When enforcement of the General Data Protection Regulation (GDPR) begins on May 25th, most companies in the global digital advertising industry will be impacted directly or indirectly. IAB organizations are leading the charge to prepare our members for this approaching deadline.
As you would expect with any legal upheaval of this magnitude, the situation remains dynamic in the final month before the compliance deadline. New guidance from regulators continues to be published and new compliance services continue to come to market. This dynamic situation has created a breeding ground for fear-mongering and divisiveness, and some have sought to capitalize on this by pointing fingers rather than developing meaningful solutions. While there have been significant growing pains in order to comply with GDPR, we know that our industry is best able to address these challenges when we work together.
To this end, IAB Europe, IAB Tech Lab, and IAB in the US are well ahead of the curve in providing practical guidance and solutions designed to benefit all participants in the digital advertising ecosystem.
For more than two years, IAB (US) has hosted roundtables, seminars, and education sessions detailing the new requirements established by GDPR and offering access to the brightest legal experts. We have distilled the most important guidance and updates for our members at gdpr.iab.com. At the same time, IAB Europe has worked tirelessly to represent the digital advertising industry before EU lawmakers and to help companies navigate the complexities and vagaries of the law. They have developed guidance on critical issues such as when consent is necessary, how to respond to data subject access requests, and how to define personal data.
Through our member outreach it became clear that despite guidance and best practices, many companies in the digital advertising industry still lacked an easy-to-use framework for fulfilling the heightened obligations of GDPR. Countless conversations with stakeholders revealed several key principles that a successful industry-wide compliance framework must address:
- A framework must give users control over their personal data by making them aware of first- and third-party services engaged in online advertising and offering them the ability to select when and how their data is used.
- A framework must give publishers an easy method of defining which third parties they want to work with, which third parties they seek user consent for, and which third parties they disclose to use the “legitimate interests” legal basis. The framework must also provide an easy method of passing user choices along the ad delivery chain.
- A framework must be open source and not-for-profit with consensus-based industry governance.
With this feedback in mind, IAB Europe, now in conjunction with IAB Tech Lab, developed the Transparency and Consent Framework, a flexible and adaptable portfolio of technology specifications that support compliance with GDPR and other privacy regulations and practices. These joint efforts have produced first-of-their-kind technical solutions that give publishers and all parties in the digital advertising supply chain more options on their path to compliance.
Other recent GDPR compliance initiatives include the IAB Tech Lab advisory for OpenRTB. Included in the advisory is a bidstream data field that indicates if an individual is an EU data subject and what consent has been established for processing of that individual’s data.
GDPR implementation is weeks away, and IAB will continue to stay ahead of any new developments. In the meantime, reach out to us with questions or concerns, and be sure to visit gdpr.iab.com for the latest updates and events. We’re all in this together, so let’s collaborate and get it right.
Upcoming IAB Events on GDPR:
- May 10: “GDPR Publisher Roundtable” – Join IAB and the IAB Tech Lab for a discussion on the latest GDPR compliance developments, including information about the recently released GDPR Transparency and Consent Framework. Open to all IAB and IAB Tech Lab members, this event will explore current and future GDPR compliance challenges and solutions with an emphasis on the publisher’s perspective. Register Here
- May 11: “Beyond Readiness: GDPR – What to expect after May 25” – Join IAB for a dynamic policy symposium exploring what the digital advertising industry can expect after the May 25 GDPR implementation deadline. Leading industry experts and key U.S. and EU lawmakers will explore topics including the latest guidance and enforcement trends, the upcoming ePrivacy Regulation, and the GDPR’s impact on U.S. and global privacy laws. Register Here
- May 17: “Implementing the Transparency and Consent Framework: A Technical How-To and Q&A Webinar”In the final weeks before GDPR May 25th enforcement date, this webinar gives product and engineering leads from publishers, buyers, ad tech vendors the opportunity to walk through implementation details in the Transparency and Consent Framework. We’ll walk through common questions and the guidance that is given in accordance with the technical specifications. There will be an open Q&A session, for you to ask the experts your questions! Register Here