GDPR FAQs

What is General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is European regulation that replaces the 1995 EU Data Protection Directive, and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens with regard to their data privacy and to reshape the way organizations across the region approach data privacy.

The GDPR goes into effect May 25, 2018 and, in addition to the existing ePrivacy Directive (and the proposed ePrivacy Regulation, which would replace the ePrivacy Directive), it will change the way companies around the world interact with individuals located in the EU, including the way they access, acquire, use, share, and store personal data, and how they provide individuals with access to their own personal data.

What is ePrivacy?

The proposed Regulation on Privacy and Electronic Communications, also known as the ePrivacy regulation, is a proposal from the EU Commission designed to strengthen the protection of EU citizens’ private lives, and create new opportunities for business. Major topics addressed in the ePrivacy regulation include the use of and practices related to cookies, as well as marketing message opt-in requirements.

While the ePrivacy regulation has not yet been finalized, a draft of the ePrivacy regulation exists and may be viewed here. Once released, the finalized ePrivacy regulation is expected to replace the current existing ePrivacy directive, and align more closely with the GDPR.

What is the IAB Europe Transparency and Consent Framework and how does it work?

The Framework provides website operators with the following:

• Allows website operators to control the vendors they wish to allow to access to their users' browsers/devices, and process their personal data and disclose these choices to other parties in the online advertising ecosystem;
• Allows website operators and vendors to seek user consent under the ePrivacy Directive (for setting cookies or similar tech and accessing info on a device) and/or the GDPR in line with applicable legal requirements and disseminate the consent status through the online advertising ecosystem;
• Have one place to go to:
  • Understand privacy-related disclosures about those vendors;
  • Use those disclosures to make privacy-related disclosures to its users generally;
  • Provide disclosures required to be provided by vendors that are Controllers to end users;
  • Seek user consent in line with applicable legal requirements where vendors may require it under the ePrivacy Directive and/or GDPR for various purposes, and
  • Disseminate the consent status through the online advertising ecosystem.

The various pieces of the framework include:

• A global vendor list
• The reference architecture (for cookie format and vendor list and related API's)
• A Policy that participating publishers, vendors and consent management providers (CMPs) must adhere to that covers:
  • the disclosures to be made by vendors included on the global vendor list
  • the use of the global vendor list and the reference architecture

The transparency and consent framework and the various standards introduced by it, including the standard detailed below, are a work-in-progress and currently designed to be used for testing.

More info: Transparency_Consent_Framework_FAQ_Formatted_V9_270318.pdf

ADYOULIKE is a member of the IAB France (www.iabfrance.com) and IAB UK (www.iabuk.net) and is committed to working towards a regulatory framework ensuring greater transparency and better monitoring practices related to targeted advertising distribution across the Internet.

What is a CMP?

A CMP is a company that can read the vendors chosen by a website operator and the consent status of an end user (either service specific (through a first-party cookie) or global (through a third-party cookie). A CMP is not synonymous with a company that surfaces the user interface to a user (although it can be the same).

A CMP product may offer various features such as displaying of transparency and consent dialogue properly on various devices, vendor and consent reporting, and engaging with any vendor code on a website's page (including widgets and non-adtech vendors).

Where is Vendor information and Consent Stored?

Vendor information and consent can technically be stored anywhere as long as the information is exposed through the CMP API.

What is Adyoulike Privacy Policy?

Read about Adyoulike Privacy Policy.

Does AYL Touch Personal Data to Deliver Services Provided to Publishers Clients?

Adyoulike uses cookies placed on the Internet sites of its network of publishers or on the partner networks of publishers, in order to collect and process users personal data of the sites on behalf of the Publisher, for advertising purposes, statistical analysis as well as the detection of computer BOTS and questionable behavior in order to limit the exposure of advertisements.

Is AYL a Processor, Controller or Co-controller as to its Relationship with Publishers or their Clients?

The Publisher is the Controller, and Adyoulike the Processor.

Is AYL Registered as Vendor at IAB?

Yes, we are registered in the Content Framework IAB under VENDOR ID 259.

Broadly Speaking, How Is AYL Approaching GDPR & What Implications Do You Feel it Will Have for Your Business & for the Industry?

Our technology can use data from the user side. We use the COOKIE ID (User ID), and realize the COOKIE SYNC with programmatic DSPs. It’s possible that by dimming the number of users with whom COOKIE SYNC is allowed, DSPs buy less inventory; however, this will lead to higher bids on other users who should compensate for this loss.

We think that the market will move from Audience Planning to Media Planning as it was the case a few years ago with a rise in CPM prices mainly on media brands.

It is important to note that ADYOULIKE is the pioneer of Context Targeting, and was the first in the industry to work with IBM Watson on content analysis, for example.

We also think that the industry will turn to this type of targeting which offers very good performance and which makes it possible to display advertisements in secure contexts.

Do You Collect and/or Process any Personal Data Related to Sensitive Data Groups?

(i.e Ethnicity, Religious, Sexual Orientation, Political Persuasion, Trade Union Membership, Genetic & Biometric, Criminal History, Health, Children)

No.

What is the Geographical Location of Your Data Storage Servers in Relation to Personal Data Stored for Publishers or Publishers Clients?

France and USA.

Do You List out by Name all Your Partners?

Yes. Refer to How Adyoulike & its Partners Use Cookies.

Do You Have a Resource in charge of Information Security & Personal Data Protection?

Yes, Mr. Nicolas Nioche - gdpr@adyoulike.com - has been declared to the CNIL in France as N° DPO-62265.

Can You List Exhaustively the Data Collected from our Sites?

• Device,
• TrafficSource,
• Country, Fraudulent,
• PageIabCat,
• SiteIabCategories,
• PageSentiment,
• SiteDomain,
• PageURL,
• Browser,
• Browser version,
• Browser Language,
• Inventory,
• Campaigns Analysis (Viewability, Click, Impressions ...)

What Are the Retention Periods of the Data Collected?

Refer to How Adyoulike & its Partners Use Cookies.

Do You Keep the IP Addresses of Visitors?

Adyoulike does not store sensitive data, such as IP for example as part of its advertising targeting. The IP is only used to derive a geographic context from the user for advertising targeting purposes.

Do You Keep the Application Identifiers of Our Applications Users?

Adyoulike does not have an SDK and does not currently store user credentials in an application environment.

Who Are Your Subcontractors?