutions. 25 May 2018 (or later) European Economic Area (may widen) slide 2
  • 6. 513+ million people • Processing data by, or for, an EU business. • Businesses that offer services to, or sell to, or monitor and profile users in the EU. EuropeanEconomicArea Geographicscope slide 3
  • 7. Penalties 4% of total worldwide annual turnover (or €20M, whichever is higher) for infringements related to the legal basis for processing, consent, and processing of sensitive data (including profiling), notification about users rights and the processing of their data, the rights of users (e.g. data rectification, erasure, portability, etc.), transfers of data outside of the EU,and failure to comply with a supervisory authority’s order to cease processing or to suspend a dataflow 2% of total worldwide annual turnover (or €10M,whichever is higher) for infringements relating to the consent of a child, processing that does not require identification, data protection by design, the tasks of the data protection officer, and certification plus court actions by data subjects and their representatives.slide 4
  • 8. 3 BigChallenges 1. Risk: Not getting consent 2. Risk: Data leakage 3. Risk: Data portability slide 5
  • 9. “Personaldata” “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…” -GDPR, Article 4 slide 6
  • 10. “Single customer view” Indirectly identifiable: Netflix users’ TV & movies Directly identifiable: IP addresses, where ISP can identify the subscriber slide 7
  • 11. Tracking Preferences TRACKING QUESTIONS THAT MUST BE ASKED AT INSTALLATION based on the e-Privacy Regulation draft text amended by the European Parliament LIBE Committee’s Rapporteur’s draft report, June 2017 Amended Recital 23 makes rejection of third party trackers and cookies the default. Accept all tracking Reject all tracking OK Reject tracking unless strictly necessary for services I request Accept only first party tracking this is proposed in recital 23 as amended, but recital 21says that consent is not required for “technical storage or access which is strictly necessary and proportionate for …the use of a specific service explicitly requested bythe user”. Browsers etc. must present users with a menu like this the first time they are used. This is the list of options described in Recital 23, and required in Article 10. slide 8
  • 12. We would like to share your browsing habits on our site with Ad Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13,para 1,c, and para 2,f. Durat ion Article 13,para 2, a. Text links to t o o l f o r withdrawing consent. Article 7, paragraph 3. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. Article 13,para 1,a, b, ande. EXAMPLE OF A GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand f o r product offers Text links to t o o l to complain to supervisory authority, and to access, correct, and transfer data, etc. Article 13,para 2, b, c, and d. slide 9
  • 13. Please allow your browsing habits on our sites to be shared with [Consortium] and its participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months [DSP] i You can c[aVnecriefilcaattiaonvteimndeobr]ycilicking Please allow your browsing habits on our sites to be shared with [ConsoOrtipuemn]IaDnpdairtsticpipaartnictsipants We will then[Abdeeaxbclheatnogied]entifyoffiers that are more in[Atedreesxticnhgatnogeyo]u, and iprocess business tr[aDnMsaPc]tions with our piartners. (Alternativ[DelMy,Pw]ewill use generiic ads, which mig[hDtSbPe]less interesting ito you.) Might GDPR consent requests l o o k like this? 12 s m l o i n d ths e 10
  • 14. • Consent can not be disruptive. Must be obtained freely, without detriment. (Consent Walls may or may not be permissible) You must tell the user: • Who or what type of party is receiving the data • What are the purposes of processing, and legal basis for that • How long are the data stored (or what criteria determine duration) • If this giving that data is part of a contract what are the consequences of not providing data • If the data are being transferred to a third country, what safeguards or binding corporate rules are in place? • In cases of automated decision-making, including profiling, what logic is applied and what is the significance of the outcomes. Consent slide 11 GDPR & ePrivacy Regulation: Businesses must obtain consent to use personal data. • It must be specific and informed. Can not be buried in “Terms & Conditions”.
  • 15. Usercontrols • Ability to opt-out at any time • Ability to delete one’s data • Ability to move one’s data to another service slide 12
  • 16. Visitor Site SSP Ad Exchange DSP requestpage requestsegment sync deliversegment servepage Adrequest cookietoSSP adrequest requestbid deliver ad sync Risk:howa‘programmatic’adis served $BrandDMP storedata slide 13
  • 17. “Controller” “Processor” “Processor” “Processor” Contract Contract Contract Risk GDPR requires a newchain of accountability Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller slide 14
  • 18. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DMP DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of dataleakage Personal data Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money Risk DATA LEAKAGE IN ONLINE ADVERTISING This is the current process of real-time bidding that isused in online behavioural advertising. slide 15
  • 19. countless partners. BROKER 3 Buying behavioural ads online, which currently requires the sharing of personal data with 2 Buying personal data (directly or indirectly identifiable) from other sources to augment profiles 1 Holding first-party personal data that are now non-compliant Risk(brands) slide 16
  • 20. All potentially liable! TheCourts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court.And can take the regulator to court for inaction. SupervisoryAuthority Visitor Site SSP AdExchange DSP DMP $Brand Risk slide 17
  • 23. 4 Must ask for specific consent for these specific purposes, and can not deny access to the service if the user says “no”. •FacebookAudience Network • WhatsAppadvertising (see assumption 1) 3 Requires consent, but likely to obtain. 2 Can use consent obtained for other purposes, but must inform users and show how to opt-out. • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1and 2) • Instagramads (see assumption 1) 1Out of scope of the regulation, if business ismodified. 0 Already out of scope of the regulation. Assumption 1.That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPRArticle 6, paragraph 4. GDPR Recital 61says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPRArticle 21,paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”. The recent Facebook scandal over the segmentation of teens who “feel worthless” is relevant. Assumption 2. GDPRArticle 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR,Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. Outlook:Facebook slide 20
  • 24. 10-k, 3 February 2017 Q2 Earnings call, 26 July 2017 Outlook:Facebook slide 21
  • 25. 4 Must ask for specific consent for these specific purposes, and can not deny access to the service if the user says “no”. • Most personalized AdWordsads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross- device tracking), “customer match”, “remarketing” (see assumption 3) • Gmailads • Programmaticservices (DoubleClick) 3 Requires consent, but likely to obtain. 2 Can use consent obtained for other purposes, but must inform users and show how to opt-out. • Location targeting in Maps (see assumption 1) 1Out of scope of the regulation, if business ismodified. • AdWords(if all personalized features are removed) on Google properties including Search,Youtube,Maps 0 Already out of scope of the regulation. Assumption 1.That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPRArticle 6, paragraph 4. GDPRRecital 61says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPRArticle 21,paragraph 2and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPRRecital 70 saysthis alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”. The recent Facebook scandal over the segmentation of teens who “feel worthless” is relevant. Assumption 3. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google might be able to further process their data for other purposes. Outlook:Google slide 22
  • 26. USERS PUBLISHERS OutlookforPublishers Now:Agencies and adtech take 50% or more of brand spend. Publishers get what's left. BRANDS ADTECH slide 23
  • 27. USERS PUBLISHERS OutlookforPublishers After 25 May: Publishers take control, and agencies and adtech must rely on them. ADTECH BRANDS slide 24
  • 28. Summary (a) Advertising technology and data businesses face enormous disruption. (b) Parts of Google will be disrupted. (c) Parts of Facebook will be disrupted. (d) Publishers face short term difficulty, but have the potential to transform their position. (e) Trust in websites, rather than clicks, may become the key currency. slide 25
  • 29. ©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Q&A Please submit your questions via the text box on the left side of your window. All questions will remain anonymous.
  • 30. ©2017GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED. Disclaimer By making contact with this/these Council Members and participating in this event, you specifically acknowledge, understand and agree that you must not seek out material non-public or confidential information from Council Members. You understand and agree that the information and material provided by Council Members is provided for your own insight and educational purposes and may not be redistributed or displayed in any form without the prior written consent of Gerson Lehrman Group. You agree to keep the material provided by Council Members for this event and the business information of Gerson Lehrman Group, including information about Council Members, confidential until such information becomes known to the public generally and except to the extent that disclosure may be required by law, regulation or legal process. You must respect any agreements they may have and understand the Council Members may be constrained by obligations or agreements in their ability to consult on certain topics and answer certain questions. Please note that Council Members do not provide investment advice, nor do they provide professional opinions. Council Members who are lawyers do not provide legal advice and no attorney-client relationship is established from their participation in this project. You acknowledge and agree that Gerson Lehrman Group does not screen and is not responsible for the content of materials produced by Council Members. You understand and agree that you will not hold Council Members or Gerson Lehrman Group liable for the accuracy or completeness of the information provided to you by the Council Members. You acknowledge and agree that Gerson Lehrman Group shall have no liability whatsoever arising from your attendance at the event or the actions or omissions of Council Members including, but not limited to claims by third parties relating to the actions or omissions of Council Members, and you agree to release Gerson Lehrman Group from any and all claims for lost profits and liabilities that result from your participation in this event or the information provided by Council Members, regardless of whether or not such liability arises is based in tort, contract, strict liability or otherwise. You acknowledge and agree that Gerson Lehrman Group shall not be liable for any incidental, consequential, punitive or special damages, or any other indirect damages, even if advised of the possibility of such damages arising from your attendance at the event or use of the information provided at this event.
  • 31. ©2017 GERSON LEHRMAN GROUP, INC. ALL RIGHTS RESERVED.