[ad_1]
The startups of the ad, the AdTech, were right to fear the entry into force of the General Data Protection Regulation (GDPR), applied throughout the European Union since May 25th. The Cnil, the French police constable for personal data, announced on Friday that it has given notice to the startup Vectaury, which specializes in stalking the customer journey using geolocation data from smartphones, and which has just raised 20 million euros. . This is the fourth AdTech Pinned by CNIL since May 25, after Fidzup, Teemo and Singlespot.
Read also: RGPD: the torchon burns between Google and the French actors of advertising
The subtlety of the concept of "explicit consent"
Vectaury evolves in the "Retail badytics", that is, customer data badysis for the distribution sector. The startup has created a geolocation cookie that is installed on its smartphone without realizing it when downloading some applicationsincluding games and services such as weather or some media. The data collected is then cross-checked and badyzed so that Vectaury's customers (store brands like Carrefour) display targeted advertising on people's terminals from the places they visited.
Startups like Vectaury negotiate directly with application distributors to embed their cookie in the application, as a "package" that comes with the service. Since the entry into force of General Regulation for Data Protection (GDPR), last May, the user receives a short message informing him of the presence of cookies for purposes of advertising targeting or marketing actions, and must give his consent. A sufficient precaution for Vectaury, who insured at La Tribune during his fundraising, Use only the data "useful for performance", in "respect for the privacy of users and partners".
But for the CNIL, accept the presence of cookies by downloading an application is not enough. The message accompanying the request for consent must bemore clearly explains the purpose of this collection, as well as the identity of the controller. In other words, when a user downloads an app containing the Vectaury cookie, he should be informed that he actually allows the tracking of its geolocation data, even when the app is closed, for advertising purposes. This is not the case for Vectaury, which makes the CNIL say that consent is "not validly collected".
Read also: The startup Vectaury raises 20 million euros to better track the customer journey
Three months to comply
Another complaint, and not least: the Cnil believes that Vectaury exploits without valid consent data of Internet users collected during real-time advertising auction offers for its customers:
"The information given to the user does not explain that his data will be used for this real-time bidding system, nor will it be kept for the purpose of defining a business profile. [les cookies, NDLR], the collection of data is activated by default, "writes the CNIL.
The institution indicates that Vectaury thus collected "pread more than 42 million advertising IDs and geolocation data from more than 32,000 applicationsThe data collected is indicative of the movements of people and therefore their lifestyle, Vectaury has three months to implement consent requests conform to the GDPR and remove the data that it had improperly collected. Cnil will be able to sanction up to 5% of its global turnover Founded in October 2014, Vectaury employs around 70 people and claims to work with more than 100 brands and agencies.
[ad_2]
Source link