With GDPR a little over one month away, many companies are in the throes of achieving compliance and also looking beyond May 25. GDPR questions about “what happens now, and what happens next” were certainly top of mind for speakers on the RampUp 2018 panel, It’s About More Than Just Privacy: Trust And Ethics:
While we can’t predict the future, there are certain ways in which GDPR will change the relationship between people and companies and the technology landscape as it exists today. Watch the video above for some answers to your GDPR questions, or keep reading as we dive deeper and provide five GDPR questions and answers into how we expect GDPR to impact you and your marketing.
- For companies without a direct relationships to with users, are changes to the definition of consent changing how companies ensure consent is collected?
Answer: Yes. For companies without a direct individual data subject relationship, GDPR has hardened the requirements to obtain valid consent. Consent, under GDPR, must be fully unbundled from other terms and conditions and will not be valid unless freely given, specific, informed, and unambiguous.
As third-party players, we are reliant on upstream partners who do have the direct data subject relationship to create sufficient transparency and corresponding valid consent to address the downstream transfer and use of digital data.
We are hopeful that draft ePrivacy Regulation can be updated to include Legitimate Interest legal grounds for processing. This puts the accountability of appropriate and ethical data use on the processor of data and enables the digital marketplace to deliver benefits along with a better data subject experience.
- What will disappear with GDPR and what type of companies will disappear?
Answer: We think there will be a contraction of the third-party martech/adtech space because publishers and agencies will likely reduce the number of partners they work with in order to manage GDPR compliance. However – there is a beginning “rationalization” of how the marketplace, economy, and job creation works – so we expect a rebound in the market. Despite the concerns, GDPR will improve digital operations and create opportunities for better ethical uses of data in the value chain.
- Are there business models that fundamentally cannot work in the data ecosystem as they have previously worked under GDPR?
Answer: One of the trickiest aspects, until there is a rationalization that addresses this, is the area of mobile geo-location data. Entities that rely on this data have challenges in the development of a durable legal grounds to process.
- Is anything being worked on from a legislative standpoint on mobile location data that those who currently use it should be aware of?
Answer: Yes—the ePrivacy Regulation, which will replace the previous directive commonly called the cookie law, and complement GDPR in the area of online identifiers (e.g., devices, browsers, cookie identifiers, IP address). While the regulation is still not final, its expansion will require companies to stay aware of its implications when adoption takes place.
- How can GDPR cause the industry to come together to coordinate on opt-ins when there is just over a month before it comes together?
Answer: The short answer is “work fast.” A better answer is that there are several commercial solutions available, as well as from industry groups, Including the IAB EU.