The GDPR, adopted in the European Union, was designed to replace the 1995 Data Protection Directive, which was interpreted differently across Europe. The limitations of the Directive, related to the widespread use of the internet and data as a common currency, contributed to the need for a more reliable and uniform legal framework to protect user privacy.
The emergence of the GDPR, which came into effect on May 25, 2018, was an exact response to the need to create such comprehensive and unified guiding principles for businesses operating in all EU member countries. The introduction of the regulation eliminated the need for companies to comply with a multitude of privacy protection requirements, significantly simplifying the path to compliance and data protection.
Over time, the GDPR has evolved and undergone significant amendments to remain relevant and effective. In particular, significant changes were made to the GDPR in 2021, including the removal of the Privacy Shield, previously created to facilitate American companies’ work with EU citizens. That same year, regulations around cookie consent were strengthened, prohibiting companies from blocking access to content if users do not consent to the use of cookies.
Following Brexit, the UK introduced its own version of the GDPR, designed by the Information Commissioner’s Office (ICO) and incorporated into the Data Protection Act of 2018. If a company regularly processes data from clients in Europe, it needs to comply with both European and British data protection laws.
Failure to comply with GDPR requirements can lead to significant losses. Regulatory bodies within the EU can impose fines of up to €20 million or 4% of the total global turnover of the previous financial year, whichever is higher. Fines can vary depending on the severity and recurrence of violations. High-profile cases include a €35 million fine on Amazon by French authorities in 2020 and a €225 million fine on WhatsApp by Ireland’s DPA for breaching privacy policy.
Achieving compliance with GDPR requirements requires an understanding of the regulation and its implications. This includes reading the official documents, which consist of 11 chapters and 99 articles, and keeping up with news and events related to GDPR. Organizations can also learn from the compliance experience of other companies of the same scale and industry. Regular audits of website and data processing activities can help ensure GDPR compliance.
How has GDPR affected advertisers?
Advertisers have been forced to fundamentally rethink their data collection and management processes in response to these regulations.
One of the important aspects of GDPR is user consent. Every website is required to obtain explicit user consent to process their data. This means that pre-ticked boxes or a complete lack of any action can no longer be considered consent. That is, the first and main task of every advertiser is to inform the audience about all types of data collected from them. The audience must be informed about the purpose of data collection and how this data will be used.
Secondly, advertisers need to ensure the presence of an appropriate legal basis for data use, such as contractual necessity or legitimate interests. Websites should have an unpopulated box for the user to check. Also, only those cookies that are allowed by users should be installed. And there should be a method available by which the user can opt out of using cookies.
The use of third-party trackers must also comply with GDPR requirements. Transparency is a key component of the GDPR. Consent is required to store any kind of data for advertising purposes, which is a significant requirement.
P.S. By the way, in case you missed it – Keitaro Tracker is fully compatible with GDPR and can track data from websites without the need to enable cookies.
Advertisers use targeting cookies and pixels to direct users to ads they may view, with the aim of improving the user experience. However, this violates the rights of users set by GDPR. No site can track users using cookies if it has not obtained user consent and informed them about the purpose of the installed cookies.
Although GDPR has introduced new barriers, it is also an important step in the evolution of the advertising industry towards more sustainable, privacy-conscious practices. Advertisers need to stay up-to-date with these and future data protection laws, ensuring compliance and continuing to provide value to their clients in a privacy-respectful manner.