In a wide-ranging presentation at Connected TV World Summit, Sacha Wilson, senior associate, Bristows, said that GDPR effectively built on the 1995 Data Protection Directive. Articles 13 and 14 of the GDPR, which Broadband TV News notes refer to information to be provided where personal data are collected from the data subject (13) and have not been obtained from the data subject (14), include several additional elements.
Furthermore, he said that the GDPR doesn’t say you have to get consent. This is something that the upcoming ePrivacy Regulation does, while the GDPR says when you need to get consent and how to get it.
The GDPR also adds some hurdles, with consent having to be distinguishable and not hidden away. This can be challenging in a connected TV environment.
Wilson also outlined a number of differences between the GDPR and ePrivacy Regulation. While the former will automatically apply from May 25, it is at this stage unknown when the latter will.
Also, the GDPR applies to all legacy data, including any unique identifiers, and ePrivacy Regulation to direct marketing comms and setting/accessing any device-side data.
Wilson in addition said that regulators are talking about cookies, which consumers generally do not like, and in the case of ePrivacy Regulation there is a possibility that cookie consents could be moved to the browser level.