EUGDPR Home Page

From Market Ruler Help
Revision as of 18:23, 8 May 2018 by Admin (talk | contribs)
Jump to: navigation, search

The EUGDPR regulation begins enforcement among software providers starting May 25, 2018.

ConversionRuler is committed to supporting and providing tools to enable our customers to adhere to the EUGDPR regulations.

To read more about the regulations, please review the Official EUGDPR website.

MarketRuler and EUGDPR

How EUGDPR regulations will affect analytics providers is to be seen, but the law itself is largely targeted at those providers who have a presence in the European Union (specifically Social Media providers) and would be subject to sanctions for non-compliance.

Market Ruler, LLC is based in the United States; and we do wish to support the law in the most comprehensive way possible.

The ConversionRuler data we collect ultimately belongs to our customers; we currently do not harvest, manipulate, collate, or publish it in any way.

Unfortunately, the burden on each individual analytics provider is fairly great. Requiring each analytics provider to receive opt-in consent when visiting a web page would ultimately make the user experience terrible; as well it would require more intensive compute resources if providers were to deliver one type of tracking for EU visitors and another type of tracking for non-EU visitors.

From a technical perspective, the only "personally identifiable" information ConversionRuler collects (aside from form or action data which you may submit to us) is the IP address, which, oddly, must be disclosed first to any website before consent to use it is granted.

So we push this burden onto each individual website and assume that your site will only install or use the ConversionRuler Tracking Snippets in adherence with the EU regulations and requiring consent from all parties who visit your site before tracking them using ConversionRuler.

Understanding the EUGDPR

Lawful basis of processing

  • What it means: Sites need to have a legal reason to use visitor data: Via consent (see next section), notification, performance of a contract, or legitimate interests (e.g. visitor is a customer).
  • How MarketRuler supports this aspect of the law: We do not support the determination of the lawful basis for processing, but leave this to customers to do prior to sending personal data to Market Ruler's systems. There are many tools which can be used to gather consent. Our code supports installation and opt-in-only versions which only track visitors who have granted consent to be tracked.

Consent

  • What it means: As outlined above, a lawful basis to process personal data is with the visitor's consent. In order for a visitor to grant consent, they must be notified and told what they are consenting to; and consent must be, by default, opt-out. In addition, consent must be granular such that a visitor can consent to receive emails, but not phone calls.
    • Businesses must log evidence of what notice was given, what was consented to, and when consent was given.
  • How MarketRuler supports this aspect of the law: Given the determination of the lawful basis above, ConversionRuler supports tracking only after consent is given and can also support the third-party logging of the consent using a special action once consent is given.

Withdrawal of consent

  • What it means: Visitors should be able to withdraw their consent at any time. Withdrawing consent needs to be as easy as giving consent.
  • How MarketRuler supports this aspect of the law: ConversionRuler suggests that individual providers link to ConversionRuler EUGDPR consent pages for their sites to enable visitors to withdraw consent and optionally anonymize or remove their personal data.

Implementing EUGDPR in ConversionRuler

See also