Since the GDPR became active in May 2018, we have worked closely with the Interactive Advertising Bureau (IAB) and our lawyers to ensure our service and your ads are in compliance.
What is GDPR?
GDPR stands for General Data Protection Regulation, an initiative designed to give residents of the European Economic Area (EEA, which includes the European Union or EU, plus several additional countries) control over how their personal information is used.
GDPR is all about how you use your site visitors’ and customers' data. This includes the ads that we serve to them and how they are personalized, how your social sharing plugin stores data, how your commenting system logs user data, how your host records traffic, and many other things. Being in compliance means understanding all of these components and providing transparency and control to your readers.
The fundamental point of GDPR is that users should have full control over their personal data, how it gets used, who uses it, and full visibility into those choices.
I’m not in the EU - do I need to do anything?
GDPR covers all companies that deal with EU residents, so even if you only have a small percentage of traffic coming from the EU, it applies to you and your site.
What is AdThrive doing for my ads?
Good news: your AdThrive ads are GDPR-compliant as of May 25, 2018.
We use a consent box to gather consent from EEA traffic to run personalized, relevant ads. EEA users who visit your site are asked to opt in to personalized ads. They can also learn more about how and why their data may be used, view the ad partners we work with for your site, or opt out.
How much of my traffic sees this consent box?
This consent box only displays for traffic coming from countries governed by GDPR. (Click here for a full list.) You can get a feel for how much of your traffic comes from these countries by opening your site’s Google Analytics account and selecting ‘Audience’ > ‘Geo’ > ‘Location.’ You’ll see the percentage of your total traffic that comes from each country around the world.
What does this consent box look like?
In August 2020, we rolled out the latest version of our consent box, which was upgraded to comply with the latest IAB guidelines and provide the best user experience. We are partnering with LiveRamp, a trusted industry brand, for this service, and we chose them based on, among other things, data showing high opt-in rates for EU visitors.
It's a notice that displays on the page for EEA visitors stating that your site uses data to deliver personalized ads. It provides more details on the information that may be gathered and how that information may be used, and gives visitors the chance to accept personalized ads or customize their preferences. Ideally, EEA visitors are used to seeing these types of opt-ins and will consent to normal data use.
If the user clicks "Accept All", they will continue to your site and be served personalized ads. If they choose "Manage Settings," they have many more in-depth options for customizing their preferences.
How can an EEA user remove consent?
If an EEA user originally consents to receive personalized ads, but changes their mind later, they can easily update their ad privacy settings by clicking on the "Update Privacy Preferences" link in the footer of the site (only visible in EEA countries). This will bring them back to the consent box, offering them the original options again.
Does GDPR affect my RPM?
The short answer for now is yes, depending on the percentage of EU traffic your site receives. Personalized ads pay well — so pageviews without those ads reduce your overall earnings and RPM. Giving EU users the opportunity to consent to personalized ads through our consent framework lets you recapture as much of that revenue as possible.
Can I use a different method of gathering advertising consent for my readers?
Right now, our first priority is making sure the solutions we’re using are actually 100% in compliance. From our conversations with Google, the IAB, other ad industry providers, and our lawyers, this latest release is in line with best practices to protect your site’s ads and do what it takes for compliance. As more information and standards come to light, we’ll be at the forefront of new and improved solutions for your ads.
Can I add custom wording to the consent box to cover other things?
This consent box is just covering cookies related to your ads for now (and remember, it only shows for EU traffic). As things evolve, we’re hoping for new solutions that let us include consent for other cookies too!
Outside of my ads, what else do I need to do?
Ads probably aren’t the only thing on your site tracking EEA users’ information. Comment and contact forms, a customer database, mailing list, plugins, widgets, hosts, and Google Analytics are just a handful of examples of other ways you may be collecting user information through your site.
One of the most important things you can do is take stock of the services and tools you use on your site and understand how they are processing information on your visitors and handling GDPR-compliance. For third-party services, we recommend contacting each provider to ask what steps they are taking for GDPR-compliance.
Google Analytics has introduced new data retention settings for GDPR. You can now choose how long Google Analytics keeps personal data, with the default being 26 months.
“Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features like applying custom segments to reports or creating unusual custom reports.” (source)
You can also anonymize IP addresses in Google Analytics so they are no longer considered personally identifying information. This doesn’t have any impact on the way we use Google Analytics to measure and report your ad performance.