menu close
menu close

The European Union’s General Data Protection Regulation: What Nanigans Customers Need to Know

Note: The information below is designed to answer frequently asked questions about how the EU’s General Data Protection Regulation (“GDPR”) will affect customers utilizing Nanigans’ software for their online advertising. This does not constitute legal advice nor is it intended to instruct your business on the necessary steps it should take to ensure compliance with this legislation. You should seek guidance from your own legal counsel to ensure that you have taken all appropriate steps for compliance.

What is the GDPR?

The GDPR is a binding piece of European legislation that provides privacy protections and increased rights for individuals within the European Union (“EU”). The primary goals of this Regulation are to increase the level of understanding that individuals in the EU have about how businesses will make use of their personal data and to give individuals more control over the length of time that businesses are allowed to retain it. One key change (particularly for the ad tech industry) is a heightened standard for consent.

The legislation was signed into law on April 27, 2016, and applies from May 25, 2018. It affects not just European companies, but any company that is offering goods or services to, or monitoring the behavior of, individuals in the EU.

How is Nanigans’ role defined under the GDPR?

Nanigans acts as a data controller, with each of our customers also acting as separate and independent data controllers. Therefore, Nanigans is directly responsible for complying with the GDPR.

Nanigans is a data controller because we determine the purpose and means of processing user data from EU individuals for advertisers who utilize our software. We derive this user level data via our proprietary tracking solutions: either through our Javascript pixel or our mobile SDK. We use the data for certain analytical properties at our discretion and we control and set cookies. Our positioning as a controller is in line with the Article 29 Working Party Opinion on behavioral advertising.

What kind of “personal data” does Nanigans collect?

We don’t collect data that people commonly understand to be personal, such as names, addresses, etc. However the concept of “personal data” under GDPR is a broad one. Nanigans’ tracking solutions gather first-party data on individuals for our advertisers. In the case of website pixels, a combination of unique user IDs, cookies, and IP addresses are used for attribution purposes. In situations where the Nanigans SDK is in place for mobile app integrations, unique user IDs and device / advertising IDs (IDFA, GDFA, Android ID) are collected for attribution purposes. Additionally, device specific user-agent and IP address data is carried by all network requests and collected along with the data listed above.

If you are a Nanigans customer, please click here for additional details about Nanigans cookies in our dedicated Cookie FAQ.

Is Nanigans compliant with the GDPR?

Nanigans undertakes to comply with all applicable laws and regulations regardless of the country of origin – the GDPR is no exception.

Nanigans is taking all necessary steps to be ready for GDPR by the time it comes into force on May 25, 2018 and has sought advice from external EU counsel. Such steps include: coordinating with our ad tech partners, involvement with industry organizations, minimizing data collection, deleting data we no longer need, updating agreements with publishers and advertisers, and updating our privacy policy.

However, Nanigans’ customers will also need to take certain steps to ensure their own compliance as relates to their use of our software.

What must Nanigans and its customers do in order to ensure compliance?

Nanigans’ customers will be provided with a Data Protection Amendment to their master services agreement that revises some of our data protection terms and details the parties responsibilities under EU Data Protection Law. It contains all the terms that are mandatory under GPDR.

Additionally, Nanigans will maintain a web page that allows end users to obtain more information about any data that has been collected about them and enable them to request deletion of all records pertaining to them in Nanigans’ systems. The existing opt-out from ongoing tracking and retargeting by Nanigans will also remain available.

As Nanigans has no relationship with the individuals it tracks, Nanigans’ customers will need to provide a GDPR-compliant consent mechanism before the Nanigans Javascript pixel or mobile SDK is invoked. How that consent is enabled is ultimately up to the customer, though most have opted for a consent approval banner shown to end-users in their app or on their website homepage. In addition, Nanigans will likely need to be listed as a sub-processor in a customers’ updated terms of service agreement with an end user.

Finally, Nanigans’ customers will need to ensure that their ads do not contain URL redirectors, third party view tags or any other tracking elements that may not be GDPR compliant. Members of a customer’s Nanigans Support Team will be able to advise on any questions that may arise as it pertains to the use of these tracking tools.

I’m still quite concerned about GDPR

This isn’t so much a question as a universal statement of fact: all of us in the online advertising ecosystem should be concerned about the GDPR. The EU has taken unprecedented steps to enhance user privacy, and GDPR will have a ripple effect across the global marketplace.

Nanigans is committed both to providing our customers with a robust and powerful online advertising software suite, and ensuring individual protections to end-users’ privacy through its compliance with this groundbreaking legislation.

If you have any questions or require assistance, please reach out to your Nanigans Account Team, who will ensure that your request is escalated to the appropriate resource.