This Blog was originally posted on the Network Advertising Initiative website.
Greetings from Brussels, the land of French fries and beer, and now the epicenter of fierce efforts to achieve compliance with the historic European privacy regulation, the General Data Protection Regulation (GDPR).
I had the privilege of representing NAI members at two major privacy events in Brussels: the in-person meeting for the IAB Europe’s GDPR Implementation Working Group and the IAPP Data Protection Congress (DPC) 2017.
First on the agenda was the third in-person meeting of the IAB Europe's GDPR Implementation Working Group (GIG). It was a great privilege to be able to participate in the GIG, which is comprised of IAB Europe member company representatives (many of whom are also NAI members). The GIG is committed to helping the digital advertising technology industry create and implement meaningful business and technology solutions to comply with the new privacy requirements of the GDPR and, eventually, the new ePrivacy Regulation. No small feat!
Here are some take-aways from our meeting:
Here are some key features of the consent solution, the details of which will be announced soon:
The conference was completely sold out. The number of attendees and the diversity of the organizations and companies present indicate the seriousness with which the industry is approaching this groundbreaking privacy regulation.
If real estate is all about "location, location, location,” then DPC this year was all about "GDPR, GDPR, GDPR." The vast majority of the panels and keynote presentations addressed GDPR readiness and compliance, and the implications for privacy programs - and privacy professionals - across the globe. Even the vendors at the DPC were focused on GDPR, promoting comprehensive suites of GDPR compliance and management solutions, from internal data mapping and privacy impact assessment tools, to reporting and compliance demonstration solutions.
Of course, GDPR isn't the only privacy regulation that will affect digital ad tech companies. There is great urgency in the halls of the European Parliament to draft and debate an ePrivacy Regulation to replace the current ePrivacy Directive. In a panel addressing the "perfect storm" of the GDPR and ePrivacy Regulation, several policymakers offered guidance for companies.
The EU Commission's Rosa Barcelo and Karolina Mojzesowicz along with Ralf Bendrath, policy advisor to MEP Jan Phillipp Albrecht, said that companies should be mindful of the ePrivacy Directive while waiting for the ePrivacy Regulation. While the original May timeline for ePrivacy Regulation implementation is no longer realistic, they said, companies should continue to comply with the ePrivacy Directive which requires consent for data processing for digital advertising. In the words of Mr. Bendrath, "online tracking is already illegal [under the e-Privacy Directive].”
The conference ended on a controversial note. German MEP Birgit Sippel, in what was her first public keynote address as the European Parliament's Special Rapporteur for the proposed ePrivacy Regulation, announced, "What we are aiming at is to abolish surveillance-driven advertising."
In response to industry arguments that ePrivacy Regulation restrictions will create consent fatigue and limit online content due to revenue drops, Ms. Sippel responded that businesses are innovative and should be capable of creating meaningful consent without causing consumer fatigue.
See you on the other side…of the next postcard.