GDPR Publishing Resources Top Stories

GDPR: The ultimate resource guide for publishers

GDPR is finally here (enforced from Friday 25th May 2018). For publishers the challenge isn’t over. In fact, it’s barely begun.

In order to cut through the noise and provide clarity to publishers, WNIP has compiled what we believe to be the definitive GDPR Publishers’ Resource.

This will act as a ‘live’ feed and will be updated on an ongoing basis. Click here for the Latest GDPR News feed.

Resources

The Legislation

Click here to view the full GDPR legislation in its entirety.

Information Commissioner’s Office

A general must-read is the Information Commissioner’s Office Guide to the General Data Protection Regulation (GDPR). This is a good foundation and essential reading for anyone looking into GDPR. Unlike what you’d expect from a Government body, the guidance is concise and clear.

What we particularly like is its ‘At a Glance’ overviews covering The Right To Be Informed; Consent; and Legal Obligation.

The Guide also covers GDPR for Children, an absolute must-read for publishers holding data on children.

GDPR for Publishers: The Lawyer’s View

With ambiguity and confusion surrounding certain elements of GDPR, WNIP met with one of the world’s leading legal authorities on the subject, Gabriel Voisin, a partner with Bird & Bird LLP in the City of London.

Armed with a bevy of topics from publishers both large and small, Gabriel answers questions such as, “What is an adequate consent approach?”; “How do I know that my partners are GDPR compliant?”; “How do I, as a publisher, respect the data subject rights?” and many more besides….a 30 minute must-listen.

GDPR for Marketers: The Essentials

Written in conjunction with ISBA and the Data Protection Network, the Direct Marketing Association’s ‘GDPR for Marketers; The essentials’ is, well, essential.

A concise and clear overview, the 30 page tome ends with the uplifting conclusion that whilst GDPR ‘can be seen as a hindrance for marketing activities, a closer examination of the regulation reveals that it gives marketers an opportunity to build more transparent and meaningful relationships with their customers’.

Checklists for Publishers

The ICO has (helpfully) created self-assessment checklists for both data controllers and data processors which are perfect for independent publishers lacking the resource to hire a dedicated data controller. The Government body has also written a more in-depth checklist which offers a 12-step roadmap to compliance. The latter is an excellent roadmap and guide.

Consent

For authoritative information on consent, read the Article 29 Working Party (WP29) guidance. This a legal document, written by lawyers for lawyers – if you don’t have five hours to spare, the ICO’s overview on consent is our preferred reading material. Five minutes, if that. Stop Press: May 10th, the ICO has just published its final guidance on consent.

Revealed: the best time to send GDPR consent emails

In short, avoid the morning! According to SmartFocus, emails sent earlier in the day are more likely to be seen as an intrusion, as recipients are busy at work and going about their day. Consequently, emails sent at night will be seen in a much more positive light.

SmartFocus chief marketing officer Sarah Taylor says: “Knowing when to contact your audience with a request for information or consent can make the difference between success and failure.”

Privacy notices

Yep, the ICO has that covered with this checklist – it will take you through everything you need to be able to write accurate, legally compliant privacy notices. WNIP has also written a clear overview of what GDPR means for publishers’ privacy policies.

In short, any time anyone properly engages with your website – not just reading, but wanting to know more and signing up – then you need to have your privacy notice right up there. You need to let them know up front what you do with their data. If they have to go and search for this then, again, you are going to fall foul of GDPR.

Fines

There is a lot of scaremongering right now. You’ve heard the potential fines I’m sure: 4% of a company’s global turnover or €20 million. That’s enough to sink any publishing ship. However, the Information Commissioner Elizabeth Denham has spoken out about this in the ICO’s blog and tried to allay people’s fears. Yes, the potential fines are onerous but Denham stresses that, “this law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that.”

Crucially she adds, “It’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm.”

But what about Brexit?

Because the UK government only triggered Article 50 in March 2017, which sets in motion the act of leaving the EU within a two-year timeframe, the UK must still comply. In fact, a recent Data Protection Bill, published by the UK government in August 2017, essentially mirrors the requirements of GDPR into UK legislation (meaning those compliant with GDPR should be compliant with the new UK data protection law and vice versa).

Don’t Panic Mr Mainwaring

Perhaps the final word, at this juncture at least, should go to Bird & Bird LLP’s Gabriel Voisin who when asked what single piece of advice he’d give publishers over GDPR, responded, “Don’t panic and just stay calm.”

We’d also recommend this article from Econsultancy entitled, GDPR: Why the opportunities far outweigh the costs’. As the author concludes, “These rules are going to ensure that your organisation is providing a more secure, trustworthy service.” He also adds, “More importantly these changes are going to be enforced worldwide. This means GDPR is not (only) a European issue.”

Latest GDPR news:

July 19th: Post-GDPR impact: Programmatic remains strong

At a glance: It’s been reported that programmatic purchases have plummeted in the EU since GDPR has gone into effect. However, having evaluated programmatic ad spend in the U.S., the impact isn’t nearly as drastic as some may have believed.

July 18th: Hearst settles magazine subscribers’ Michigan privacy claim for $50 million

At a glance: Not directly related to GDPR but relevant – Hearst was accused of violating the Michigan Video Rental Privacy Act by selling readers’ magazine subscription histories and reading habits to data mining companies, and then selling “enhanced” customer profiles containing data from those companies to third parties.

July 16th: Major UK data firms under scrutiny as watchdog bites

At a glance: Some of the UK’s leading data companies, including CACI, Experian, Equifax, TransUnion (formerly Callcredit) and Data8, are among the businesses being investigated by the Information Commissioner’s Office as part of its probe into the use of personal data for political advertising. It also has evidence that some data brokers had initially failed to obtain lawful consent.

July 12th: ‘It’s impossible’: Google has asked ad tech firms to guarantee broad GDPR consent, assume liability

At a glance: Google is asking that programmatic exchanges and SSPs guarantee that their publishers have received consent for each of the roughly 200 vendors on Google’s commonly used vendor list. However, if an exchange or SSP declines to sign the agreement, it is limited to only selling non-personalized ads through DoubleClick Bid Manager. In the words of one executive, the situation ‘is impossible’.

July 11th: Emma’s Diary first broker to be fingered in ICO probe

At a glance: Emma’s Diary, the brand set up 25 years ago to target expectant and new mums, has become the first list broker to be incriminated in the Information Commissioner’s Office probe into the misuse of personal data in political advertising. The brand, which is owned by Lifestyle Marketing, has now been served with a notice of intent of regulatory action.

July 9th: They’re passing the liability onto us: Publishers balk at Publicis Media’s new GDPR requirements

At a glance: Several publishers are pushing back on demands by agency giant Publicis that are meant to get the agency in compliance with GDPR. The concerns center around Publicis’ shifting liability for the new European privacy law to publishers which would leave the publisher responsible if the agency retargets users who haven’t consented to be targeted.

July 6th: World’s biggest tech firms accused of flouting GDPR

At a glance: According to an analysis of online privacy policies, 14 of the world’s leading tech firms – including Facebook, Amazon, AirBnB and Apple, as well as Google – do not fully meet the requirements of the new regulation.

July 5th: Google delay on ads standard for EU privacy law creates compliance mess

At a glance: Google’s delayed entry into a consortium of advertising technology companies has spoiled the members’ push to comply with a new European privacy law, six people involved in the program told Reuters, leaving some firms exposed to fines.

July 3rd: US sites continue to block European visitors post-GDPR

At a glance: Many American publishers don’t want to lose their EU audiences, but they also want to avoid the risk of infringing the GDPR and paying 4 percent of their global revenue, especially in cases where EU revenue fails to justify that risk.

June 28th: ‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short

At a glance: The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. But experts say much of that activity was for show because much of it fails to render companies compliant with GDPR.

June 27th: GDPR: It’s Just The Tip Of The Iceberg In Regulatory Change

At a glance: Many businesses today are simply not prepared for the rising tide of regulatory action that has become the new normal for businesses. On balance, the GDPR is a wake-up call, for it’s given businesses everywhere an opportunity to review and modernize their cyber risk practices to secure their digital futures. GDPR is just the tip of the iceberg — what’s most visible — of the regulatory change that’s coming.

June 12th: How The California Consumer Privacy Act Stacks Up Against GDPR

At a glance: While both the California Consumer Privacy Act and Europe’s General Data Protection Regulation address the collection of personal information by businesses, they are actually quite different. Here’s where they diverge and why the advertising trade orgs are lobbying like bandits to block the California act’s passage.

June 7th: Google Reverses Course On GDPR Consent Tool Limiting Publishers To 12 Vendor Partners

At a glance: Google is reversing its policy for its consent management platform (CMP) that initially capped at 12 the number of vendors a publisher can list in opt-in messages, following critical feedback from publishers and the ad tech industry. The platform now has no limit.

June 5th: Confessions of a digital agency exec: Marketers are shifting GDPR liability to agencies

At a glance: Pass the buck – once European regulators start enforcing GDPR, don’t be surprised if brands with non-compliant sites try to shift the blame to their agencies. In the latest in Digiday’s Confessions series, a digital agency executive whose company helps build Fortune 500 companies’ websites said brands make agencies contractually responsible for GDPR violations.

June 4th: Google Emerges as Early Winner From Europe’s New Data Privacy Law

At a glance: GDPR is drawing advertising money toward Google’s online-ad services and away from competitors that are straining to show they’re complying with the sweeping regulation. Why? Google is gathering users’ consent far faster than its smaller competitors who have less resources.

June 1st: Privacy International probes ‘hidden’ Acxiom practices

At a glance: Acxiom is facing scrutiny over its data practices after Privacy International named the business as one of the key targets of a new campaign which will investigate what it brands “the hidden data ecosystem”. According to Privacy International, this “comprises thousands of non-consumer facing data companies – such as Acxiom, Criteo, Quantcast – that amass and exploit large amounts of personal data”.

May 30th: The Washington Post puts a price on data privacy in its GDPR response — and tests requirements

At a glance: Some U.S. publishers have blocked visitors from the EU to their sites rather than comply with GDPR. The Washington Post has gone an extra step and put up a paywall for EU visitors, upselling them to a $90 a year “premium EU subscription” in exchange for no ads  — and the privilege of not having their data tracked. The premium subscription is $30 more than the cost of a basic online subscription to the Post.

May 28th: Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR

At a glance: The Verge reports that on the first day of GDPR enforcement, Facebook and Google have been hit with a raft of lawsuits accusing the companies of coercing users into sharing personal data. The lawsuits, which seek to fine Facebook 3.9 billion and Google 3.7 billion euro (roughly $8.8 billion in dollars), were filed by Austrian privacy activist Max Schrems, a longtime critic of the companies’ data collection practices.

May 25th: GDPR zero hour: Now the hard work begins say experts

At a glance: Deputy Information Commissioner Steve Wood tells Decision Marketing: “May 25 is not the end, it is the beginning, and the important thing is that organisations take concrete steps to implement their new responsibilities – to better protect customer data. There isn’t a deadline in the sense that if organisations aren’t compliant by today, then they’ve missed their chance.”

May 25th: GDPR: US news sites blocked to EU users over data protection rules

At a glance: A number of high-profile US news websites are temporarily unavailable in Europe after new European Union rules on data protection came into effect. The Chicago Times and LA Times were among those posting messages saying they were currently unavailable in most European countries.

May 25th: Biggest brands will lose the use of 43 percent of EU audience data after GDPR say media buyers

At a glance:  Senior media buyers for hundreds of the world’s biggest brands are predicting 43 percent of EU consumer audience data will be unusable after the General Data Protection Regulation (GDPR) comes into force today. The research by contextual technology leaders, Vibrant Media, found that some of the problems brands are reporting include: low opt-in rates to email databases; slow uptake to review and set communications preferences; low traffic rates to websites so explicit consent can be attained; and a lack of confidence in the adequacy of GDPR compliance.

May 25th: Sourcepoint launches Consent Management Platform

At a glance: Sourcepoint has launched a Consent Management Platform to help publishers navigate compliance. The CMP is fully compliant with the IAB Consent Management Framework, as well as non-IAB vendors, and is compatible with DoubleClick for Publishers, allowing publishers to not only gather consent signals but to also understand how to drive monetisation for all users.

May 24th: Apple launches new Data and Privacy website ready for GDPR

At a glance: Apple has launched a new Data and Privacy website in order for the company to better comply with the new GDPR rules. While the service is available in the EU right now, it’s expected to be released worldwide in the coming months.

May 24th: Google Plans To Join The IAB Europe GDPR Framework, But The Devil Is In The Details

At a glance: Google plans to register for the IAB’s GDPR Framework but there are still important, unknown details – like how long before Google resolves its discrepancies with the IAB, or whether it will join only as a vendor or incorporate its consent opt-in service, Funding Choices, as an IAB-registered consent management platform. Questions remain, but it’s progress. Of a sort.

May 23rd: The best GDPR stats & surveys we’ve seen

At a glance: All the latest stats compiled across industries, sectors and platforms. One standout figure is that nearly half of UK marketers are already preparing for fines and putting money aside for such an eventuality.

May 23rd: No one’s ready for GDPR

At a glance: The Verge describes how very few companies are going to be 100 percent compliant on May 25th. Indeed, even MPS and the regulators themselves aren’t ready. But don’t panic, it says, as the general assumption is that when the deadline hits, European regulators will treat it as a soft opening.

May 23rd: GDPR Summit London

At a glance: If you’re having sleepless nights wondering whether you will be investigated or even fined, then the next GDPR Summit London is your chance to meet and listen to over 30 Data Protection experts all in one venue. Date: 25th June, Bishopsgate.

May 22nd:  Most GDPR emails unnecessary and some illegal, say experts

At a glance: Businesses are not required to automatically ‘repaper’ or refresh all existing 1998 Act consents in preparation for the GDPR, according to Toni Vitale, the head of regulation, data and information at the law firm Winckworth SherwoodVitale, before adding, “The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests.”

May 22nd: Google to Hold Talks With Publishers Over Their GDPR Concerns

At a glance: Google has agreed to meet with a group of publishers this week at four of its global offices to discuss their concerns about its preparations for GDPR. Ahead of the meeting, publishing trade bodies are still seeking written responses from Google to the seven questions they set out in their April letter. Those include questions on whether Google will be explicit about the purposes for which it requires consent from end users and how the company will seek publisher input if it makes further changes to its GDPR policies.

May 21st: WordPress poses another GDPR compliance headache for publishers

At a glance: It’s unclear how easy things will actually be for WordPress site owners. A lot depends on to what extent plug-in makers add the privacy information that sites will refer to when creating or updating their own privacy policies. However, many plug-in makers are individual developers or small companies that lack their own legal teams to advise them.

May 21st: Facebook’s interest-based ad targeting highlights GDPR uncertainty

At a glance:  There’s a debate to be had about Facebook’s position and whether it truly represents GDPR compliance. According to some observers, it’s not cut and dried.

May 21st: Information wars: How Europe became the world’s data police

At a glance: The EU’s rules for data privacy were once derided as restrictive, but after the Facebook scandal Brussels hopes they will help bring big tech to heel worldwide and become the de facto data protection standard, reports the Financial Times.

May 21st: MPs ‘as clear as mud’ about how to comply with GDPR

At a glance: Companies worrying about whether they have received the best advice over GDPR compliance are not alone, even British MPs appear to be at sixes and sevens, amid claims that a data protection training programme – run by an external “GDPR specialist” – has advised them to delete years of casework.

May 21st: eBook: A Publisher’s Guide to GDPR Compliance

At a glance: A proper GDPR audit should go beyond first party software on a publisher’s website and should include third party services in Ad Tech and MarTech stacks for a thorough inspection. This ebook also sheds some light on where online media will go after GDPR takes effect.

May 18th: Europe’s GDPR rules mean big changes for businesses in Canada

At a glance: GDPR isn’t just a European wide issue – it affects companies from all around the globe. In short, If your business has clients, customers or website visitors in the European Union, you must be in compliance with the GDPR.

May 17th: Five Final Checks To Ensure GDPR Compliance

At a glance: Forbes’ cybersecurity beat reporter outlines the five key checks you need to ensure GDPR compliance in advance of next Friday’s deadline (25th).

May 17th: A practical guide to the European Union’s GDPR for American businesses

At a glance: This useful guide from Recode gives US businesses operating or serving customers in the EU an overview of what the GDPR means for them and its accompanying responsibilities. It’s getting a bit late in the day though.

May 16th: What to do if total GDPR compliance is impossible

At a glance: Instead of obsessing over the impossibilities, focus on what you can control: understanding your data deeply — what it is, where it is, where it’s going and what its limitations are. Only by getting to know your data better than ever will you be as equipped as possible.

May 16th: GDPR: What future for first, second and third-party data

At a glance: Companies will need to be far more transparent about the data they collect and how it will be used. And they will generally be forbidden from forcing users to agree to sharing of their data by denying them the ability to use their services if they refuse to opt-in to unnecessary sharing.

May 16th: GDPR and email marketing: Everything’s gonna be all right

At a glance: If your email marketing is on-point, offers your subscribers value, uses the most engaging language possible (including good subject lines), your subscribers will trust your brand, engage with your emails and be glad to hear from you. In fact GDPR is encouraging brands to build trust with their subscribers, which they should’ve been endeavoring to do all along.

May 15th: It’s not too late to get GDPR ready

At a glance: Not yet GDPR ready? Don’t panic. GDPR compliance is a work in progress. Becoming fully compliant with all the obligations is a tall order. As long as companies can demonstrate a serious approach to GDPR implementation, regulators have said publicly they will allow some leeway to adjust to the new framework.

May 14th: 10 Unintended Consequences of the GDPR

At a glance: A must-read article on the unintended consequences of GDPR, not least the supposition that ‘big publishers will be the first victim of GDPR’ and that the Regulation will simply strengthen Google and Facebook’s hand.

May 14th: GDPR – a checklist for publishers

At a glance: Publishers’ trade association, FIPP, has produced a checklist for publishers to ensure they’ve implemented and interpreted next week’s GDPR guidance properly.

May 11th: GDPR final consent guidance is published – with a warning

At a glance: The last piece of the GDPR jigsaw – the Information Commissioner’s Office’s guidance on consent – has finally been put in place, with a warning that companies embarking on a barrage of repermissioning emails could be wasting their time.

May 11th: European marketers see GDPR hurting audience targeting 

At a glance: A survey by Digiday has found that marketers’ most common fear about the General Data Protection Regulation is a decreased ability to target consumers.

May 11th: GDPR scrambling has spawned a swell of data protection ‘charlatans’ 

At a glance: The widespread hand-wringing caused by the last-minute scramble of businesses ahead of the May 25 GDPR deadline is fueling a cottage industry of GDPR experts and consultants. Not all are qualified to do so and are peddling ill-informed advice.

May 8th: UK: Final GDPR Guidance to be released imminently

At a glance: The Information Commissioner’s Office (ICO) will release its final consent guidance this week. With just over two weeks left before the deadline of May 25th, the decision to publish final guidance at such a late stage can best be described as troubling.

May 8th: Europe’s General Data Protection Regulation is coming May 25. How have news publishers prepared?

At a glance: Publishers still have granular questions over interpreting parts of the law and around how rigorously the EU will enforce these rules come May.

May 8th: GDPR claims its first victims

At a glance: Already, a few companies have decided that the burdens of GDPR compliance are too much to bear and are shutting part or all of their businesses. In addition, according to a survey of 400 US companies published last week, many firms are still confused about GDPR and 52% are “still exploring the applicability of GDPR to their business.”

May 4th: How Axel Springer is getting consent for GDPR

At a glance: The largest German publisher, who own Business Insider and popular tabloid Bild, have been monitoring which kinds of messages drive more people to opt in, as well as the messages’ position on the page. The results: So far, the publisher’s readers are far more likely to give consent when they receive a fact-based static message, rather than a video message or one written in a tone that requests the readers’ support.

May 4th: Google’s GDPR consent tool will limit publishers to 12 ad tech vendors

At a glance: Publishers using Google’s default consent technology will only be allowed to pass data to 12 supply chain partners, including Google itself, SSPs, exchanges, ad servers, DSPs, DMPs, plug-ins, tracking and measurement tags and third-party data suppliers, sources told AdExchanger.

May 3rd: Key elements of GDPR for employers: Are you ready for the changes?

At a glance: It’s not just consumers that GDPR protects, it’s also employees. Firms need to place as much focus on this as other aspects of the legislation, not least because disaffected employees are more likely to take a swipe at former employers, with GDPR being one stick with which to beat them.

May 2nd: Publishers say they’ll use GDPR to shed ad tech vendors

At a glance: With the GDPR looming, ad tech partners that can’t guarantee compliance with publishers will be dropped fast. For instance, ad tech companies must be able to tell travel publisher Lastminute.com’s sales team how their technologies track readers legally under the regulation; otherwise, they won’t be able to access its inventory, according to Lastminute.com.

May 2nd: The GDPR Racket: Who’s Making Money From This $9bn Business Shakedown?

At a glance: The crux of GDPR is about putting the power of data back in the hands of consumers, giving us a better understanding of where our data is and what it’s being used for. But there’s a dark side to GDPR – the multi-year, multibillion-dollar, Herculean racket that GDPR has become.

May 2nd: Four Publishing Trade Groups Criticize Google’s Ad Policy Change in Letter to CEO

At a glance: The three areas highlighted in the letter that pose the most concern for the trade groups are Google’s Controller Terms, responsibility of obtaining legal consent, and the complete placement of liability of consent on the publisher and not on Google. They’re not wrong.

May 1st: YouGov is pitching its GDPR-compliant blockchain targeting tool as a ‘boon’ for publishers

At a glance: Market research giant YouGov is readying a blockchain solution that will allow EU consumers to choose which data they share with brands; a move that will not only help it preserve its nascent digital ad network post-GDPR, but one it’s pitching as a “great boon” for publishers too.

May 1st: Nearly half of UK businesses expect to be fined for GDPR non-compliance

At a glance: According to research by Ensighten, nearly half of UK businesses expect to be fined for GDPR non-compliance. 61 per cent of respondents would also apply for an extension on the deadline if they had the choice, due to mounting fears that they will not meet GDPR requirements in time.

April 30th: Google and GDPR hand publishers a hard choice

At a glance: Publishers face an unexpected bind. Google operates DoubleClick Bid Manager and DoubleClick for Publishers, platforms nearly every publisher on the planet uses at some point or another. So declining Google latest terms could provoke catastrophic financial consequences.

April 30th: Super Monday Night Combat will close down, citing EU’s new digital privacy law

At a glance: One of the first victims of GDPR is Super Monday Night Combat, the multiplayer online battle arena by Uber Entertainment. It’s closing down for good next month, saying the cost of complying with GDPR is too high to keep going.

April 30th: The 7 stages of GDPR grief

At a glance: The deadline for GDPR compliance is fast approaching, and it’s very likely that, in the early days of enforcement, large enterprises engaging in annoying and ruthless data marketing will be made an example of. Get your house in order before it’s too late.

April 27th: GDPR: 15 (good & bad) examples of repermissioning emails & campaigns

At a glance: Econsultancy, one of the most respected titles around, has produced a great guide to repermissioning campaigns with some superb examples (as well as pointing out some of the poorer attempts and what to avoid).

April 27th: GDPR: A New Road, Not a Roadblock

At a glance: Done right, GDPR introduces the possibility of a more meaningful, trust-based relationship between business and consumer. Under the legislation there are still mechanisms that will enable companies to use the personal data they gather from their customers.

April 27th: GDPR Too Close, Half of Global Companies Not Ready

At a glance: One month away, GDPR has more than half of global institutions frazzled over compliance. According to the legal professionals who participated in the survey, one of the Achilles’ heels for compliance preparedness is third-party vendors.

April 26th: Facebook warns GDPR could flatten or reduce European user count

At a glance: Facebook CFO David Wehner yesterday warned that “we believe MAU (monthly active users) or DAU (daily active users) might be flat or down in Q2 due to the GDPR rollout.” He also said that while Facebook doesn’t expect a significant impact on ads from GDPR, there may be a slight impact and it “will be monitoring for that”.

April 26th: Google’s Gmail gets self-destruct option ahead of GDPR

At a glance: Google’s email service is adding the option to allow messages to become inaccessible after a set time as it prepares for tougher data privacy laws. A new “confidential mode” can also be used to stop recipients being easily able to forward, copy, download or print correspondence sent via Gmail. The new facilities are part of a wider revamp of the cloud-based service.

April 25th: One month sprint to GDPR: 5 things to do now if your business isn’t prepared

At a glance: An excellent piece on The Drum looking at what marketers and publishers can do if they haven’t yet prepared for GDPR. Spoiler alert: there are a lot. The overriding message is that it’s ‘not too late, but get a move on’.

April 24th: Google CEO tells investors not to worry about Europe’s upcoming privacy rules

At a glance: When asked whether the new GDPR rules would impact advertisers’ targeting abilities, Google CEO Sundar Pichai emphasized that Google still makes most of its money from search advertising, where the effect of personalization is minimal. However, Pichai’s answer skips over the other 20 percent of its advertising revenue, which comes from its Network Members’ properties.

April 24th: Tech firms could face new EU regulations over fake news and data mining

At a glance: EU security commissioner says new regulations may have to be brought in if tech firms fail to tackle issues voluntarily. The code would include a pledge for greater transparency, including algorithm transparency. Not surprisingly, the proposed regulations have been criticised for undermining freedom of expression.

April 23rdEurope’s new privacy rules are no silver bullet

At a glance: EU national watchdogs still face an uphill struggle to come to grips with their expanded regulatory role at a time when most of their budgets are still relatively small and they remained understaffed. According to Politico, Europe’s expanded privacy standards also will do little to stop companies from harvesting personal data.

April 23rdNine top GDPR tips for email marketing

At a glance: IT Pro’s must-read article underscores the need for marketers ‘not to panic’ and not ‘to try and re-obtain consent from their lists for life-long messaging’. According to Skip Fidura, Dotmailer client service director and non-executive director at the Digital Marketing Association, this is an unnecessary effort. 

April 20th: Global brands commit to go beyond GDPR compliance

At a glance: The World Federation of Advertisers – which represents the likes of Unilever, Mars, Shell and Danone – is launching an initiative to create a data ecosystem that properly respects consumer choices and their right to control their own data and goes way beyond the requirements of GDPR.

April 20th: Facebook moves 1.5bn users out of reach of new European privacy law

At a glance: Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally. Facebook will continue to book revenue through Facebook’s Irish office, but for privacy protections, users will deal with the company’s headquarters in California.

April 20th: The GDPR is spooking location-targeting companies

At a glance: Advertisers want to use location data in ad targeting, but they’re finding the coming enforcement of the General Data Protection Regulation is throwing a wrench in those plans. Some ad exchanges, for example, are reducing and redacting the information made available via their logs, according to some ad tech executives speaking to Digiday.

April 19thData experts on Facebook’s GDPR changes: Expect lawsuits

At a glance: An article in TechCrunch concludes that Facebook is ‘seeking consent from users in a way that’s not fair because it’s manipulative (which) means consent is not being freely given. Under GDPR, it won’t be consent at all.’ The piece emphasises why it’s important to comply with the spirit of GDPR, not just the technicalities.

April 18th: The GDPR is coming and will change Facebook ad targeting

At a glance: Facebook will no longer be able to process news feed posts for ad-targeting purposes, unless those posts are marked “public” or “friends of friends” because they tend to include what the GDPR defines as “special categories of data,” according to sources. Ethnicity, religious beliefs, political affiliation and sexual orientation are the kinds of data defined as special categories.

April 18thReport: Only 34% of Websites in the EU are Ready for GDPR

At a glance: vpnMentor ran a test of over 2,500 websites in the EU that will need to follow the new GDPR regulations and found that as little as 34% of websites are currently compliant. Most of the websites they checked either had old privacy policies, and in some cases no privacy policy at all.

April 17thFirst WhatsApp update since Facebook privacy scandal will make a huge change to your messaging

At a glance: According to a report on WABetaInfo , the latest version of WhatsApp for Android (2.8.113) will allow users to redownload older media files from the company’s servers. But it only seems to go back so far – beyond that users will be given a message asking the sender to re-send the media in question. According to Ian Woolley of Ensighten, “If WhatsApp, with the backing of Facebook, can’t easily provide access to a user’s historical content what can we expect of companies when it comes to even more complicated user consent compliance?”

April 17th: WTF is the CONSENT Act?

At a glance: Meanwhile, waiting in the wings in the U.S. is the Consent Act which has many parallels with GDPR. Its chances of making it through Congress are rated as ‘slim’ but following the Facebook uproar there may be renewed appetite among U.S. lawmakers for this to be ratified into legislation.

April 16thDenham confirms GDPR hotline gets 500 calls a day

At a glance: If you need to call the regulator’s hotline (0303 123 1113 UK | +44 1625 545 700 RoW) don’t leave it too late. They are already getting 500 calls a day, with a wait time of half an hour.

April 16thProg IO San Francisco: What Will Be The Fate Of Third-Party Data After GDPR?

At a glance: The spirit of GDPR is clear, but what that means practically is still unclear according to some participants at last week’s AdExchanger Programmatic I/O in San Francisco. A key event takeaway is that third party data hasn’t been killed stone dead, rather, “the data will just have to get cleaner out of necessity.”

April 16thGoogle’s GDPR approach raises publisher concerns

At a glance: Further fallout from last week’s announcement that Google intends to become a controller of all the data on a publisher’s site. Not for the first time, publishers are viewing the move as “a commercial agenda that whilst wrapped up in a GDPR and privacy-language narrative, looks very much like large vendors seeking to steal ground.”

April 13thGoogle to publishers on GDPR: “Take it or leave it”

At a glance: Google’s proposed GDPR terms claim that it will be a “controller” of all the data on a publisher’s site (not just what they need to serve the ad). By declaring itself a controller over all the data on a publisher’s site, Google is asserting independent control of a publisher’s audience data. This is, essentially, a massive land grab by the already-dominant Google.

April 12th: What Does the EU’s GDPR mean for Blockchain?

At a glance: Publishers looking to make a foray into Blockchain could do worse than heed this warning from Washington DC think tank Coin Center, who say that blockchain technology may be ‘fundamentally incompatible with Europe’s new privacy laws’.

April 11thGDPR: UK watchdog promises ‘proportionate and pragmatic’ enforcement

At a glance: On Monday, the ICO’s Elizabeth Denham said she plans to stick with the ICO’s existing approach to enforcement when the GDPR begins to apply. She describes enforcement as “a last resort” and that “hefty fines will be reserved for those organisations that persistently, deliberately or negligently flout the law.”

April 10th: UK publishers are banding together to get clarity on GroupM’s GDPR policy

At a glance: Some publishers have concerns about what they regard as ambiguous terms in GroupM’s Data Protection Addendum, plus the agency group’s warning that it would likely cease trading with them if they didn’t sign the contract. A meeting has been organised in tandem with the AOP.

April 9th: Publishers Haven’t Realized Just How Big a Deal GDPR is

At a glance: In this outstanding missive, the author writes about GDPR as a concept in relation to media trends, and considers what this means for publishers’ editorial strategies. Spoiler alert: it’s big.

April 9th: A Tough Task for Facebook: European-Type Privacy for All

At a glance: Facebook has just promised to offer its users worldwide the same privacy controls as required under GDPR. To do this, it would need to provide its users with all the data that it has collected or created about them, including any categories, descriptions or assigned behaviour scores.

April 4th: DMA demands answers over threat to third-party data

At a glance: The DMA is calling on the Information Commissioner’s Office to provide urgent guidance on how third-party data will be affected by GDPR, amid growing concerns that the industry could be caught in the cross-fire from the ongoing Cambridge Analytica data scandal. The DMA says the ICO has published “very little guidance for marketers as to how they can buy, share and use third-party data under GDPR” and insists it is crucial that the regulator “addresses the concerns of the industry”.

April 3rd: Apple rolls out privacy features ahead of GDPR

At a glance: Apple will roll out four privacy management tools that will provide users the ability to obtain a copy of their data, request a correction of data and deactivate account or delete the account. The tools, which will be available on the Apple ID account page, will be introduced in the EU in May and later rolled out globally.

Ian Woolley, Chief Revenue Officer at Ensighten comments, “Tim Cook, CEO of Apple, stands out for his unequivocal commitment and advocacy of consumer privacy. Trusted brands, such as Apple, will be rewarded with greater levels of opt-in consent, which will enable them to further develop consumer insights and customised experiences. In contrast, brands with questionable, historical data practices will see low rates of opt-in consent, which will increase their customer acquisition costs. 

“In the new GDPR world it’s critically important for brands and publishers to understand that consumer trust is the new currency. Trust is built by design from the ground up, which includes how data is collected and shared within brands’ underlying website technologies, long before consent is ever granted.”

 

Related posts