What is the GDPR and why should I, as a publisher, care about the GDPR?
GDPR stands for General Data Protection Regulation. It is a new regulation with comprehensive privacy and security requirements intended to strengthen and unify data protection in the European Union. The GDPR will go into effect on May 25, 2018. Under the GDPR, organizations that violate GDPR can be fined up to 4% of annual global turnover or 20MM euros, whichever is greater.
To help sift through some of the noise, we’ve complied a few frequently asked questions for publishers:
Q: What is the definition of “personal” data”?
A: The EU defines personal data to be “any information relating to an identified or identifiable natural person”. This could include any data related to an individual such as the data AddThis collects from website visitors such as IP address or mobile advertising ID (MAID).
Q: If my site uses AddThis, what are my privacy responsibilities under the AddThis Terms of Service?
A: You need to be sure that you obtain on your site the rights (including any required consents) that are necessary to collect information using the AddThis tool. By agreeing to the Terms of Service, you agree to, among other things,:
- Provide cookie notice to your website visitors that cookies will be set on the visitor’s device
You, as the website owner, will alert your visitor via a cookie banner or overlay that your website uses third party advertising cookies (including the AddThis cookies), if required.
- Obtain consent from your website visitors to share data with Oracle
You will obtain permission from visitors, as necessary, to share visitor data with Oracle.
- Offer your visitors an opt-out mechanism
Q: Does AddThis place functional or advertising cookies on my publisher site? How does Oracle use the data collected by the AddThis cookie?
A: The AddThis cookie is properly categorized as a third party advertising cookie. While the cookie provides your website visitors with the capability to share webpages, blogs, news, photos, videos, and other content with social networks and other destinations via a website plug-in on your site, Oracle also uses the data collected from website visitors to:
- enable AddThis Publishers and Oracle Marketing & Data Cloud customers and partners to market products and services to your website visitor;
- provide you with the ability to provide your website visitors with personalized recommendations and messages;
- link your website visitor’s browsers and apps across devices;
- sync your website visitor’s unique identifiers;
- analyze, develop, and improve the AddThis Tools, AddThis Toolbar, and Oracle products and services;
- manage the security of our sites, networks, and systems; and
- comply with applicable laws and regulations and to operate our business.
Q: Does Oracle allow third parties to place cookies or fire pixels on my website?
A: When you install the AddThis tools on your website Site, the code (referred to as “Enablement Code” in the Terms of Service) allows Oracle and our third party partners to set cookies to collect data from your website visitors. The cookies placed on your website by Oracle and our third party partners enable the synchronization of unique identifiers to facilitate online behavioral advertising and are used for the purposes listed in the previous question. For a list of those third-party partners, please click here.
Q: What are the consequences of non-compliance with the AddThis Terms of Service?
A: It is critical that publishers who use the AddThis tools on their site respect user choice and adhere to all applicable legal and industry requirements when using the AddThis tools to collect visitor data. Failure to do so will be considered a material breach of the AddThis Terms of Service. Oracle may revoke a publisher’s license to the AddThis tools for failing to adhere to obligations as set forth in the Terms of Service.
If you have any questions regarding AddThis and GDPR, please do not hesitate to reach out to our dedicated support team.
The information presented here may not be construed or used as legal advice about the content, interpretation, or application of any law, regulation, or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data, including through the use of any vendor’s products or services.