3 steps to stay compliant while ...
3 steps to stay compliant while using co...

3 steps to stay compliant while using consent-driven targeted marketing

Using personalized, targeted ads? Make sure your organization obtains consent and follows these three steps to honor user privacy while providing them with the best user experience

Alex Cash Director, OneTrust Consent and Preferences

clock4 Min Read

Featured Image

In a recent enforcement action, the Irish Data Protection Commission (DPC) ruled that businesses can’t rely on “contractual necessity” as a legal basis for using behavioral advertising. The DPC also mentioned the importance of transparency when explaining the purpose of processing data to users. The main takeaway here is that user consent is a must when engaging in behavioral advertising.  

How can companies ensure compliance when delivering targeted ads?  

1. Know what regulations apply to you  

Have a comprehensive picture of what privacy and data protection laws apply to your business operations. For example, if your business has customers in the EU and California, you’ll have to look at the requirements the CPRA and GDPR have in place.  

Conduct a mapping exercise to lay out which regulations apply, and which parts of these applicable regulations you need to take note of in your data processing policies.  

2. Get user consent before delivering targeted ads  

The GDPR and CPRA both mention that businesses have a legal basis to process personal data if the use case is “necessary” for the business to function, or is a “contractual necessity” for the business to fulfill to its consumers.  

However, in the case of targeted advertising, showing personalized ads is usually not the core function of your business, as mentioned by the European Data Protection Board (EDPB) guidelines. This removes it from the scope of the “necessary to perform a contract” basis to process personal data, by the GDPR’s definition. E.g., using your shipping address to send you a product would be necessary data to complete the service, but providing you with targeted ads based on your interests would not.  

Targeted ads are a way to help customers view products or services that appeal to their interests and allow them to have a more enjoyable user experience when navigating through your site. However, as they are not a “contractual necessity,” getting consent from your users to provide personalized ads is the way to go. Under the GDPR, consent must be obtained by opting in, while under the CPRA this can be achieved via an opt-out mechanism.  

Apart from running targeted advertisements on your own platform, you may also have cases where you’re running these campaigns on other third-party platforms. You’ll also need to collect consent in this case, and ensure that your organization is clear on the policy requirements that third-party platforms have regarding user data. Your users’ privacy is ultimately your responsibility, so make sure to have the proper due diligence in place.  

3. Use transparent communication = clear, concise, and comprehensive

Keep the language clear, concise, and easy to understand for consumers. Disclose what data you’re collecting, and what you’re using this for as well.  

The GDPR stresses the need for transparency on personal data processing when communicating with data subjects, with Article 5(1)(a), Article 12, and Article 13(1)(c) as examples. 

The CPRA also has certain clearly defined items that must be in place that include: 

  • A “Do Not Sell or Share My Personal Data”, clearly visible and easy to navigate for users 
  • A “Limit the Use of My Sensitive Personal Information” page 
  • Honoring universal preference signals, like the Global Privacy Control (GPC) signal 

How can OneTrust help your business stay compliant? 

OneTrust Consent and Preferences enables you to manage the consent of your digital properties across all regions, privacy regulations, and devices through one platform.  

By providing brand-consistent notices and banners to your users throughout their interaction with your site, from accepting cookies to subscribing to a newsletter, we ensure that your customers get the best user experience and have their privacy honored at every touchpoint.  

After obtaining consent from your users, keeping track of this data with up-to-date records is no small task. OneTrust makes this easy with integrations with all major sales, marketing, and data platforms, along with a real-time database that stores user consent and preference data, making sure you’re always providing your customers with an optimal, privacy-first experience. 

Learn more about how OneTrust Consent and Preferences can help your organization build trusted relationships with your customers by keeping their privacy as your priority.  

Request a demo today.  

You Might Also Be Interested In


JANUARY 25, 2023

Your guide to celebrating Data Privacy Day 2023

JANUARY 17, 2023

Speak-up culture toolkit: Leveraging disclosure data to drive a speak-up culture

JANUARY 13, 2023

Addressing UK app Code of Practice requirements with OneTrust

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

BackToTop
Onetrust All Rights Reserved