Europe’s looming new data protection rules, which strength consumer protections and will require data handlers and processors to gain explicit consent from users, are scaring a lot of businesses that hold data on people.
But GDPR, whose final deadline comes on May 25, doesn’t have to be scary, and companies don’t have to look at it as a negative.
“It’s actually a good thing because it brings a lot of clarity and consistency for businesses, we see it as a very good development overall.” says Criteo CEO Eric Eichmann in this video interview with Beet.TV.
The European Commission’s General Data Protection Regulation updates prior consumer data protection rules in a significant way. Now any global company which handles EU citizens’ data must comply with a new and more stringent set of demands:
- tighter consent conditions for the collection of citizens’ data.
- consumers can instruct companies to stop processing their data.
- automated decision-making and profiling decisions must be made clear.
- consumers can request decisioning by automated processes be stopped and handled by a human instead.
- they have the right to request an explanation of automated decision-making.
- they can request free access, rectification and deletion of data.
But Eichmann, whose ad personalization vendor company Criteo operates globally but began in France, says GDPR helpfully cleans up existing patchwork legislation.
“They wanted to modernize the legal framework to protect the consumers, strengthen individual rights for consumers, and bring consistency and clarity around the rules,” he says.
Picking through the terminology, Eichmann sees two kinds of redefined consents that may be required – “explicit” and “unambiguous”, which may each be used depending on the circumstances. In the latter case, Eichmann says Criteo has already offered a solution for many years, in which consumers are warned that continuing their session further will mean them being tracked.
“We’re very happy with this because one, we’ve been having high sort of standards of privacy since the inception of the company.”
Steps European lawyers suggest data handling and data processing companies should take include conducting risk assessments, appointing data protection officers and overhauling policies and systems.
Marketing technology companies lately have been scrambling to declare compliance with GDPR, which was adopted two years ago before a two-year grace period began.