On 25 May 2018, the EU General Data Protection Regulation (“GDPR”) comes into force, replacing the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.
The regulation could have a profound impact on the programmatic advertising industry. We covered those bases in a previous blog post.
To learn more about the GDPR from an ad fraud and privacy perspective, check out our Q&A with Jay Seirmarco, our SVP of Operations and Legal Affairs.
This post will focus on Pixalate's role as it relates to the GDPR. We will also answer some of the questions we are most frequently asked.
Pixalate is compliant with the GDPR. We have taken significant administrative and technical measures to ensure our GDPR compliance. Here's a brief list:
Article 6 of the GDPR provides a right to process personal data to further legitimate interests, provided that doing so will not infringe adversely upon the fundamental rights and freedoms of individuals.
Recital 47 of the GDPR states expressly that the “processing of personal data strictly necessary for the purposes of preventing fraud” constitutes a legitimate interest, and such provision serves as our legal basis for the processing of personal data under the GDPR.
In order to protect the digital advertising supply chain and prevent fraud, we limit our business relationships to legitimate enterprises that demonstrate a shared interest in detecting and filtering invalid traffic (“IVT”). Each vendor that we utilize to process personal information goes through our rigorous selection process.
For more information on this process, please see our GDPR page: http://www.pixalate.com/gdpr/
The GDPR provides several mechanisms to facilitate transfers of personal data outside of the EU. The European Commission shared model contracts for the transfer of personal data to non-EU countries.
Additionally, there exists the EU-US and Swiss-US Privacy Shield frameworks, which provide companies with a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the US.
We rely upon both model contracts, and certification under the Privacy Shield frameworks, as bases for US-based processing of personal data regarding EU data subjects.
We are accredited for sophisticated invalid traffic (SIVT) detection and filtration for desktop and mobile web impressions by the Media Ratings Council (“MRC”). In connection with our MRC accreditation, an independent auditing firm performs testing procedures annually, including information technology (“IT”) security procedures pursuant to COBIT. We also leverage the Information Systems Audit and Control Association (ISACA)’s Privacy Principles for GDPR Compliance, which are aligned with COBIT and GDPR Article 35.
For more information, please see our GDPR page: http://www.pixalate.com/gdpr/
Want more data-driven insights? Sign up for our blog!
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC, “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”