As a global company with headquarters in Europe, Criteo has a strong foundation of dealing with several industry best practices, standards and regulations. It is Criteo’s view that consistency and certainty around privacy and data protection is a win-win for businesses and the consumers they serve. It is for this reason that Criteo is committed to comply with applicable laws and regulations in all countries where it operates, including notably the General Data Protection Regulation (GDPR) that harmonizes the different data privacy laws across the European Union’s member states and any future regulatory and legislative initiatives around data protection and privacy, such as the California Consumer Privacy Act (CCPA) or the Brazilian General Data Protection Law (LGPD).
Criteo is supporting its clients and publisher partners through their compliance journey by sharing guidelines and best-practices about how to meet their own legal obligations:
1. You are required to be transparent with the users who visit your properties
- Clear, easily accessible and comprehensive information about the collection and use of data related of your users must be provided on your properties.
- Depending of the data protection regulation that applies to you, the information required may be slightly different. For instance, websites and apps that targets the European market, the information required by the GDPR notably includes:
- the purposes of the processing for which data collected on your properties are intended i.e. data collected by Criteo via cookies and non-cookie technologies are used for the purpose of serving targeted advertising
- the legal basis for the processing of these data i.e. the use of data for the purpose of serving targeted advertising relies on the user’ consent
- the recipients of the data i.e. Criteo
- Disregarding the laws that apply to you, this is Criteo’s view that transparency with users is always required if we want to foster trust in our respective services and in the digital economy as a whole. Being transparent involves to describe in a comprehensive and user-friendly way how their data will be used and by who. That’s the reason why Criteo strongly recommends that its partners include in their privacy policies a notice about the data collection for the purpose of serving interest based advertising such as the one below:
Our website integrates technologies of trusted advertising partners (third-party companies) that allow the recognition of your device and the collection of information about your browsing activity in order to provide advertisements about goods and services likely to be of greater interest to you. In particular, these partners collect information about your activity on this website to:
- [If you are a client] enable us to show advertisements for our products and/or services to you on third-party websites and apps.]
- [Or if you are a publisher] enable brands and e-commerce sites to show advertisements for their products and/or services to you on our website.]
Our partners may use non-cookie technologies on which browser settings that block cookies might have no effect. Your browser may not permit you to block such technologies. For this reason, please keep in mind that you can block the collection and use of information related to you by advertising companies for the purpose of serving interest based advertising by visiting the following platforms of self-regulatory programs of which those companies are members:
2. You shall collect the consent of EU users across your properties for your use of Criteo services when legally compulsory
- Under Criteo Terms and Conditions, in all countries where collecting consent is mandatory for the use of our services, it is our clients and publishers partners’ responsibility to collect valid consent of their users prior to any Criteo tags being fired. This is justified by the fact that Criteo has no control on the choice mechanisms you decide to use on your properties to collect the consent of the users for the different third party tags implemented on their properties.
- In particular, under EU laws, consent is considered valid provided that:
Suggestion of cookie notice for countries where consent is mandatory
- Users can refuse the collection and use of data by Criteo through the Criteo tags as simply as they could consent to it
- The user’s consent must be demonstrable. For this reason, we suggest the following vendors that offer solutions to add and manage valid consent functions on your properties. If you have any questions, comments or concerns about these vendors, their offerings and services, you can contact them directly.
For more information about the GDPR and its application to advertisers and publishers:
Article 29 Working Party guidance on Consent under the GDPR (2018)
Article 29 Working Party guidance on Transparency under the GDPR (2018)
Please note that the information provided here does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should seek professional legal advice where appropriate.
Last updated: 06/25/2019