‘Processor or Controller’: Awin Throws Down Gauntlet on Affiliate Network GDPR Data Handling

Awin’s tellurian customer plan director, Kevin Edwards, claims businesses “have to confirm either they are data processor, or information controller” forward of a GDPR (General Data Protection Regulation).

The matter is partial of a blog post in that Edwards lays out a position being taken by a associate network in courtesy to authorised data-handling after a May 25 update, and a implications this will have on a advertisers.

The judgment of controllers and processors is “not new underneath a GDPR”, says Edwards, though will have critical significance with a former confronting stricter mandate over accountability.

Processor or controller?

To assistance conclude these terms, a latter refers to a celebration that handles personal information on interest of a information controller and is theme to fewer obligations underneath a law; it could embody storage of information on third-party serves, for example, or operative with a information analytics provider.

Meanwhile, ‘controllers’ impute to those parties that control – rather than possess – personal information by last a purpose and means of use, or a ‘why’ and ‘how’, as Edwards puts it, that can be dynamic by one celebration or jointly with others.  

According to a network’s possess “privacy impact assessment”, Awin categorises it doing of information into a latter position. While a advertisers customarily establish a purpose of a network’s information use, “they are a ones to establish either or not to run an promotion debate when participating”, while a network itself will generally establish a means of a use, such as to promote tracking.

“Therefore, we cruise that in a typical march of a business, Awin acts as a information controller jointly with a particular advertiser,” Edwards states.

Joint controllers

As a corner controller, a impact here for Awin and a advertisers, and what will certainly be a care for other associate networks, is that it will assume a same obligations underneath GDPR as a advertisers: “We will have common responsibility in safeguarding a information we use for a tracking purposes, and will be theme to a same obligations and turn of burden before information insurance authorities.

“Naturally this also means that a normal controller-processor indication will not apply within our attribute and instead Awin and a advertisers will have to umpire their relationship as joint controllers,” Edwards adds.

In efforts to formalise and explain this arrangement, Awin has introduced a template information estimate agreement that defines a network’s obligations and attribute as corner controllers. This review will embody reviewing existent agreements to safeguard authorised and significant correctness underneath a GDPR.

Do we paint an associate network? How is your association readying itself for GDPR-compliance? Let us know in a comments territory below, or email us your comments to content@performancein.com.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestShare on StumbleUponShare on TumblrShare on RedditFlattr the authorShare on YummlyBuffer this pageDigg thisShare on VKPrint this pageEmail this to someone