Remarketing under GDPR

Recently, the long-awaited General Data Protection Regulation, more widely known as GDPR, has taken effect.

For those who do not know, the GDPR is a new regulation in EU law on data protection and privacy. It contains requirements for the collection and processing of personal data of the citizens of European Union. 

There are many questions associated with this subject. It is an issue that is more suited for discussion among lawyers then business owners or marketers. And since we are not lawyers but marketers, please remember that the following article is not legal advice.

Should you not be sure about your legal obligations under the GDPR, consult a lawyer.

To make matters more comprehensible, this article will tackle only three questions concerning the use of retargeting ads.

The lucky three questions are:

Who is affected by GDPR?

Remarketing under GDPR - Who is affected by GDPR

Even though the question seems quite straightforward, the answer might not be so easy.

The first thing you need to know about the GDPR is that the regulation must be followed by every organization that processes personal data of the European Union citizens.

That means that you don’t need to be based in European Union, you are obligated to comply with the GDPR just by processing personal data of its citizens.

This implies that companies that process personal data of the EU citizens are those that sell to, buy from or otherwise conduct business with the EU citizens.

But here come cookies to mess with the good old logic.

Although cookies are mentioned only once in the GDPR document it turns out they are quite important for the GDPR. 

The EU views personal data as personally identifiable information. In the online world, it may be an IP address or the previously mentioned cookies

Basically, if you use cookies for targeted advertising or retargeting, you collect personal data according to the EU.

So theoretically, the threshold for being affected by the GDPR is not when you start doing business with the EU citizens but when the EU citizens can access your site which is anytime because we live in the Internet era.

Any site that uses cookies for incoming visitors and that is in English or any other official language of the EU is affected by the GDPR.

Whether the EU will enforce the GDPR even on sites that do not conduct business with the EU citizens remains to be seen.

How does GDPR influence remarketing with AdWords?

Remarketing under GDPR - How does GDPR influence AdWords

The GDPR won’t stop your remarketing with AdWords, you don’t need to worry about that. But you should take some steps to be compliant with the GDPR.

To help the advertiser comply with GDPR, Google has rolled out a new user consent policy for business affected by the GDPR.

According to the new consent policy, you must obtain end users’ legally valid consent to:

  • the use of cookies or other local storage where legally required; 

  • the collection, sharing, and use of personal data for personalization of ads.

When seeking consent you must:

  • retain records of consent given by end users; 

  • provide end users with clear instructions for revocation of consent.

And you must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data. User consent policy

In other words, you need to ask the visitor for permission before you can use a cookie for marketing purposes. Important thing is that you need that permission before you use the cookie. Therefore, you need to make sure that the visitor gives you the consent before your site sends the cookie to their browser.
 
You also need to keep some kind of record of the fact that the visitor gave you a consent to use the cookie

Another requirement is to update your privacy policy. Shopify has made steps to update their privacy policy generator, so it helps you create GDPR compliant policies.

The generated privacy policy should also include information about any third parties that might have access to the visitors’ personal data.

Third parties are any apps or platforms that you use for your store and that have access to the personal data.

To review the personal data your apps have access to, complete the following steps:

How does GDPR influence retargeting with Facebook ads?

Remarketing under GDPR - How does GDPR influence Facebook ads

Facebook has made similar changes to their policies.

Since the Facebook new policies are quite longer than Google’s, pay attention to the following parts that are important to anyone using personalized ads and retargeting.

The EU guidance outlines four main requirements for consent:

  • Specific and based on appropriate information

  • Given before using cookies or other storage technology to collect information

  • Unambiguous

  • Freely given

Examples of publishers who might need consent:

  • A retail website that uses cookies to collect information about the products people view on the site in order to target ads to people based on their activity on the site.

There are many different ways for publishers to obtain consent. Common approaches:

  • Displaying a prominent message when a page loads for the first time (this is usually called a “cookie banner”) and informing users what action to take to consent.

In other words, the changes are practically identical to the ones on Google. You need to get consent before using cookies for marketing purposes on Facebook.

Yes, to get informed consent from your visitors, you need quite advanced coding knowledge. But luckily for you, there are plenty of app solutions rolling out every day.

To make sure you don’t need to ask consent for every cookie separately, you should list information about all the cookies you use. This way you give the visitor all the necessary information and if they choose to give you consent, it should be valid for any cookies you informed them about.

What to do to comply with the GDPR?

Remarketing under GDPR - What to do to comply with GDPR

Well, that was quite a tiring amount of information. So let’s go through the steps you should do to make sure your use of personal data for retargeting purposes is fine with the GDPR one more Time.

  1. Get a cookie banner add-on to inform your visitors that your site uses cookies, and give them choice not to accept the cookies that are not necessary to run the page.

  2. Update your privacy policy to be consistent with the GDPR.

  3. Include the information about third parties with access to the visitors’ personal data into your privacy policy.

See? That wasn’t so hard. Now you should be GDPR compliant. If you have any questions, feel free to ask us on our site, FB page or FB group.

Grow your business

Get your ads up and running within seconds.

Get started