What does GDPR mean for TV data analytics?

What does GDPR mean for TV data analytics?

Tom Weiss, Mon 20 November 2017

With most of the advanced advertising models based on set-top-box and smart TV data coming from the USA, many of them are going to need to be updated to account for the differing regulatory environment in Europe. Come May 2018 this is getting a further overhaul with the new General Data Protection Regulation “GDPR” that enhances consumer rights in many areas.

There are eight critical parts of the regulations that will have a significant impact on business models relating to TV data, and we’ve outlined our primer on these below

The right to be informed

If you’re collecting data on consumers, you need to inform them what you are receiving, why you are harvesting it, what you are going to do with it, and with whom you’re going to share it. If you’re going to use it to measure viewing to fulfill the obligations of your content deals, you need to mention this to consumers here. If you’re going to be profiling people to optimize your marketing towards then, you need to specify it here. If you’re going to be sharing TV data with third parties to improve advertising, then you need explicit permission from consumers to do this.

None of these should be controversial with most consumers, but it’s important to be clear precisely what you’re doing and with whom you might be sharing data.

The right of access

Consumers also get the right to be able to see any information you’re storing on them. In the same way services like Netflix and Amazon provide a full viewing history online or in the app, if you’re saving viewing information you need to be able to provide a way for consumers to access this. Some companies will implement this by a “contact us to receive your data” but this will be costly to service.

We expect most customers to enable online access to data they store on their customers, partly driven by the next right, which is...

The right of rectification

If consumers believe you are holding incorrect information, then they will get the right for this to be rectified. This part of the legislation originates from credit rating agencies where people have had credit refused because they share the same name with a known felon. In the TV environment, it does has some relevance. If a conservative politician has been watching late night television programmes of dubious morality, they may well want them erased from the viewing database. Under GDPR they now have the right to have this rectified.

This right to rectify makes the most compelling case for online access to viewing information. If you don't provide a simple online interface where people can see what you've stored about them, then it's hard to process any requests for rectification efficiently.

The right of erasure

Typically referred to as the “right to be forgotten” this just means that consumers can demand to have all information on them to be erased. It’s unclear to us whether the law will require this only to apply when a consumer cancels a service, or whether TV providers will be required to continue to provide services after deleting all historical information on consumers.

One crucial point about the right to erasure and the right of rectification is that this applies not only to your own data stores, but also any to third parties that you’ve shipped data. Say you’ve sent TV data to a data brokerage who has shared it with 169 different online platforms. You need to be able to either delete or update the data stored by that data brokerage and all of their downstream clients.

This is going to be a significant overhead, and we expect platforms will typically going implement this on a “deletion only” policy. Under "deletion only" any rectification will result in deletion of all data on that subscriber in third-party datasets. We expect the shipping of lists of IDs to delete will become an everyday part of data shipping.

The right to data portability

We, consumers, are willing to share our data because we know it makes our TV service better. I get more targeted advertising, better marketing, and constant more relaxant to me. However, under the GDPR, this data belongs to me and when I cancel one subscription and switch to another one I have the right to take my viewing data with me and gather the same benefits of service on my new subscription platform.

Initially, we expect this to require all providers to provide a simple way for customers to download all of their data in a simple format, and over time for providers to enable the upload of datasets from competing providers. We don’t expect this data transfer to be mandated as a simple switch as has been the case in mobile number portability, but we do expect that all providers will need to provide the download of data as a minimum

The right to object

In most cases, the right to object is very similar to the right to rectify where consumers are not asking for inaccuracies to be corrected, but to oppose the holding of specific facts. For a credit rating company, this could amount to objecting about an old bankruptcy still being held on the record. For TV providers we expect this to be uncontroversial and rarely to apply.

Rights relating to automatic decision making and profiling

GDPR creates a class of new rights about profiling and a specific opt-out of automatic decision making. Anytime you are profiling consumers - for example, to provide enhanced advertising or marketing - you need to get explicit opt-in from consumers to do so, and consumers must have an option not to be affected by computer decision making.

Although similar to the rights to be informed, it goes a step further where profiling is used to make decisions automatically. From eligibility for offers or targeted advertising, consumers need to be able to opt out. The intention of this is to prevent discrimination because of decisions made by computers.

In a credit rating example, it means that consumers have the right to demand that the credit rating is performed manually by a human being rather than by a computer algorithm. Online, it means people are going to be able to opt-out of the entire Google Adwords experience and only receive generic ads that are not targeted specifically at them.

In a TV environment, it means consumers can opt out of the personalized recommendation, marketing, and targeted advertising, and receive only a standard set of communications. Over time, we also expect this to progress such that developers of targeting algorithms will need to be able to demonstrate that they do not discriminate against protected minorities. Automatic targeting algorithms frequently overlook the disabled, underprivileged ethnic groups, and older people. Algorithms that provide a financial benefit, such as a particular offer, will need to be tested to ensure that it is equally likely to make the same offer to all ethnic groups.

Profiling of children remains illegal under the GDPR, and we continue to advise TV providers to exclude viewing of children’s programming in any profiling decisions. Creating segments of homes with children based on viewing activity is illegal under European law.

Accountability

As well as providing new rights for consumers, GDPR ramps up the responsibilities of data collecting organization. We've always recommended that companies do not collect more information than they need but it has not previously been illegal. Under GDPR, the bulk collection of TV data with the little purpose of reason goes from being dangerous to grounds for prosecution.

Requirements around anonymisation also change. Whereas it would previously it would have been enough to translate uniquely identifiable fields into tokens, this is no longer sufficient. This process referred to as pseudonymization, changes personally recognizable information such as email address or mailing address into a unique code. As we’ve previously written[link] about, such a process is inherently open to reidentification, and under GDPR the responsibility is on the data collector to minimize the risks of re-identification.

Data collectors also now need to record all details of data processing and transfers to third parties. A log of data processing and shipping is simple to implement, and something that we expect to become part of the information on the consumers that are made available on websites.

So how does this affect my business models?

Many businesses are concerned that GDPR is going to kill subscriber analytics, advanced advertising, and online retargeting. Our interpretation is that it’s going to make processing these models more costly for companies, but it's also going to make it more transparent and that this is in the long term going to be better for consumers and the industry.

The EU opt-in legislation did not kill online cookies, and we equally expect very few consumer to refuse to opt-in to online targeting. The increased transparency and specifically the rights to rectification and the right to portability will significantly increase the quality of the data that we use for our predictive analytics, and that’s going to make for better outcomes.

Better data means better business, and GDPR is all about better data.

Get in touch to find out how we can help

Sign up below and one of our Data Consultants will get right back to you


Dativa is a global consulting firm providing data consulting and engineering services to companies that want to build and implement strategies to put data to work. We work with primary data generators, businesses harvesting their own internal data, data-centric service providers, data brokers, agencies, media buyers and media sellers.

145 Marina Boulevard
San Rafael
California
94901

Registered in Delaware

Genie House
Burchetts Green Road
Maidenhead
SL6 6QS

Registered in England & Wales, number 10202531