The European Union has presented a stricter programme for data protection across Europe with the General Data Protection Regulation (GDPR) and the revised ePrivacy Directive. Especially in times of extreme data leaks and cyber attacks, there is no objection to be raised against better protecting consumer data and privacy levels. Yet, the digital industry is still not sufficiently prepared for the new regulations which become valid from May 2018 onwards.
ePrivacy Directive Unsettles Digital Industry and Consumers
It was only in June that the second draft of the ePrivacy Directive was published. The new directive could even override the basics of digital marketing. Since then, a lot of industry representatives in Brussels have been seeking to put off the go-live date of the directive. As is well known, however, postponement doesn’t mean cancellation, and we’ve already seen how unyielding the European Union can be. This new second draft has been significantly tightened compared to the first version. So what is the core issue?
Blocking Cookies Cannot be a Sustainable Solution
What may be a nice gimmick from a browser provider’s point of view, with which they can display the attractiveness of their model compared to the competition, does not provide a satisfactory answer to the question: How can we deal with cookies in the future? Blocking the way is not a solution at all; it simply suppresses the problem, in the truest sense of the word. From the viewpoint of advertisers and publishers, cookies are essential. They form the basis for precise targeting. And even from a consumer point of view, cookies create added value that most would only see by taking a second look: Personalised advertising is relevant. It is arranged in terms of content, time and location according to the user’s context. To make this technically possible, the entire online industry has been investing heavily in digital advertising technology for many years.
Do we really want to make a U-turn and annoy consumers with flat, impersonalised and unappealing advertising messages? That would be the beginning of the end of digital advertising. What remains is just the utopia of an online world without advertising, yet this idea is naïve given the size of the advertising industry. In the US alone, approximately 120 billion dollars will be spent on online advertising by 2021. Digital advertising is an industry in itself and online business without advertising just does not work.
Check Compliance with ePrivacy Directive Now
Advertisers should not hope to postpone or diminish the ePrivacy Directive. This is why it’s now the time to take the necessary steps to ensure compliance with it. The focus should be on the technology used for digital advertising campaigns. If you have outsourced your ad servers to partners, consult with your technology partner using the following checklist. If you run your own ad server, the questions are of course just as applicable for your own organisation and the underlying technology.
- What user data is collected, processed, and, if necessary, shared when using the technology?
- Is the IP address of users also recorded and processed?
- Are user profiles created with the inclusion of personal data or the IP address?
- Where is the data processed?
- How long is the data stored?
- What is the legal basis for processing?
- Are affected users allowed to exercise their right to information, their right to have data deleted and have a possibility to appeal?
- What organisational and technical measures have been taken concerning data protection?
- The ePrivacy Directive makes provisions for technical design and default privacy settings such as ‘privacy by design’ and ‘privacy by default’. Have the appropriate measures been set or are they set to come into force?
The bottom line: The new EU legislation on data protection requires a more stringent handling of consumer data. Even if the precise details of the ePrivacy Directive have not yet been finalised, advertisers should start preparations now for the new legislation. Using our checklist, you can create an initial overview and review the compliance level. If you have any further questions, please do not hesitate to contact me as a data protection officer at adverserve – just send me an email!