Eskimi and GDPR
GPDR requires companies to have applicable legal basis for:
1. Any kind of user data used
2. All ways of how is that data used
In online advertising, companies normally use non-personally identifiable data (such as cookies, device IDs) to target users and measure ad performance.
In order to perform these activities, an applicable legal basis is needed. It is Eskimi, as well as most of the market, understanding that 2 legal basis are appropriate here: consent and legitimate interest.
Consent
Consent is when user says 'yes' to the kinds of data and to the ways of data. User can agree or deny to companies processing user data.
Legitimate interest
Legitimate interest is when a company must use user data to survive and it can not hurt the user in any way. User can object to legitimate interest claims.
How to achieve all this for companies?
There can be multiple ways of asking users for consent and/or showing legitimate interest declarations. The most used one, and the one we use in Eskimi, is by using Transparency and Consent Framework (TCF).
What is TCF?
TCF is framework to pass if user consented and/or objected to legitimate interest to online advertising companies. It is not the law - it's how companies like Eskimi understand the law.
TCF consists of:
* CMP (consent management platform): actual popup where user sees and selects: data usage purposes, companies
* Preferences string:
* Vendors: companies using user data
Eskimi DSP (vendor name - Eskimi, vendor ID - 814) is part of the IAB approved TCF vendors.
Global TCF vendor list: https://iabeurope.eu/vendor-list/
To sum up, TCF allows:
* Showing purposes - how will companies use data
* Showing types - what data will those companies use
* Allowing user accept/reject usage of this data
* Passing user preferences to the companies
What do clients have to do?
Client page should have a CMP (Consent Manager Platform) integrated on the website and make sure that "Eskimi" is on the vendor list. CMP usually handles a lot of integration automatically and provides customisability in order to correctly generate the consent string.
Then, if user agrees with Eskimi data purposes and what data will be used.
How to check if Eskimi is under the CMP vendor list?
Visit the page you want to check. You should be greeted with a notice. Such as the below one. Click on manage settings:
After clicking manage settings you will be greeted content and legitimate interest that were introduced before.
Search for partner list.
When the partner list will be visible search for Eskimi. Both legitimate interest and consent should be enabled for Eskimi so we would get user consent. If the content isn't enabled for Eskimi by the user the consent won't be received.
What if I don't use a TCF-based CMP?
If you don't use a TCF-based CMP, you have 2 choices:
* Integrate one. More information on manual integration without CMP can be found here: https://iabeurope.eu/tcf-for-publishers/
* Discuss with your legal if any other solution is applicable to you (some other consent management way). if yes, please reach out to us.
What are the GDPR countries? Where does this apply?
GDPR applies to these countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom.