"Will automated advertising techniques persist under GDPR regulations?"
The General Data Protection Regulation (GDPR), set to come into force on 25th May 2018, is set to revolutionise the digital marketing landscape. Here's what you need to know about adapting to programmatic advertising under GDPR.
GDPR aims to empower consumers by giving them control over their personal data. Consent for any type of data use must be freely given, specific, informed, and unambiguous. Pre-ticked boxes for consent are no longer acceptable under GDPR.
Businesses may not need active consent to contact customers about their contract, but they would need permission to market to them. Programmatic advertising, estimated to be worth $64 billion in 2018, may be significantly affected by GDPR. Cookie opt-in may not fulfill the requirement for informed or unambiguous consent under GDPR.
To comply with both GDPR and ePrivacy regulations in programmatic advertising, advertisers and platforms should take practical steps. Firstly, obtain valid, explicit user consent before collecting or processing any personal data or placing cookies and similar tracking technologies.
Secondly, implement transparent privacy and cookie policies that clearly explain what data is collected, how it is stored, processed, used, and shared, as well as the user’s rights, including how to withdraw consent.
Thirdly, apply data minimization and purpose limitation principles by collecting only data necessary for the specified advertising purpose and not using it beyond this scope.
Fourthly, secure data storage and processing, including encryption and protection against unauthorized access, along with rapid breach detection and reporting mechanisms.
Fifthly, keep detailed records of consent and data processing activities to demonstrate compliance if audited by regulators.
Sixthly, audit and verify third-party partners and vendors involved in the programmatic advertising supply chain to ensure they comply with GDPR and ePrivacy requirements, particularly regarding data sharing and processing.
Seventhly, avoid automated profiling without necessary safeguards, ensuring appropriate transparency, fairness, and the opportunity for users to contest automated decisions.
Eighthly, consider special protections for children’s data where applicable, aligned with additional codes such as the ICO Children’s Code in the UK.
By following these steps, advertisers and platforms can navigate the complexity of programmatic advertising while respecting user privacy and regulatory requirements under both GDPR and ePrivacy. Compliance with GDPR will increase trust between brands and consumers, leading to a more human-focused approach to marketing, with increased certainty over who is being targeted.
The right to erasure, a key principle of GDPR, allows individuals to request that their historic data be erased. Non-compliance with GDPR can result in fines of €20 million or 4% of annual turnover.
GDPR replaces the Data Protection Act introduced in 1998. Meanwhile, the Women in IT Awards is coming to the US for the first time on 22nd March 2018 in New York, and nominations are now open for the Women in IT USA Awards 2018.
Technology plays a crucial role in implementing GDPR's requirements, especially in programmatic advertising, due to the reliance on cookies and tracking technologies. Businesses must invest in technology solutions that ensure user consent is valid, transparent privacy policies are created, data is securely stored, and third-party vendors in the programmatic advertising supply chain are audited for compliance.
In the financial aspect, GDPR compliance may require significant investment in technology and resources, but it can lead to increased consumer trust and brand reputation, potentially driving revenue in the long run. Businesses should view GDPR as an opportunity to do better by adopting more human-focused and ethical approaches in their marketing strategies.
