Publishes Open-Source Data Processing Agreement and Resources For Publisher Partners to Support Compliance with GDPR
OpenX, the world’s leading independent advertising technology provider, announced that it is one of the first advertising exchanges globally now in compliance with its publisher obligations under the General Data Protection Regulation (GDPR) — a full four months before the May deadline.
As a free and open contribution to the ad tech community, OpenX is also making available a GDPR-ready data processing agreement (DPA) drafted in consultation with leading U.S. and EU privacy counsel. This “open source” DPA was published recently as a resource for publishers to expedite their compliance process with other technology partners that may process the publisher’s EU personal data. OpenX is also making available other GDPR-related resources on its website, including a guide for obtaining certification under the Privacy Shield, which is an important legal mechanism for validating the transfer of EU personal data out of the EU to the US.
“GDPR is the single most significant regulation in the history of digital advertising,” said Doug McPherson, chief administrative officer and general counsel at OpenX. “It replaces a patchwork of EU national rules with a single regulatory framework with global reach and strict penalties for those who fail to comply. GDPR applies to every company, wherever they are located, that offers goods or services to EU citizens or receives, stores or sends personal data from any EU citizen. At OpenX, we are committed to being the highest quality and most trusted partner to the thousands of leading publishers and top brands that rely upon our exchange. We committed early on to investing significantly in GDPR compliance and in educating the industry about its implications. We have taken the extra step today to make available a data processing agreement and other resources in order to move the entire industry towards greater accountability and trust.”
According to one recent analysis, leading publishers today can have hundreds of technology partners with access to their consumer data via code on their page. Under GDPR, publishers will be responsible for ensuring regulatory compliance for data security for every single partner they allow to access their data. Failure to comply effectively could result in significant penalties — up to the greater of €20,000,000 or 4% of worldwide annual revenue.
“Very few companies recognize the magnitude of the effect GDPR will have on their business, especially companies in the advertising technology space. OpenX has worked directly with the Venable team over the last year to understand the complexities of how this new regulation applies to OpenX and its partners. The resources they have made available to the industry will benefit any adtech company committed to compliance with GDPR,” said Shannon Yavorsky, Partner at Venable LLP.
On February 1, OpenX will co-host a webinar with counsel from Venable LLP to provide publishers and advertisers with another educational resource as they navigate GDPR compliance ahead of the deadline. The webcast will cover seven steps publishers can take now to become compliant.