The General Data Protection Regulation (GDPR) is imminent – companies must have implemented the legal requirements of the GDPR for the processing of personal data by 25 May 2018. The effects of this continue to cause a great deal of unrest. We as ADITION can announce in the run-up to the GDPR that we are “GDPR ready”!
However, this is not the end of the story. Various changes also have to be made on the customer side, which is why we would like to highlight some information on our GDPR implementations here:
Site operators should make sure that they offer their own, customer-specific OptIn/Out for their ADITION network on their disclaimer pages and inform the end user in detail about the purposes for which the ADITION adserving technology is used.
On Tuesday, May 15th, we will publish another release. You will then find your individual network-specific OptIn/Out tags at /NetworkSettings/Privacy.
It should also be noted that the links previously used by OBA will cover the requirements of the GDPR from 25 May.
For questions regarding network specific OptIn/Out, please contact the ADITION-Support.
Allowance of the DoNotTrack-Headers within a request
If a DoNotTrack Header (DNT=1) is included in the request, all cookies except the OptOut cookie will be deleted.
There is no access to user-related data.
Uniform handling of OptOut variants in the request
The use of a DoNoTrack header (DNT=1) or an OptOut means that user-related data is no longer accessed. For all OptOut variants, frequency capping is not supported.
Due to possible deletion instructions for CookieIDs, conversion reports containing them will be automatically deleted one month after creation. Reports can be recreated at any time, which sets a new deadline. It is also possible to export reports and save them locally.
Note: This provision does not apply to reports that were prepared before the GDPR came into force.
As a technical service provider, ADITION processes personal data such as IP addresses and identifiers (cookies) on behalf of its customers, for which the conclusion of an Personal Data Processing Agreementin accordance with article 28 EU GDPR is required.
Not: Anyone who has so far failed to sign a corresponding Personal Data Processing Agreement should do so as soon as possible, because: The responsibility for the permissibility of data processing does not lie with ADITION, but with you as a customer. A missing Personal Data Processing Agreement leads to inadmissibility of data processing. This can lead to measures by the supervisory authority, fines or claims by affected users, etc.
Launched on 24 April 2018, IAB Europe’s GDPR Transparency & Consent Framework (Framework) has a simple objective – to help all parties in the digital advertising chain ensure that they comply with the EU’s General Data Protection Regulation when processing personal data or accessing non-personal or personal data on user devices.
The Framework is particularly relevant for “first parties”, publishers and other suppliers of online services, who partner with “third parties” to enable those third parties to process user data on one of the legal bases laid down by the Regulation. The Framework standardises the capture of user consent for data processing and “signals” this information across the advertising supply chain. It is open-source, not-for-profit with consensus based industry governance led by IAB Europe with significant support from industry parties and technical support from IAB Tech Lab.
A key piece of the Framework is a unique registry of third-party data controllers, a Global Vendor List, on whose behalf consent may be requested by the first parties that have the direct interface with users.