Jump to content
Sperber

General Data Protection Regulation (GDPR) - the end of Revive Adserver?

Recommended Posts

Due to the fact, that on may 25th the GDPR comes into effect, is there anything in the pipe to make Revive complying with the EU-regulation? Actual, Revive processes a whole of bunch of personal data and and the use of it will be penalized in the end through fines. I am wondering that there is not one official statement about the whole GDPR-thing, as this needs to be clearified by Eric ASAP. Else we all have to shut down our Revive-Installations or we have to face drastic fines for using it beyond may 25th.

20 days to go, plus the rest of today.

Share this post


Link to post
Share on other sites

Well, on the contrary...

Revive Adserver processes and stores hardly any personal data.

Either way, Revive Adserver is just a piece of software. The publisher using it is ultimately responsible for how they use it. They are the 'data controller' and most likely also the 'data processor'. Nothing new here, same for any other software being used by the same publisher.

GDPR is not a technical issue, it's primarily a legal issue.

Also, GDPR has been in effect since May 25, 2016. Everyone should have been compliant for a long time already. The only thing new is that enforcement will start on May 25, 2018.

Share this post


Link to post
Share on other sites

Hi Eric,

this is your answer to this really important question? The official answer? Then, this is the end of Revive in the EU! I fully agree with Mr. Sperber.

Really disappointing after so many years ...

tobean

Share this post


Link to post
Share on other sites
On 5/4/2018 at 4:50 PM, Erik Geurts said:

Well, on the contrary...

Revive Adserver processes and stores hardly any personal data.

At first glance it may look like this. Since the beginning of 2018 I have the dubious pleasure to work myself through the GDPR, national supplement laws, legal advices by the IT-lawfirm consulted and to implement the needed changes with the IT-desk into the websites of the company I am working for. There is light at the end of the tunnel and we will be complying with the IOC regulations end of this week. But in short: it´s a pain in the arse and  there are litarally hundreds of possibilities to make a wrong turn.

Now, I am using Revive on my personal websites. I am afraid, but  you´re going wrong in assuming, Revive wouldn´t handle and process personal data. Of course it does, if you take a look at the GPDR and the definitions within which data is defined as personal data.  It´s a long list and in summary every data Revive gets from the browser informations of a visitor, IP-adresses and of course even setting cookies prior to the consent of the visitor and reading the cookie informations back, to serve the "right" ads at a time. Not to mention geotargeting or how data of customers with access to Revive are processed.

When you now say Revive wouldn´t handle and process personal data, then - for my understanding how Revive works - Revive coudn´t technically be able to deliver a single ad, as it couldn´t even detect, that there is a website visitor in the first place.

On 5/4/2018 at 4:50 PM, Erik Geurts said:

The publisher using it is ultimately responsible for how they use it. They are the 'data controller' and most likely also the 'data processor'. Nothing new here, same for any other software being used by the same publisher.

Absolutly, I agree. That´s why I am asking, wether there are plans to make Revive complying with the GDPR or not. If not, we pubilshers with users from the EEA will be forced to shutdown Revive - and that´s the last thing we want to. But as we are all assumed to be some sort of for-profit companies, with the GPDR it only needs 2 people getting mad at you and filing a complaint with the national data protection agency and you´ll face a 25.000 EUR fine. There isn´t really a choice wether you, as a publisher or website owner, comply with the GPDR or not. I just can´t afford that bill and I doubt that any other publisher can afford this.

Such a scenario may be won´t happen on may, 25th. Not even in the weeks or months to follow, if you are lucky. The point is, that, if we don´t take the plunge to work and close these risk gasps, I´ll garantee us, somebody will and we´ll find us in serious - and for many ruinous - trouble.

On 5/4/2018 at 4:50 PM, Erik Geurts said:

GDPR is not a technical issue, it's primarily a legal issue. 

Unfortunal, regarding Revive it´s both. Sure, primarily it´s a legal issue. The problem with this is, that - at the time of writing - there are no technical functions available in Revive to be able to comply with them. Just to name a few and to make the problems more visible:

or the users right to be informed as stated in https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

  • You must provide individuals with information including: your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.
  • You must provide privacy information to individuals at the time you collect their personal data from them.
  • You must regularly review, and where necessary, update your privacy information. You must bring any new uses of an individual’s personal data to their attention before you start the processing.

and prior to all that, the lawful basis for processing as stated in https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

  • Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
  • Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
  • Keep evidence of consent – who, when, how, and what you told people.

Last, but not least, all this has to be documented in a way, that agencies - like your national data protection agency - can check at any given time, wether you are complying with the GPDR or not.

All of this in fact is a technical issue, as we publishers would need integrated tools for that. With your given answer by now, I understand that there won´t be any  - or some kind GPDR-solutions - available. May be I can inspire you to think your decision over again. Would be a pity to give up on Revive.

Regards,

Chris.

Edited by Sperber

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.



×
×
  • Create New...