Privacy & Data Protection
Privacy and data protection rules play an important role for the digital advertising industry as delivering relevant advertising and measuring its effectiveness requires the processing of data. Processing data is a crucial for digital advertising to be efficient in funding digital content, services, and applications, making them widely available at little or no cost, as well as driving growth within the digital economy.
The ePrivacy Directive (Directive 2002/58/EC), also nicknamed the “Cookie Directive” because of its rules on storing and accessing data on a users’ device, such as so-called Internet cookies, is a directive primarily regulating the processing of personal data in the electronic communications sector, i.e. by telecommunications providers.
The proposed Regulation would also mandate browsers and other software to provide the option to actively prevent data collection through cookies et al., and to force users to make a choice as to their preference during set up. This would be the case not just for web browsers, but for any application or device which can connect to the internet.
For more information on the political and legal aspects of the proposal, check out IAB Europe’s ‘Cookie Regulation FAQ’.
General Data Protection Regulation
The General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) had been more than four years in the making when it finally entered into force on 25 May 2016. After a 24 months transition period, the GDPR will replace the existing patchwork of different national data protection laws in Europe, which are implementing the 20 year old European Data Protection Directive, with a single, directly applicable European law as of 25 May 2018.
IAB Europe has been advocating for a GDPR that provides a high level of data protection for Internet users while enabling digital advertising to continue playing its important role for the Internet ecosystem in the future. To this end IAB Europe has supported a risk-based approach to data protection, which would focus regulatory scrutiny and enforcement on data processing based on the meaningful risks for data subjects. IAB Europe has also been stressing the importance for the new law to provide clear rules that provide legal certainty for companies.