What is GDPR

and how will it impact Digital Advertising?

The General Data Protection Regulation is an update to existing European regulation, that comes into effect on 25th May 2018. It's a broad, non-sector specific regulation and is designed to better protect and empower all EU citizens regarding the privacy and security of their personal data. It will reshape the way organizations operating in the region or interacting with individuals located in Europe approach data privacy and security.

ads-multichannel

How will GDPR impact me?

GDPR heightens the requirements for publishers and advertisers to inform users about how their data is used, and in certain instances it requires that users provide their consent before their data is collected and used. Therefore, companies participating in the online advertising ecosystem require greater control over which third parties can access their users' devices and browsers and use their personal data, and the ability to offer transparency to users on this, and if needed, gain, and pass on their users' consent.

learn

IAB Transparency and Consent Framework

The IAB Europe Transparency and Consent Framework offers a simple, industry-wide solution for companies that want to access and process the personal data of individuals within the EU after the GDPR is implemented. It offers a standardized method and language to use to describe the data being collected from users, which parties are collecting and using it, how that data is being used, and how users can exercise choice and control over that data.

Make your mark

The AppNexus Approach

AppNexus has always believed in the responsible and transparent collection and use of personal data and we have been working collaboratively with other industry participants as part of the IAB Europe GDPR Implementation Group. We have also developed a simple consent management platform (CMP) that publishers can use. Publishers can connect our CMP to a custom user interface (developed by them or a third party) or they can use a user interface being built by us.

IAB Transparency and Consent Framework

The IAB Europe Transparency and Consent Framework offers a simple, industry-wide solution for companies that want to access and process the personal data of individuals within the EU after the GDPR is implemented. The framework can be used by companies globally when they interact with users located in Europe and is designed to work across all formats (i.e. mobile and desktop).

It offers a standardised method and language to use to describe the data being collected from users, which parties are collecting and using it, how that data is being used, and how users can exercise choice and control over that data.

As critical as the IAB Europe's framework is, it's important to note its specific and limited remit. The framework creates technical specifications and pipes that enable publishers working in different countries and regulatory regimes to meet local transparency or consent requirements. It's designed to provide a standard infrastructure to pass information between publishers and their technology partners without imposing a single policy interpretation.

The IAB's framework has three key components:

1. A global list of third parties ("vendors")

global list of third parties ("vendors") that are accessing users' devices and collecting and processing users' data. This vendor list allows those third parties to make standardized disclosures about who they are, what data they collect, how they use it ("purposes") and what legal basis they rely on to use the data, among other disclosures. Publishers and advertisers can use this list to select the vendors they'll be working with to monetize their ad space, including enable targeting of their users.

2. A technical specification

technical specification providing companies with a means to build a standardized technical solution for how to surface a user interface designed to dialogue with consumers to provide transparency disclosures and obtain consent (where necessary) for approved vendors and their purposes; and how to store and pass on the information (through the OpenRTB protocol) about these approved vendors, their approved purposes and consumer related to the vendors.

3. A common policy and set of guidelines

common policy and set of guidelines all participants using the framework agree to follow, including requirements for publishers on how to inform consumers which vendors will be using their data (and get their consent where necessary) and dictating that publishers inform the vendors they work with that they've disclosed their presence and data usage intentions to their consumers and dictating how the vendors ingest and use that information and data.

As critical as the IAB Europe's framework is, it's important to note its specific and limited remit. The framework creates technical specifications and pipes that enable publishers working in different countries and regulatory regimes to meet local transparency or consent requirements. It's designed to provide a standard infrastructure to pass information between publishers and their technology partners without imposing a single policy interpretation.

The AppNexus Approach

AppNexus has always believed in the responsible and transparent collection and use of personal data. We believe that end users should understand how their data is collected and used to ensure a more relevant and engaging advertising experience. Users should also enjoy the full prerogative to opt out of this social contract with a digital publisher and their various partners.

To that end, we have been working collaboratively with other industry participants, as part of the IAB Europe GDPR Implementation Group, and together with the IAB Tech Lab on these issues.

We believe a privacy-safe internet is a better internet because it respects the fundamental right of individuals to the protection of their personal data; brings regulators and companies together in collaboration; and brings greater transparency to the digital ecosystem.

AppNexus GDPR
Consent Management Platform

We built a reference implementation that our clients, partners and external companies can use to start building their own solutions. That said, we haven't ruled out providing our own full-scale CMP if demand for it remains.