Google wants its publishers in Europe to solicit users’ consent on its behalf under the new General Data Protection Regulation (GDPR) privacy rules. The GDPR rules which will take effect on May 25, requires companies to gain explicit consent for collection and use of personal information in targeted ads. And Google’s consent plan is something that ad giants like Facebook and Amazon can follow.
“To comply, we will be updating our EU consent policy when the GDPR takes effect and the revised policy will require that publishers take extra steps in obtaining consent from their users,” the company explained in its blog post on Thursday.
— MNI (@MNI_Media) March 28, 2018
Obtaining users’ permission secondhand is legal, according to the experts. But for own platforms such as Google.com, Gmail, and YouTube, Google will directly get consent from its users.
Under the GDPR, there are two categories of data handlers, the controller, and the processor. Controllers are identified as the source of data, like website owners and publishers. Processors, such as marketing technology providers, do the actual processing of data collected from external sources.
Google, with its myriad of products, platforms, and services, cannot be simply classified as a controller or processor. The company identifies itself as a controller for some of its ad products, including DoubleClick for Publishers (DFP), DoubleClick Ad Exchange (AdX), AdWords, and AdSense. On the other hand, Google operates as a processor of personal data gathered in services like Ads Data Hub, and Google Analytics, among others.
However, Google said that it will introduce new contract terms and take on the role of co-controller of user data for its publishers. This gives the tech giant autonomy over gathered data and its for their own purposes. At the same time, Google is sharing the burden of protecting the data especially since noncompliance with the new law could result in hefty fines.
“The concern with GDPR is, everybody in the data supply chain could become liable. If the publisher fails to get sufficient consent for Google when [Google’s] tags or pixels are on [the publisher’s] site, the publisher could be potentially liable. Google, of course, could certainly be liable for collecting that data without the proper GDPR compliance process,” Gary Kibel, partner at law firm Davis & Gilbert, explained.
By formulating its own consent plan as a joint controller, Google may be able to ensure compliance from its publishers. Likewise, it reduces the risk of publishers collecting data without obtaining consent.
But as more people decline to give consent for personal data use, publishers might have a hard time earning money from targeted ads. As a countermeasure, Google plans to roll out non-personalized ads to help publishers. It will also be working with industry groups, such as IAB Europe, for other solutions ahead of the May 25 deadline.
[Featured image via Google]