29 TECH FEED Audience Data
Like Sir Lancelot attacking a castle in Monty Python & The Holy Grail, it’s not like the industry is unaware of GDPR, so when it’s legally enforced on May 25 across Europe there really is no excuse for not being prepared. Proposed in 2012, the Global Data Protection Regulation tries to take into account the seismic shifts in the handling of information brought about by the rise of the digital economy. In the European Commission’s own words: The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritised. The reform will allow European citizens and businesses to fully benefit from the digital economy. The Commission defines personal data as information relating to any identifiable individual, including location data, IP addresses and other online identifiers. The definition of ‘sensitive data’, which already included information on health, ethnic origin, and political or religious views/activity has been extended to include genetic, biometric and sexual orientation data. The EC’s contention is that consumer trust is essential to fostering growth and it believes trust can be won by giving users of digital services more information and greater control over how their data is used. Organisations – and individuals - that collect data from EU residents are defined as data controllers under the GDPR. They face new requirements in the way they word privacy notices and how they obtain consent from individuals for use of their data. Consumers’ rights will be enhanced, including the right to have personal data erased and to have data returned or transferred to another organisation on request. DPO REPORTING FOR DUTY The GDPR also includes new minimum requirements for record-keeping relating to data processing, whether carried out by the data controller or any other company that processes data on its behalf (the “data processor”). Data controllers are required to conduct WHAT IS GDPR AND WHY IT’S NOT THE ONLY DATA LAW THAT MATTERS
data privacy impact assessments and to appoint Data Protection Officers (DPO) to oversee design and implementation of GDPR compliant data policies, processes and systems such as by performing online behavioural tracking. New products and services for sale in the EU must now be designed with data protection risks in mind, using the concept of Data Protection by Design – a change that has significant implications for the TV and broadcast industry. What’s more, these rules will have to be observed by the entire supply chain. Organisations will also be required to report data breaches to regulators within 72 hours of detection; and they must notify individual data owners if the breach poses a high risk to their well-being. Such notifications will have to describe in clear, plain language the nature of the breach, its potential consequences and the actions being taken to mitigate its effects. Having lacked the teeth to enforce compliance under current rules, the EC will soon be able to exact severe financial penalties for violations. Facebook has said it will comply. The maximum fine that organizations can be hit with for the most serious infringements is 4% of their global annual turnover or €20 million, whichever is greater.
A tiered system of fines means a lower level of penalties can also be levied up to 2% of global turnover (or €10 million). COOKIE MONSTERS GDPR is not the only data protection law coming into force in May. The EU’s ePrivacy Regulation, which dovetails with GDPR, will have an impact on the use of digital ad strategies. Otherwise known as the “cookie law”, businesses in Europe must obtain explicit consent to use cookies and provide clear opt-outs to users under the new law. Cookies are at the core of most behavioural marketing and advertising, with advertisers using them to build a picture of people’s interests by tracking which websites they visit. When a user visits a site that shows one of their ads, the advertiser can tailor the ad’s message to cater to the person’s inferred interests. One impact is that OTT services, which include instant and social media messaging services such as WhatsApp, Gmail and Messenger and ‘voice over internet protocol’ providers such as Skype will be regulated under the same EU laws as telephone calls, email communications and SMS messages. The law would also curb Facebook’s and Google’s ability to collect and use consumer data, restricting them from targeting ads based on data from such OTT services.
Powered by FlippingBook