The General Data Protection Regulation (“GDPR”) is new EU privacy legislation that takes effect on May 25, 2018. The GDPR has a global effect and applies to all organizations that process personal data of EU/EEA residents, no matter where the organization may be located. In very simple terms, the GDPR provides users with a higher standard of consent, visibility and control on how their personal data is used and shared – this includes how data is used for interest based ad targeting.
What is PulsePoint Doing to be GDPR-Ready?
At PulsePoint, data privacy is amongst our highest priorities and we are working hard to prepare for the GDPR.
Here are some things that we have done, will be doing, and things that may apply to you (as a publisher or advertiser), to be GDPR ready:
Pursuant to the GDPR, PulsePoint will not process personal data (i.e. targeting personalized ads) from EEA users (determined via IP address) without the user’s consent (contextualizing impressions do not require consent under the GDPR). The PulsePoint platforms have been updated, including our header bidder wrapper, pursuant to OpenRTB standards, to accept consent signals and we will pass along the consent signal (or lack thereof) to our advertising demand partners for their processing and decision making.
We expect our publishers to obtain a user’s consent and pass along those consent signals to PulsePoint. The PulsePoint platforms are able to work with a variety of consent management tools, but PulsePoint recommends the IAB EU Consent Framework to obtain, manage and pass consent to PulsePoint. In using the IAB framework, publishers must specifically and affirmatively turn on PulsePoint as an approved third-party vendor in the IAB user consent solution – so that PulsePoint may receive the consent signal and process a user’s personal data.
There are a number of third party companies who have built tools to help publishers obtain and manage consent pursuant to the IAB framework, a list may be found here.
Publishers should also update ad tags and make any other required changes to pass PulsePoint consent. If publishers are unsure of what may be needed to pass consent to PulsePoint, please contact PulsePoint at email@example.com
What happens if users do not consent or no consent signal is received?
For any EEA users who do not provide their consent to process their personal data, or PulsePoint does not receive any consent signal at all, PulsePoint will not process any personal data, including for the purpose of ad targeting. This means that data used for targeting ads such as exact location, IP address, time of day, and demographics will not be processed for this purpose.
This does not mean, however, that the PulsePoint platforms will not deliver ads. In fact, PulsePoint will continue to provide services in the absence of the processing of this user personal data. For example, PulsePoint will still pass along ad requests to our DSP and advertising partners indicating “no consent” and PulsePoint may still contextualize such ad requests for the purpose of delivering ads.
Other Steps PulsePoint has taken to be GDPR Ready
PulsePoint is certified under the EU - U.S. and Swiss - U.S. Privacy Shield frameworks, which are legal mechanisms that enable PulsePoint to transfer of personal data from the EEA and Switzerland to the US, where certified organizations guarantee to provide a level of protection in line with EU data protection law.
PulsePoint has updated its publisher and advertiser contracts for GDPR.
PulsePoint has been working with industry partners and industry groups such as the IAB Europe, IAB UK, and Network Advertising Alliance (NAI) for GDPR readiness.
PulsePoint has instituted new polices for GDPR and is entering into data processing agreements with relevant parties for GDPR.
PulsePoint has appointed a Data Protection Officer who may be contacted at firstname.lastname@example.org
For questions about PulsePoint and the GDPR please email: GDPR@pulsepoint.com
PulsePoint continues to implement and update our processes and policies as required to comply with GDPR. We are also committed to supporting our partners in their own GDPR compliance initiatives.
Disclaimer: The information on this webpage is for general information only and does not constitute legal advice. Please consult your own legal professionals if you seek advice on specific interpretations and requirements of the GDPR.