GDPR

GDPR Background

The General Data Protection Regulation (GDPR) took effect on May 25, 2018, and is designed to give consumers in the European Economic Area (EEA) more control and transparency over their personal data.  GDPR compliance requires publishers to obtain ‘consent’ from visitors to their website prior to the transfer of any ‘personally identifiable information (PII).   One unique component of this GDPR compliance is that the EU now considers anonymous data from cookies and IP addresses as Personally Identifiable Information (PII).   For this reason, IAB Europe have released a Consent Management Transparency Framework. This framework is enabled by a Consent Management Platform or (CMP) that provides digital publishers with an easy one-step solution to acquire user consent and the ability to seamlessly share that consent with their monetization partners, such as UDM.   

GDPR and Underdog Media

UDM, along with our partners, relies on user cookie and IP address qualifiers to deliver the majority of our ads to monetize your inventory. To clarify, UDM does not collect personally identifiable information (from users to your site) such as: first and last name, email address, phone number, mailing address, or social security number.  In order for websites and downstream partners like UDM to continue to access data such as IP addresses and user cookies, User Consent must be acquired and shared.  

To be in compliance we have updated our Privacy Policy and Publisher Terms to include language specific to GDPR compliance.  We are also registered with the IAB Europe as an approved vendor on the Consent Management Platform (CMP) and we are on the Google vendor list for user consent.  However, action is required for UDM to monetize traffic from EU countries.  

Required Action:  Implementation of a CMP

The CMP (Consent Management Platform) determines if user consent, IP addresses, and cookies are passed to us. Please enable us as a certified vendor in your CMP; if we’re not enabled, then EU traffic WILL NOT be monetized.  Various CMPs have different categories and / or purposes, therefore, we recommend enabling all available in your specific CMP.  At the very minimum, "Targeting" must be enabled.  Performance may increase with more categories enabled.  We are not considered a Legitimate Interest vendor, so actual user consent is required. 

If a CMP is not implemented on a particular site and user consent is not obtained, then these requests will be not be filled.

If you have any questions or need any help selecting a CMP, more information is available here.

GDPR Compliance Resources:

• List of Consent Management Platforms: https://iabeurope.eu/cmp-list/ 
• List of Vendors: https://iabeurope.eu/vendor-list/ 
• Google Consent Tool, “Funding Choices”: https://support.google.com/dfp_premium/answer/7666366?hl=en&ref_topic=9007190
• Google Vendor List: https://support.google.com/dfp_premium/answer/9012903