Oath, a Verizon subsidiary, on Wednesday became one of the first major advertising companies to provide guidance on Europe’s privacy law known as the General Data Protection Regulation (GDPR), which is set to take effect on May 25.
Europe’s decision to implement GDPR prompted Oath to take its compliance global. For example, an EU member who logs in while on holiday in India will still have their GDPR rights recognized, explains Doug Miller, chief privacy officer at Oath.
The company, which now lives by the mantra “privacy by design,” formed a global privacy team to oversee compliance and will appoint a new data protection officer, which is one requirement of being GDPR-compliant.
Miller outlined in a post some important changes to the company’s approach to privacy and data protection for those who use its services, as well as advertisers and publishers.
Changes include updating advertising systems to conform to GDPR requirements; and amending contracts to ensure compliant data collection, pass-through and processing.
Oath also plans to introduce a privacy dashboard that allows users to make changes to their data preferences for any of the company’s brands such as Yahoo Mail.
“As an advertising platform, we're responsible for controlling and processing Oath user data, as well as the data of our publishing, advertising and data partners,” he wrote. “Oath is updating contracts and systems with our clients and partners across the advertising ecosystem to ensure compliance for data collection, pass-through and processing.”
For publishers, Oath will introduce a “consent management provider system” to serve as a way for publishers to capture, store and validate owned and operated -- as well as third-party -- data.
In its work with the Interactive Advertising Bureau (IAB), Oath has been helping to define new industry guidelines for encrypting consumer data in advertising, including tracking and data onboarding, resulting in the Advertising Industry's GDPR Transparency & Consent Framework, and recommends that its partners apply this framework to their own solutions.
Also in the works are updates for Oath’s SSPs and DSPs to handle OpenRTB enhancements that add new purpose-specific flags to each bid request. Oath's proprietary software SDKs will also include purpose-specific settings.
“All of the steps we are taking, for both our members and our partners, are aimed at adhering to the highest standards of privacy, reinforcing our dedication to trust and transparency at every stage of the member experience,” Miller wrote.