back button

Back

Which kind of electronic advertising will require consent?

December 29, 2017byJulie Tamba

There are some cases where consent of the end-user is mandatory: this is the case for direct marketing, a category of advertising covering various techniques.

As of now, the ePrivacy Directive required consent in relation to “the use of automated calling systems without human intervention (automatic calling machines), facsimile machines (fax) or electronic mail for the purposes of direct marketing”. This included various electronic communication methods using the end-user’s contact details, whether automated (automatic calling machines, etc.) or not (fax, e-mail, SMS, etc.) as long as it was used for direct marketing.

The Directive did not define direct marketing but it was obvious that it applied to “messages” (§ 41 and 43 of the preamble). The French Electronic Communications Code – when transposing this rule – specified that “direct marketing constitutes in the sending of any message meant to promote directly or indirectly the goods, service or image of a person selling goods or providing services”. Interpretation of this notion by the French CNIL therefore focused on techniques which did imply the sending of a message, up until 2016 with its decision n°2016-264.

Presentation of online advertising

In the UK, on the other hand, the ICO made clear that direct marketing – defined as “the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals” – could extend to “online marketing, social networking or other emerging channels of communication”, provided the material is indeed directed at particular individuals.

In the various versions of the ePrivacy regulation proposal, consent is required in relation to the “use of electronic communications services for the purposes of sending or presenting direct marketing communications”. Furthermore, direct marketing is defined as “any form of advertising, whether written or oral, sent or presented to one or more identified or identifiable end-users of electronic communications services“.

These elements explicitly confirm the fact that the requirement for consent extends to any advertising directed to a group of specific end-users. This includes advertising through social media websites or display banners when a custom audience is concerned, because persons belonging to this audience will necessarily be “identifiable” in a way or another.

Facebook Ads Manager

Which techniques will escape this requirement for consent? Only indiscriminate blanket marketing such as magazine inserts, or adverts shown to every person who views a website, to the exclusion of any tailored advertising based for example on the end-user’s profile.

Responsibility for obtaining consent

Which entity will be in charge of obtaining and evidencing this consent? In the situation where the advertiser directly addresses the end-user, the answer is quite straightforward. What – on the other hand – should be the rule when the advertiser addresses the end-user through one or more service provider(s) which analyses and determines the audience within its own database (a data broker), collects the data from the audience and serves the advertising (a publisher), or both (a social media service)?

Although this is not clearly stated in the directive or in the regulation proposal, it makes sense to consider that the person “transmitting the communication or on behalf of whom the communication is transmitted” (the advertiser) will in any case be required to demonstrate such consent as it is the beneficiary as well as the person determining the purpose of the direct marketing operation. In many occasions though, services providers will be likely to bear the same responsibility, especially in the situation where they also determine the purpose of the marketing operations by providing standard services or have an exclusive control over the audience database.

Is this the end of custom audiences made of lookalikes of customers? Or is it just the beginning of more consent requests?

Related articles

April 20, 2018byRomain Gauthier

Didomi now supports the IAB Europe consent framework

Didomi is proud to announce that our Consent Management Platform (CMP) is now officially registered with the IAB Europe’s GDPR consent framework. We’re one of the first CMPs to fully support the framework. The IAB Europe Consent Framework The IAB Europe Consent Framework aims at standardizing consent flows between advertising partners. Online advertising involves a…

Read more

Consent

Cookies

ePrivacy

GDPR

Publishers

tailored advertising

targeted advertising

December 5, 2017byJulie Tamba

Does collecting user geolocation require consent?

Collecting geolocation is a tricky topic in data privacy regulations. As of today, consent is not necessarily required by law. The ePrivacy Directive, on the first hand, requires consent for use of location data yet this obligation is only binding upon public electronic communication services and networks (telecom operators). The General Data Protection Regulation, on…

Read more

Consent

ePrivacy

European Union

GDPR

Geolocation

personal data

May 25, 2018byJulie Tamba

A potential future for the Ad Tech industry: consent without tracking walls

Publishers and actors of the Ad Tech sector targeting the EU currently face one of the biggest challenges they have ever encountered, one that may require them to change profoundly their model. Namely? Unambiguous positive consent. Some background Publishers (both online and offline) have traditionally been able to provide their readers with free contents by…

Read more

Ad Tech

Consent

ePrivacy

GDPR

Publishers

March 29, 2018byJulie Tamba

An interpretation of Google new consent requirements for publishers

We wrote a few articles in the last months regarding consent, including on how consent should be obtained (e.g. may clicking on the website be considered a sufficient positive act ?) or why it should be obtained  (e.g. which geolocation uses or marketing communications will require consent ?). Taking into account this framework, we thought it would be…

Read more

Ad Tech

Consent

GDPR

Google

Publishers

targeted advertising

November 29, 2017byJulie Tamba

ePrivacy, not voted but already applied

The EU is currently discussing the content of the future ePrivacy regulation which is now scheduled for the end of 2018. One of its key measures is contained in article 10 of the proposal which specifies that “Software placed on the market permitting electronic communications, including the retrieval and presentation of information on the internet,…

Read more

Browsers

Cookies

ePrivacy

European Union

personal data