<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=134132097137679&amp;ev=PageView&amp;noscript=1">

Pixalate is GDPR ready; this is what that means for our partners

On 25 May 2018, the EU General Data Protection Regulation (“GDPR”) comes into force, replacing the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

The regulation could have a profound impact on the programmatic advertising industry. We covered those bases in a previous blog post

To learn more about the GDPR from an ad fraud and privacy perspective, check out our Q&A with Jay Seirmarco, our SVP of Operations and Legal Affairs.

This post will focus on Pixalate's role as it relates to the GDPR. We will also answer some of the questions we are most frequently asked.

Yes, Pixalate is GDPR-compliant

Pixalate is compliant with the GDPR. We have taken significant administrative and technical measures to ensure our GDPR compliance. Here's a brief list:

  • We have confirmed our legal basis for processing of personal data in accordance with the GDPR
  • Assessed and improved our data governance infrastructure
  • Identified our key compliance stakeholders
  • Adopted business partner qualification processes
  • Implemented and documented our information security measures
  • Established processes to deal with potential breaches
  • Adopted the Privacy Shield frameworks for our transfers of data from the European Economic Area (EEA) to the US
  • Updated our Privacy Policy to provide greater transparency

Fraud prevention is Pixalate's legal basis for processing personal data

gdpr-compliance-1

Article 6 of the GDPR provides a right to process personal data to further legitimate interests, provided that doing so will not infringe adversely upon the fundamental rights and freedoms of individuals.

Recital 47 of the GDPR states expressly that the “processing of personal data strictly necessary for the purposes of preventing fraud” constitutes a legitimate interest, and such provision serves as our legal basis for the processing of personal data under the GDPR.

What about the people we work with? We've covered that base, too. Our business partner qualification is aligned with our fraud prevention mission

gdpr-compliance-2

In order to protect the digital advertising supply chain and prevent fraud, we limit our business relationships to legitimate enterprises that demonstrate a shared interest in detecting and filtering invalid traffic (“IVT”). Each vendor that we utilize to process personal information goes through our rigorous selection process.

For more information on this process, please see our GDPR page: http://www.pixalate.com/gdpr/

The European Commission model contracts and the EU-US and Swiss-US Privacy Shield Frameworks

gdpr-compliance-3

The GDPR provides several mechanisms to facilitate transfers of personal data outside of the EU. The European Commission shared model contracts for the transfer of personal data to non-EU countries.

Additionally, there exists the EU-US and Swiss-US Privacy Shield frameworks, which provide companies with a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the US.

We rely upon both model contracts, and certification under the Privacy Shield frameworks, as bases for US-based processing of personal data regarding EU data subjects.

We stay on top of the latest trends and undergo an annual audit

We are accredited for sophisticated invalid traffic (SIVT) detection and filtration for desktop and mobile web impressions by the Media Ratings Council (“MRC”). In connection with our MRC accreditation, an independent auditing firm performs testing procedures annually, including information technology (“IT”) security procedures pursuant to COBIT. We also leverage the Information Systems Audit and Control Association (ISACA)’s Privacy Principles for GDPR Compliance, which are aligned with COBIT and GDPR Article 35.

We updated our privacy policy to provide greater transparency

Effective May 18, 2018, we updated our Privacy Policy. Our updated policy details the types of data we collect and the technologies utilized to collect such data. It makes clear that we use this collected data to analyze the quality of digital advertising opportunities, provide digital advertising inventory fraud detection services, and generate our digital advertising inventory quality-related rankings, reports and indices. If you have any questions about our Privacy Policy, or our GDPR compliance efforts, you may contact our Data Protection Officer (DPO) by writing to privacy@pixalate.com.

For more information, please see our GDPR page: http://www.pixalate.com/gdpr/

Want more data-driven insights? Sign up for our blog! 

Popular Posts

MRC Definitions for Invalid Traffic: SIVT and GIVT

Pixalate unveils the list of sites secretly mining for cr...

MRC Viewability Standards: What It All Means

Pixalate uncovers apparent example of sophisticated mobil...