GDPR FAQs

Since GDPR went into effect in May 2018, we have worked closely with the Interactive Advertising Bureau (IAB) and our lawyers to ensure our service and your ads are in compliance.

What is GDPR?

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018.

Scope:

  • Protects individuals in the EU. Applies outside of the EU when a company sells products or services to individuals inside the EU or when EU individuals are targeted or monitored
  • Applies both to data “controllers” and data “processors,” irrespective of size and whether activity is for profit or not. Several obligations apply to “processors,” entities that process personal data on behalf of “controllers.”
  • Covers “processing” of personal data, defined to include any operation performed on personal data, including collection.

The fundamental point of GDPR is that users should have full control over their personal data, how it gets used, who uses it, and full visibility into those choices.

I’m not in the EU - do I need to do anything?

GDPR applies to all companies that deal with EU residents, so even if your site has only a small percentage of traffic coming from the EU, it applies to you and your site.

What is Raptive doing for my ads?

Good news: your Raptive ads are GDPR-compliant and have been since May 25, 2018.

We use a consent management platform (CMP) to gather consent from EU traffic to allow partner organizations to collect, access, and use individuals' information. The CMP appears to visitors from the EU and from some other countries that now have similar laws.

Users who visit your site from these countries are prompted to grant each of these partners consent to access their device.

They can also learn more about how and why their data may be used, view the ad partners we work with for your site, or opt out.

How much of my traffic sees this consent box?

This CMP only displays traffic coming from countries covered by GDPR (full list) and similar laws.

The Earnings by Country report in your Raptive dashboard shows you how much of your traffic comes from various countries around the world.

What does this consent box look like?

The CMP allows users to view all partners/vendors that are active on your page, see which processing proposes those vendors are using, and have the option to consent or not on all these bases.

Raptive CMP upon load.png

Note: users in some countries will see a “Reject All” button as well, where required.

If the user clicks "Accept All", they will continue to your site and be served personalized ads. If they choose "Manage Settings," they have many more in-depth options for customizing their preferences.

We update our consent UX periodically to comply with the law, act on regulatory guidance, and comply with the requirements of our partner companies. The CMP may appear different from country to country.

How can a user remove consent?

If a user originally consents to all the vendors and processing purposes on a page, but changes their mind later, they can easily update their ad privacy settings by clicking on the "Update Privacy Preferences" link in the footer of the site (only visible in EU countries). This will bring them back to the CMP, offering them the original options again.

Raptive CMP Update Privacy Preferences after consent.png

Does GDPR affect my RPM?

The short answer is yes, but typically very minimally, depending on the percentage of EU traffic your site receives.

Personalized ads pay well—so pageviews without those ads reduce your overall earnings and RPM. Giving users the opportunity to consent through our consent framework lets you recapture as much of that revenue as possible.

Can I use a different method of gathering advertising consent for my readers?

No. Our priority is making sure the solutions we’re using are actually 100% in compliance. From our conversations with Google, the IAB, other ad industry providers, and our lawyers, Raptive’s CMP is in line with best practices to protect your site’s ads and manage compliance.

Can I customize the CMP wording?

Yes, but only minimal changes are allowed with wording and user interface. As part of the IAB TCFv2 there are strict standards that must be upheld to insure compliance. We can include any/all partners on your site in the CMP.

Outside of my ads, what else do I need to do?

Ads probably aren’t the only thing on your site collecting EU users’ information. Comment and contact forms, YouTube videos, Facebook tracking pixels, a customer database, mailing list, plugins, widgets, hosts, and Google Analytics are just a handful of examples of other ways you may be collecting user information through your site.

One of the most important things you can do is take stock of the services and tools you use on your site and understand how they are processing information on your visitors and handling GDPR-compliance. For third-party services, we recommend contacting each provider to ask what steps they are taking for GDPR-compliance. If you are not using a service or tool, the simplest thing to do is to remove it from your site.

If you use any service that requires you to add a pixel or script to your site, or if you call any "conversion tracking API" to report events to another company (such as Facebook CAPI) then please let us know so that we can configure the CMP correctly for you.

Google Analytics

Since you must use Google Analytics to partner with Raptive, we’ve done our due diligence and worked with Google to delay Google Analytics data collection until the user has given consent. Our CMP includes code that delays Google Analytics data collection on a user has given consent.

On your end, You can choose how long Google Analytics keeps personal data, with the default being 26 months, through Google’s data retention settings.

From Google:

“Keep in mind that standard aggregated Google Analytics reporting is not affected. The user and event data managed by this setting is needed only when you use certain advanced features like applying custom segments to reports or creating unusual custom reports.” (source)

You can also anonymize IP addresses in Google Analytics so they are no longer considered personally identifying information. This doesn’t have any impact on the way we use Google Analytics to measure and report your ad performance.

Do I need a separate cookie notification pop-up?

Cookie consent or notification widgets can negatively affect your ad earnings and may not correctly use the consent framework to prevent any data collection. Any information about cookies or data usage practices that you share with your users may be covered by law or regulations and you should check it with your lawyer. Raptive does not provide legal advice.

Was this article helpful?
5 out of 6 found this helpful
Have more questions? Send a message

Want to join Raptive? Apply here!