GDPR and Oath: Need to know for consumers, advertisers and publishers

By Doug Miller, Chief Privacy Officer



At Oath, data helps us create the content our members love, deliver product innovation that makes their lives easier, and connect them with brands through experiences that are more relevant and engaging. Data also enables our clients and partners to reach members in truly meaningful ways, ultimately enhancing our members' experience. We know though that data is also personal, so we take steps to protect member data and empower members with controls over how and when their data is used.

As a new privacy law in Europe known as the General Data Protection Regulation (GDPR) is set to take effect on May 25th, there are some important changes to our approach to privacy and data protection that we want to share with our members, advertisers and publishers.

What is GDPR?

The General Data Protection Regulation, or GDPR, is a set of requirements generally designed to give people in Europe more protection of and control over their data. The requirements apply to all organizations, in any location and industry, that process the personal data of EU residents.

For consumers, GDPR provides new options with regard to their data. Once in effect, consumers will be able to access their data, edit or correct it, move it, erase it, opt out of its use and restrict it from being processed.

For companies, GDPR requires measures to protect personal data and to notify authorities if there is ever a breach of personal data. It also introduces new requirements for processing personal data, including clear notice of data collection and type of data use, and to keep records of data processing.

What is Oath doing to prepare?

It starts with commitment. Just like we believe in the value of original, curated content and investing in trusted premium brands, Oath has been working diligently to prepare for GDPR. We're taking a global approach to compliance to ensure data is trusted and protected across all markets. For example, an EU member who logs in while on holiday in India will still have their GDPR rights recognized. To this end, every aspect of our business is involved in the effort to build teams, systems and processes to ensure compliance. This includes:

  • Appointing a data protection officer, as required by GDPR and in addition to our global privacy team, to specifically oversee our compliance with data privacy and use regulations in the EU;

  • Continuing to build our products with a "privacy by design" approach to ensure privacy is paramount in our development process;

  • Updating advertising systems to comport with GDPR requirements; and

  • Amending contracts to ensure compliant data collection, passthrough and processing.

Building for consumers

We're working to make the new consumer data rights under GDPR easy and accessible for all of our members. Leading up to the time GDPR takes effect, we'll introduce a one-stop privacy dashboard that puts our members' data preferences at their fingertips. In a single interface, a member's data preference will be applied no matter which of our brands they're engaging with, along with rights and functions enshrined in GDPR. More on this from us soon.

Delivering for advertising, publishers and partners

As an advertising platform, we're responsible for controlling and processing Oath user data, as well as the data of our publishing, advertising and data partners. Oath is updating contracts and systems with our clients and partners across the advertising ecosystem to ensure compliance for data collection, passthrough and processing.

A consent management provider system for publishers will serve as a powerful solution for publishers to capture, store and validate owned and operated, as well as third party data.

Oath has been a leader in working with the Interactive Advertising Bureau (IAB) to define new industry guidelines for encrypting consumer data in advertising, including tracking and data onboarding, resulting in the Advertising Industry's GDPR Transparency & Consent Framework, and recommends our partners apply this framework to their own solutions.

Within our technology, Oath is updating our SSPs and DSPs to handle OpenRTB enhancements that add new purpose-specific flags to each bid request. Oath's proprietary software SDKs will also include purpose-specific settings.

We see GDPR as a win for consumers and brands. This new regulation offers an opportunity to differentiate our products and services in the market by enhancing data protections and the rights of our members. All of the steps we are taking, for both our members and our partners, are aimed at adhering to the highest standards of privacy, reinforcing our dedication to trust and transparency at every stage of the member experience.