Megan Sullivan-Jenks, Director of Marketing at Choozle: In simple terms, what is GDPR?
Jeffrey Finch, Chief Product Officer & co-founder at Choozle: It’s essentially an online privacy Bill of Rights for the EU. My formal response to the question would be: A legislation, coming into effect on May 25, 2018, that dictates the guidelines for collecting and processing the personally identifiable information of individuals within the EU.
MSJ: In your opinion, what brought about the creation of GDPR?
JF: People with the power to make a change listened to what I feel is a reasonable request from the public… If you are going to collect data about me and my actions then I should be able to make a choice whether I permit that or not. Additionally, I should be able to choose who can and cannot collect and interact with data generated by my activities. I can determine where I provide value to businesses, that hopefully in return, provide value to me.
It’s also important to note, though, that businesses now have a choice as well. They do not have to offer their services or access to those who choose not to opt-in to data collection. There is a cost to generate and maintain content on the internet and data collection pays the bills for a lot of this content.
MSJ: How will Choozle update its permissions and privacy policy to become compliant?
JF: There will be some changes to the privacy policy language to better align with the legal requirements of GDPR. However, Choozle already has clear and transparent privacy policies in place that are audited for compliance by the NAI (Network Advertising Initiative). As we implement these changes we will keep our clients in the loop by clearly explaining what has changed and why.
Given that our data management and customer data platform technologies were designed and built after GDPR was initially announced, Choozle has used those requirements as our minimum build standard and will be providing even greater transparency around data in future product releases.
MSJ: Who controls the data at Choozle?
JF: The Choozle user has control over what data they wish to enter into the platform. Once uploaded and activated via our self-serve tools, that data is then available to create audiences, gain analytics, retarget and execute programmatic advertising as part of a digital advertising campaign. Additional first-party data is created as the campaigns progress, and this is funneled back to the client for analysis and optimization (including AI).
Choozle fills the role of “data controller” under my interpretation of the GDPR guidelines. “Control” in this instance is a strong word that could be used in a negative context. To ensure clarity: data controllers, under GDPR, will be required to protect and store data according to the guidelines or face non-compliance measures. In this instance, Choozle will control the data, but only in scenarios where our technology is compliant and suitable for the client’s needs.
Choozle does not use or “control” client data in the traditional DMP sense, where participant data is blended with others to create “new” (and revenue-driving) data segments marketed by the DMP.
MSJ: What actions do marketers and advertisers need to take as they are executing digital advertising in order to be GDPR compliant?
JF: First and foremost a business that receives traffic or revenue from the EU will need to be GDPR compliant or face potential measures. This begins at the basic level with consent. If you have consent, which many users will allow if value is provided, you can collect data. However, how you gain this consent is tricky.
I would suggest locating a trusted partner or consultant to provide some guidance. This is a very new set of guidelines and protocols. Many U.S. businesses are realizing that they need to be compliant and are not. If you do business in the EU or touch any personal data tied to the EU, you need to be compliant.
Choozle will be providing a powerful yet simple Consent Tool to EU and U.S. clients that can be powered via our existing Smart Container and TagBot™ technologies. This feature requires a one-time manual implementation by Choozle engineers.
MSJ: What advice do you have for marketers and advertisers who are using third-party data targeting post-GDPR?
JF: You can still find scale with third-party data before, during, and after GDPR. I would recommend using reputable data partners who can show their ownership and validation of their data’s GDPR compliance present in the segments. The cream should rise to the top pretty quickly. GDPR just may solve the “way too much freakin’ 3rd party data” dilemma we face in programmatic advertising today. Fingers crossed!
In closing…
JF: Get ready to receive and implement lots of “data sharing” and “understanding of data ownership” agreements between you, your clients and your partners. Under GDPR, the liability is spread when there is a failure and all links in the chain will be held accountable to their role. Did you hold your line? Then nothing to worry about, you are also protected under GDPR.
If you operate above-board today then just keep sailing, get educated and cover your bases. If you were operating in the shadows or in a not-so-awesome manner then good riddance – GDPR will force you out of the mix.