Page 34 - AeM_May_2017
P. 34
LEGISLATION
Rethink privacy, as the new GDPR
takes the upper hand
It’s all haywire when looking at data protection in Europe prepare for it will find themselves locked out of Europe-
and I am wondering about the impact it will have on the an markets,” said Brian O’Kelley, CEO of AppNexus.
Asian business world. After 15 years, the Safe Harbor “GDPR will change the way that internet companies do
agreement got dumped in October 2015, which allowed business in Europe,” he continued. “Advertising is the
companies to transfer personal data from the EU to the power source of the open internet. It’s incumbent upon
USA and process them there. There is no binding suc- all digital publishers and advertisers to work with tech-
cession regulation for the time being, but the USA and nology companies that take privacy seriously.”
the EU have agreed on a so-called “Privacy Shield
Agreement”, which particularly obligates marketing man- Because AppNexus’ enterprise products and market-
agers to protect customer data. place sit on top of a unified technology platform, the
company believes that it is uniquely able to control and
Although nobody like rules and regulations, look at the guard the flow and use of data on its technology stack.
bright side and the benefits the failure of Safe Harbor
and the coming into force of the so-called “General Data Anyway, the new GDPR is clearly placing the onus for
Protection Regulation (GDPR) brings. It’s a good oppor- compliance on companies, which means Asian compa-
tunity to make a binding commitment to data protection nies with a presence in Europe have to be cautious:
that brings along customer confidence and strengthened GDPR applies to businesses established outside of the
brand image. EU when those businesses offer goods or services to
data subjects located in the EU or when they monitor
To no surprise, US companies are already taking the the behavior of data subjects in the EU. Hence, a prop-
lead again by investing in new security standards, new er data privacy management must be in place, as well
data centers in Europe, and offering their products with as well-trained personnel that can manage to implement
EU standard contracts: AppNexus, for instance, just an- regular follow-up assessment of compliance, since vigi-
nounced that it will introduce major policy changes gov- lance and focus on data processing activities are con-
erning access to and the use of data through its technol- stantly needed.
ogy stack. In its drive toward compliance with the Euro-
pean Union’s GDPR, the company commits investments Ultimately, when investing in data protection, we are
in its European data center infrastructure and works with talking about investing in our own competitiveness, cus-
partners to build tools that meet GDPR’s enhanced tomer loyalty and reputation. Acting too late can be criti-
transparency, access and choice requirements, in addi- cal, as there is the risk to pay a financial penalty of 4%
tion to the current ePrivacy Directive’s consent require- of the global annual turnover if in violation with the new
ment and the proposed ePrivacy Regulation. GDPR - a drastic tightening compared to the previous
“GDPR is a coming reality, and companies that don’t regulation.
34 May 2017 - (Cyber) Security & Data Protection