GDPR：进化，而不是革命（英文版）

GDPR: An Evolution, Not a Revolution Disclaimer This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should seek professional legal advice where appropriate. Introduction The European GDPR (General Data Privacy Regulation) replaces the existing 1995 Data Protection Directive, harmonizing the various data privacy laws that exist across all 28 EU member states. Since our founding in Europe in 2005, Criteo has had a strong record of ensuring our technology has high levels of data privacy and security while helping our clients meet shopper expectations with advertising that is personalized and relevant. As a global company with major offices in multiple EU countries, working with thousands of advertising clients and publisher partners whose customers and users are based within the European Union, we are accustomed to dealing with country-level requirements across the world. It is Criteo’s view that consistency and certainty around privacy and data protection is a win-win for businesses and the consumers they serve. It is for this reason that Criteo is committed to GDPR compliance and why we are working with clients and partners who are subject to the new regulations, offering them support and sharing best practices for them to best manage the transition. Criteo is ready to tackle the GDPR challenge and expects limited impact of the new regulation, if any, on our clients’ and partners’ ability to work with Criteo. Overall this regulatory update is an evolution that aligns data protection policies across the EU member states while providing consistent application and enforcement by local Data Protection Authorities (DPAs) in each EU member state. The objectives of the GDPR are clear: • Modernize the legal system to protect personal data in an era of globalization and technological innovation. • Strengthen individual rights while reducing administrative burdens to ensure a free flow of personal data within the EU. • Bring clarity and coherence to personal data protection rules and ensure consistent application and effective implementation across the EU. What is personal data as defined by the GDPR? GDPR protects the privacy of EU citizens and applies to all companies collecting or processing personal data on individuals in the European Union, even if that company is not established in the European Union. A significant confirmation for the digital marketing industry is that the GDPR applies to any information concerning an identified or identifiable natural person, and this includes online identifiers such as Cookie IDs and Mobile Advertising IDs. These online identifiers are now explicitly mentioned in the definition of personal data, which confirms the broad interpretation of personal data already applied under EU laws. It is important to note that these online identifiers were already considered personal data by many European DPAs. This is not