GDPR* will impact how all data is collected, stored or shared, and is likely to have a significant impact on both third party data and list broker businesses, and the quality and quantity of data that is available post May 2018.
The broad definition of personal data within GDPR means that anonymous online identifiers such as cookies and device IDs are well within its scope.
Retargeting, whether based on cookies or device IDs, will therefore involve use of personal data under GDPR and it’s likely that some form of consent will need to be gathered and passed to any 3rd parties (e.g. a DSP or ad server) before retargeting or dynamic messaging can commence.
Whilst the regulator is in the process of setting a high bar to clear for consent, the industry is looking at a number of options to minimise impact.
Compliance technologies such as Evidon are building processes to streamline the consent acquisition process, whilst initiatives such as the Technology Consortium are working to protect cookie volumes and liquidity across exchanges.
Another initiative being trialled is ‘moment marketing’, which moves away from personal data to moment or macro data. This type of activity doesn’t require to know who the person is, just the context of the page they are viewing and any events at that moment in time which could help increase content relevancy.
Within GDPR, there is a clause where businesses can process data and perform marketing called legitimate interests.
Under the regulation, legitimate interests does not require someone to consent, but the advertiser itself must ensure its legitimate direct marketing interests (clearly recognised by the GDPR) are not outweighed by any unwarranted prejudice to the rights of the consumer.
Marketers will be required to demonstrate that the content or communication to a consumer is relevant to them, which will enable them to more easily to explain why brand interests are aligned with those of consumers. This is being interpreted that personalisation and dynamic messaging can be seen as a tool required to legitimise processing under the GDPR.
Brands using legitimate interests will need to be transparent about what they do with data, not use data to unfairly discriminate, and understand that some channels always require consent – e.g. email.
Although the balance of legitimate interest will be a delicate one, extra privacy enhancing measures need to be put in place to tip communications in the favour of the consumer, whilst ensuring that personalisation remains front of mind.
At Cablato, we do not aggregate or use user data for purposes other than to service brand’s marketing, which may be an issue for other creative and dynamic ad servers.
Cablato supports the fundamental goals of GDPR. We are committed to working with regulators as we help brands engage consumers with relevant advertising and preserve the fundamental right of our clients’ end users to the protection of their personal data.
Because Cablato’s enterprise products sit on top of a unified technology platform, we believe that we are able to control and guard the flow and use of data on our technology stack.
This information is provided for your convenience and does not constitute legal advice.