Since we aren’t lawyers, we want to be careful about how we approach GDPR and be clear that we aren’t able to give legal advice for your site. We are working with lawyers and important leaders in the industry to help keep a close eye on everything related to GDPR and want to pass on as much useful info as we can. Because everything is changing so quickly and lawmakers haven’t weighed in on many crucial aspects, we encourage you to take a conservative, thoughtful approach to compliance, make best efforts, and stay tuned as things evolve and new tried and tested solutions are developed.
What is GDPR?
GDPR stands for General Data Protection Regulation, an initiative designed to give residents of the European Economic Area (EEA, which includes the European Union or EU, plus several additional countries) control over how their personal information is used.
GDPR covers anything and everything to do with how you use your customers' data. That means the ads that we serve to them and how they are personalized, how your social sharing plugin stores data, how your commenting system logs users in, how your host records traffic and many other things. As a website, being in compliance means understanding all of these components of what you and your partners are doing, and then providing transparency to your readers about all of that.
The fundamental point of GDPR is users should have full control over their personal data, how it used, who uses it and full visibility into those choices.
I’m not in the EU - do I need to do anything?
GDPR covers all companies that deal with EU residents, so even if you only have a few percents of traffic coming from the EU and don't have any connection with any country in the EU, it technically applies to you and your site.
What is AdThrive doing for my ads?
Good news: your AdThrive ads are GDPR-compliant as of May 25, 2018.
We use a consent box to gather consent from EEA traffic to run personalized, relevant ads. EEA users who visit your site are asked to opt in to personalized ads. They can also learn more about how and why their data may be used, view the ad partners we work with for your site, or opt out and receive only non-personalized ads (which aren’t as valuable to advertisers).
How much of my traffic sees this consent box?
This consent box only displays for traffic coming from countries governed by GDPR. (Click here for a full list.) You can get a feel for how much of your traffic comes from these countries by opening your site’s Google Analytics account, and selecting ‘Audience’ > ‘Geo’ > ‘Location.’ You’ll see the percentage of your total traffic that comes from each country around the world.
What does this consent box look like?
It's a banner that displays at the bottom of the page for EEA visitors stating that your site uses data to deliver personalized ads. It links to more details on the information that may be gathered and how that information may be used, and gives visitors the chance to customize their preferences, decline data usage or continue to the site. Ideally, EEA visitors will be used to seeing these types of opt ins and consent to normal data use.
What if the EEA visitor doesn’t consent?
If an EEA visitor doesn’t consent, they will be shown ads that don’t rely on any personal information. These ads aren’t as valuable to advertisers, because visitor information can’t be tracked.
How can an EEA user remove consent?
If an EEA user originally consents to receive personalized ads, but changes their mind later, they can easily update their ad privacy settings by clicking on an ad privacy settings option at the bottom of the site.
Is my RPM be affected by GDPR?
The short answer for now is yes, depending on the percentage of EU traffic your site receives. Non-personalized ads don’t currently pay as well as ads based on a user’s browser history. Preliminary studies show up to 50% of EU users may consent to personalized ads when given the choice, so our consent framework lets you recapture as much of that revenue as possible.
Can I use a different method of gathering advertising consent for my readers?
Right now, our first priority is making sure the solutions we’re using are actually 100% in compliance. From our conversations with Google, other ad industry providers, and our lawyers, this release is our best effort to protect your site’s ads and do what it takes for compliance. Don’t worry - this is just the beginning. As more information and standards come to light, there is plenty of room for new and improved solutions, and we’ll be at the forefront of that for your ads.
Can I add custom wording to the consent box to cover other things?
This consent box is just covering cookies related to your ads for now (and remember, it will only show on EU traffic). As things evolve, we’re hoping for new solutions that let us include consent for other cookies too!
Outside of my ads, what else do I need to do?
We’re taking a conservative approach for your ads, but ads probably aren’t the only thing on your site tracking EEA users’ information -- comment and contact forms, a customer database, mailing list, plugins, widgets, hosts, and Google Analytics are just a handful of examples.
One of the most important things you can do is take stock of the services and tools you use on your site and understand how they are processing information on your visitors and handling GDPR-compliance. For third party services, we recommend contacting each provider to ask what steps they are taking for GDPR-compliance.
Google Analytics has introduced new data retention settings for GDPR. You can now choose how long Google Analytics keeps personal data, with the default being 26 months.
“Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features like applying custom segments to reports or creating unusual custom reports.” (source)
You can also anonymize IP addresses in Google Analytics, so they are no longer considered personally identifying information. This doesn’t have any impact on the way we use Google Analytics to measure and report your ad performance.