Privacy and data protection rules play an important role for the digital advertising industry as delivering relevant advertising and measuring its effectiveness requires the processing of data. Processing data is crucial for digital advertising to be efficient in funding digital content, services, and applications, making them widely available at little or no cost, as well as driving growth within the digital economy.
The ePrivacy Directive (Directive 2002/58/EC), also nicknamed the “Cookie Directive” because of its rules on storing and accessing data on a users’ device, such as so-called Internet cookies, is a directive primarily regulating the processing of personal data in the electronic communications sector, i.e. by telecommunications providers.
The proposed Regulation would also mandate browsers and other software to provide the option to actively prevent data collection through cookies et al., and to force users to make a choice as to their preference during set up. This would be the case not just for web browsers, but for any application or device which can connect to the internet.
For more information on the political and legal aspects of the proposal, check out IAB Europe’s ‘Cookie Regulation FAQ’.
On 27 April 2016, the European Union adopted the General Data Protection Regulation (“GDPR”).
The GDPR will become directly applicable law in the European Union (“EU”) and
European Economic Area (“EEA”) on 25 May 2018, superseding national data protection laws currently in place.
The GDPR will not only apply to companies based in the EU but also to companies all over the globe offering goods and services to people based in the territory of the Union, or monitor the behaviour of individuals located within it. Data protection law regulates the processing of personal data, defined broadly as any information that relates to an identified or identifiable natural person, which may include amongst others online identifiers that can be used to single out a natural person, for example for digital advertising purposes.
The GDPR grants data protection authorities the power to levy significant administrative fines against businesses found in breach of the law. Depending on the severity of the infringement fines can go up to € 20,000,000 or 4 per cent of a company’s annual global turnover – whichever is higher.
The GDPR Compliance Primer May 2017
The GDPR Compliance Primer Working Paper has been developed by the IAB Europe GDPR Implementation Working Group.
IAB Europe’s GDPR Implementation Working Group brings together leading experts from across the digital advertising industry to discuss the European Union’s new data protection law, share best practices, and agree on common interpretations and industry positioning on the most important issues for the digital advertising sector.
We would like to extend a special thank you to IAB Europe and Improve Digital for taking the initiative on this working paper.
IAB Ireland Member: Mason, Hayes & Curran have produced the following very useful Guide:
The office of the Data Protection Commissioner in Ireland has developed the website: gdprandyou.ie which has guidance also for different sectors on how to plan for compliance.