Remarketing under GDPR
Recently, the long-awaited General Data Protection Regulation, more widely known as GDPR, has taken effect.
For those who do not know, the GDPR is a new regulation in EU law on data protection and privacy. It contains requirements for the collection and processing of personal data of the citizens of European Union.
There are many questions associated with this subject. It is an issue that is more suited for discussion among lawyers then business owners or marketers. And since we are not lawyers but marketers, please remember that the following article is not legal advice.
Should you not be sure about your legal obligations under the GDPR, consult a lawyer.
To make matters more comprehensible, this article will tackle only three questions concerning the use of retargeting ads.
The lucky three questions are:
Who is affected by the GDPR?
How does the GDPR influence remarketing with AdWords?
How does the GDPR influence retargeting with Facebook ads?
Who is affected by GDPR?
Even though the question seems quite straightforward, the answer might not be so easy.
The first thing you need to know about the GDPR is that the regulation must be followed by every organization that processes personal data of the European Union citizens.
That means that you don’t need to be based in European Union, you are obligated to comply with the GDPR just by processing personal data of its citizens.
This implies that companies that process personal data of the EU citizens are those that sell to, buy from or otherwise conduct business with the EU citizens.
But here come cookies to mess with the good old logic.
Although cookies are mentioned only once in the GDPR document it turns out they are quite important for the GDPR.
The EU views personal data as personally identifiable information. In the online world, it may be an IP address or the previously mentioned cookies.
So theoretically, the threshold for being affected by the GDPR is not when you start doing business with the EU citizens but when the EU citizens can access your site which is anytime because we live in the Internet era.
Whether the EU will enforce the GDPR even on sites that do not conduct business with the EU citizens remains to be seen.
How does GDPR influence remarketing with AdWords?
The GDPR won’t stop your remarketing with AdWords, you don’t need to worry about that. But you should take some steps to be compliant with the GDPR.
To help the advertiser comply with GDPR, Google has rolled out a new user consent policy for business affected by the GDPR.
According to the new consent policy, you must obtain end users’ legally valid consent to:
the collection, sharing, and use of personal data for personalization of ads.
When seeking consent you must:
retain records of consent given by end users;
provide end users with clear instructions for revocation of consent.
And you must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data. User consent policy
In other words, you need to ask the visitor for permission before you can use a cookie for marketing purposes. Important thing is that you need that permission before you use the cookie. Therefore, you need to make sure that the visitor gives you the consent before your site sends the cookie to their browser.
You also need to keep some kind of record of the fact that the visitor gave you a consent to use the cookie.
Third parties are any apps or platforms that you use for your store and that have access to the personal data.
To review the personal data your apps have access to, complete the following steps:
From your Shopify admin, click Apps.
Click View details on the app you want to review permissions for.
How does GDPR influence retargeting with Facebook ads?
Facebook has made similar changes to their policies.
Since the Facebook new policies are quite longer than Google’s, pay attention to the following parts that are important to anyone using personalized ads and retargeting.
The EU guidance outlines four main requirements for consent:
Specific and based on appropriate information
Given before using cookies or other storage technology to collect information
Examples of publishers who might need consent:
There are many different ways for publishers to obtain consent. Common approaches:
- Displaying a prominent message when a page loads for the first time (this is usually called a “cookie banner”) and informing users what action to take to consent.
In other words, the changes are practically identical to the ones on Google. You need to get consent before using cookies for marketing purposes on Facebook.
Yes, to get informed consent from your visitors, you need quite advanced coding knowledge. But luckily for you, there are plenty of app solutions rolling out every day.
To make sure you don’t need to ask consent for every cookie separately, you should list information about all the cookies you use. This way you give the visitor all the necessary information and if they choose to give you consent, it should be valid for any cookies you informed them about.
What to do to comply with the GDPR?
Well, that was quite a tiring amount of information. So let’s go through the steps you should do to make sure your use of personal data for retargeting purposes is fine with the GDPR one more Time.