GDPR Information for Publishers

Mar 7, 2018
Share on facebook
Share on twitter
Share on linkedin
Share on email

You may be aware that Performance Horizon was part of a group of partner marketing solution providers that sent a communication to EU-based publishers last week regarding GDPR. GDPR is a very important topic for all marketers, including partner marketers. Given that, we have also published the same letter below.

GDPR.jpg

Dear Publisher,

As you may be aware the GDPR (General Data Protection Regulation) comes into force on 25th May 2018. Due to the importance of complying with the regulation, a number of UK affiliate companies have collaborated to ensure you receive clear, industry-wide guidance and a consistent message from companies you work with.

Those companies are; affilinet, Awin, CJ Affiliate, Impact Radius, Optimise, Performance Horizon, Rakuten Affiliate Marketing, Skimlinks, Tradedoubler and Webgains.

What is the GDPR?

The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of personal data across all EU markets. Think of it as a new set of data laws fit for the digital age.

It replaces current national data protection laws and the existing EU data protection framework. The GDPR is designed to give consumers more control of their personal information and applies identically across EU. Regardless of the UK’s future relationship with the EU, the British Government has stated it intends to implement the legislation equally alongside EU member nations. Significantly, the GDPR introduces increased sanctions; organisations can be fined up to €20m or 4% of annual turnover (whichever is greater) if they breach the law.

The New Rules

We’ve selected the areas of the GDPR we believe are most relevant at the present time for the affiliate industry. However, it is important to familiarise yourself with the full details as there are many more implications that need to be understood. In addition, we have provided useful links at the end of this communication.

1. Personal Data

Consumers’ personal data sits at the heart of the GDPR and the classification of personal data is broadened under the GDPR. This means data the affiliate industry relies on that is not currently considered personal data may under the GDPR now be classified as such. Whilst a definitive list of personal identifiers does not exist for affiliate marketers, we can safely assume it will include information such as cookie IDs, customer numbers, IP addresses, device IDs etc. These are identifiers that many networks and platforms capture as part of their standard tracking.

Publishers using affiliate tracking will therefore have an obligation to ensure they are legally compliant with the new regulation.

2. Legal Basis for Processing Personal Data

Businesses will require a legal basis to process personal data. There are six legal bases available; the two most commonly used in the digital advertising sector are consent and legitimate interest. 

Legitimate interest is distinct from consent. According to the ICO, “It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. Should a business choose legitimate interest they have to be confident in demonstrating this as an appropriate legal basis.

Where consent is considered necessary the Information Commissioner’s Office (ICO) states, “Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build customer trust and engagement, and enhance your reputation”.

“Contract” is also a legal basis which may be applicable in some cases. It refers to instances where there are specific contract agreements in place between a business and its customers (data subjects) which allow the business to collect and process personal data. Some publishers (such as cashback businesses) may well have such agreements in place with their users.

Given the diverse nature of the affiliate channel and the variety of digital channels affiliates use to generate sales, it is difficult for networks to offer recommendations. Where prescriptive requirements and necessary, individual networks will state this in due course.

You can find details of all the legal bases here.

3. The ePrivacy Directive

The ePrivacy Directive (Cookie Law) is largely associated with the banners and pop-ups seen when viewing websites that inform consumers about the use of cookies to track online activity. (The Directive also applies to email, SMS and call marketing consent, which are applicable to some businesses running affiliate campaigns).

The GDPR does not supersede the ePrivacy Directive, rather it runs concurrently. This Directive is currently under review to ensure it aligns with the GDPR, once finalized. A focus of the revision is to improve transparency to consumers and introduce stricter opt-ins for cookies (and similar tracking technologies).  Under the existing ePrivacy Directive, the ICO has made clear consent is necessary for “cookies and similar technologies”. Thus, regardless of which legal basis is used for processing personal data under GDPR rules, the ePrivacy Directive remains in place meaning that unambiguous consent is required for the use of many cookies because the GDPR only considers consent sufficient if it is “unambiguous”. This means that publishers should be reviewing their consent mechanisms along with ICO guidance and making changes accordingly.

4. An Industry Consent Solution

Given the potentially significant impact on all forms of online advertising the industry has collaborated to create general standards and approaches. In November 2017 IAB Europe announced a technical standard for online consent and industry stakeholders are building a consent tool which is intended to ensure GDPR and ePrivacy Directive compliance in time for the May deadline. Please sign up for updates here.

If you choose to feature a consent solution on your website you may be able to use free versions that are available online. A number of businesses are developing consent tools; we advise you assess other possible consent solutions appropriate for your business. There are a variety of options and tools available online and we advise that solutions should be assessed to ensure they can be implemented to comply with the regulations.

In addition to this the collective of businesses listed above are here to offer support.

5. Next Steps Checklist for Publishers

  • Publishers should assess how GDPR impacts their business and document the measures taken to comply with the rules.
  • Publishers should pay attention to ensuring transparency to consumers and decide the most appropriate legal basis for collecting and processing personal data from site visitors.
  • Publishers should assess and upgrade privacy policies and cookie notices to provide transparency and upgrade consent capture.
  • Publishers should seek their own legal advice. This communication should not be read as legal advice.
  • Publishers should refer to their individual affiliate networks and platforms for any specific guidance or requirements to comply with GDPR.

The GDPR signifies changes that all businesses will have to make and the impact on the industry at this stage is uncertain. However, these impacts can be mitigated with demonstrable understanding, effort and measures to comply with the rules. Whilst the deadline is 25th May 2018 it marks the start of this new age of data privacy.

It is important that you understand your obligations as a business for the GDPR and make any necessary amendments to be compliant.  Please do review the links below for more information and consider following our advice above.

 

Useful Links:

ePrivacy Directive IAB factsheet: https://www.iabuk.net/policy/briefings/iab-factsheet-eu-eprivacy-regulation

IAB GDPR Hub: https://www.iabuk.net/gdpr-hub

ICO Guide to the GDPR: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

ICO Guidance on Data Controllers and Data Processors: https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-processors-dp-guidance.pdf

IAB consent mechanism: https://www.iabeurope.eu/policy/gig-working-paper-on-gdpr-consent/

Recently added
Hot topics
General (76) Technology (50) Company News (48) Partnerships (44) Partner (43) Events (39) Retail (38) Data (35) Affiliate (35) Business Considerations (28) Ecommerce (17) Awards (16) Data Driven Marketing (15) Product (13) Travel (12) Research (11) Training & Education (11) Southeast Asia (10) partner marketing (9) Affiliate Trends (8) Pixel Tracking (7) Product News (6) Guest Blog (6) Finance (6) Holidays (6) Partnerize (5) Considerations (5) Influencer Marketing (5) AI (5) Fraud (5) Support (5) Agencies (4) Affiliate Awards (4) Optimisation (4) Round-Up (4) Mobile (4) Influencers (3) CMO (3) Tracking (3) Automation (3) Black Friday (3) Holiday (3) Insurance (2) Migration & Deployment (2) Acquisition (2) Commissions (2) performance partnerships (2) Charlotte Tilbury (2) DADI Awards (2) Performance Marketing (2) Apps (2) Cyber Monday (2) Single's Day (2) Webinars (2) Charlotte Tilbury Magic Makeup Stars (2) Influencer Awards (1) Magic Makeup Stars (1) Partnership Software (1) Technology Awards (1) Business Awards (1) Top 1000 British Companies (1) digital marketing (1) holiday shopping (1) partner strategy (1) partner program management (1) Drum Awards (1) performance program management (1) q4 (1) CEO (1) Partnership Growth Index™ (1) Banking (1) Client Win (1) partner growth (1) Best use of Affiliate (1) Dealmoon (1) 2021 predictions (1) Artificial Intelligence (1) Machine Learning (1) S2S (1) Apparel (1) Millennials (1) Safari (1) Case Study (1) ROAS (1) Career (1) OR19 (1) SEO (1) Agency (1) Platform (1) direct relationships (1) Chinese Shopping Calendar (1) Chinese Valentines Day (1) Charity (1) Privacy (1)

Can't find what
you're looking for?

Request a demo

REQUEST A DEMO

Director of Sales Operations

15

SVP and Head of Partnerships

23

Director of US Integrations in Customer Success AMR

104

Partner Growth Manager

217

Vice President Of Operations in Strategic Technology

28

Head of Affiliate, Student Beans

734

Director of Marketing

6

Partner Marketing Manager

17

Customer Success Manager in Customer Success APAC Singapore

731

Marketing Director - Americas

7

Customer Success Manager APAC

19

Director Of Partnerships

22

Customer Success Director APAC

21

Customer Success Director EMEA

32

Client Services Manager

24

CEO and co-founder

8

Chief Product Officer

276

Senior Product Marketing Manager

103

Director of Marketing Strategy & Operations

4

Marketing Manager Americas

30

Head of Finance Operations

27

Principal Integration Engineer

25

Enterprise Sales Executive

26

Marketing Manager

18

Senior Channel Partnerships Manager

20

APAC Marketing Director

9

VP Revenue in Sales EMEA

275

Head of Deployment

5

Head of Client Services & Integrations for APAC

16

Marketing Coordinator APAC

14