Written by Jonas Kuhnle, Product Owner Data Platform at Meetrics
Meetrics and the new EU GDPR
Meetrics GDPR Blog
Meetrics and the GDPR
GDPR is the name of the game in today’s online marketing industry. Currently companies race to finish up their prep work to be GDPR compliant.
It was always Meetrics’ aspiration to take data privacy very seriously but the new regulations upped it to another level. We first started to look into into the GDPR extensively in 2017 back when there still was a long way to go.
What Meetrics had to do?
At a glance GDPR demands from all companies to take data privacy seriously and document the use of personal data. At Meetrics we needed to look into our processes and had to analyse our own dealing with data in general and specifically with personal data.
Is Meetrics GDPR compliant?
The serious impact for a lot of companies is, that it is required to get consent whenever personal data is collected if no legitimated interested out weights a minimal amount of collected data collected.
For Meetrics the most personal data is processed when using the Meetrics’ Audience Verification solution. Within this tool we collaborate with panels that provide Meetrics with personal data information. This data can only be used when the user explicitly gives consent to the tracking.
In order to continue to use this panel data we had to talk to our partners to ensure that all panellists actually have a choice to accept the tracking and give consent that the data can be processed.
In order to secure this data Meetrics had always opted to use a pseudonym solution. That means that the personal data of the panellists and the ad impression data is never stored together, the link can only made using the panellist id.
Data on an individual level with personal information is not available for our customers. They will always only be able to obtain reports with aggregated data. Using this approach Meetrics’ audience solulution is fully compliant with GDPR.
But what’s the situation for the bulk of Meetrics’ data?
Meetrics checks if ads are viewable and if suspicious traffic is detected on ads. In order to combat fraud we use the IP address. Subsequently the IP address is checked for suspicious activity. At the same time the IP address is checked against an internal database to detect the country the traffic originates from. After these checks are done and no suspicious pattern found, the IP address will be hashed with other session related information and stored.
Or better, it was. Because here we found that we could improve the privacy situation inour architecture.
The solution is quite simple and follows the principles of minimising the data we collect. The idea was to completely discard the hashing process. This means that all the information, which is stored, is now free of any personal details and cannot be tracked back to retrieve personal information at all.
This decision was not an easy one to take but it became clear that it was the right step in order to minimise the data stored by Meetrics.
Profiling at Meetrics
Meetrics never created profiles of users and does not track users across websites. By taking this step we ensure that there is no way of getting anywhere close from our data to building a user profile.
On the documentation side of data privacy we rebuild a data privacy section on the website in order to ensure that every person can get all the information they demand of the Meetrics tracking. https://www.meetrics.com/en/data-privacy/
The legal base for viewability tracking is Article 6 (1) f) of the GDPR. This is one more reason why Meetrics always aims to keep the data footprint we collect at an absolute minimum as we respect the users interested to visit a page without being tracked and profiled in his online behaviours. At the same time we respect the the interested of our customers to gather information on the effectiveness or their ad spent. This ends in the result that the legitimate interest swings towards the minimalistic tracking approach of Meetrics.
Going the extra mile
At Meetrics we continue to take all necessary steps to ensure the maximum of data privacy, independent of regulatory requirements like GDPR. Data privacy is more than just a regulation coming down from the European Union: it’s the state of mind that everyone has to respect the personal data of everyone else.
Please find here further and more in depth around Meetrics’ Data Privacy regulations