Blog

GDPR and AddThis: Your Questions Answered!

A big topic of conversation around the internet these days is GDPR. The General Data Protection Regulation (“GDPR”), is a new regulation with comprehensive privacy and security requirements intended to strengthen and unify data protection in the European Union.

The deadline for complying with GDPR is just around the corner (May 25, 2018!) and we want to make sure that all your questions are answered, so we’ve assembled some of the top inquiries we’ve heard from AddThis users:

Q: How do you store, process, retain and use the data you collect?

A: General information on our privacy practices, including storage, processing, retention, and use of personal information is available in our AddThis privacy policy, available at: https://0-www-addthis-com.librarycatalog.vts.edu/privacy

 

Q: At what point in the process is the AddThis user data collected?

A: The AddThis cookie is “dropped” when an end user visits a publisher site that uses the AddThis Website Tools. Certain consent tools allow for cookies to be suspended (or “not dropped”) if the user has not consented to cookies on the site. Publishers are encouraged to use consent tools that are appropriate given their particular business needs.

 

Q: What do I need to do to prepare for the GDPR?

A: It will be the responsibility of each publisher to assess the legal and operational implications of GDPR on their business and implement changes as necessary. This may include changes to site functionality such as cookie consent mechanisms, terms and conditions, and privacy policy. Oracle does not mandate a particular set of mechanisms or even standard language that should be used to capture consent. If you are not sure what to do, we recommend you contact your compliance and legal advisors.

 

Q: Will you provide a Data Processing Agreement, or are you able to sign our agreement?

A:  A Data Processing Agreement is not appropriate for a controller to controller relationship. The relationship between Oracle and our AddThis publishers are governed solely by the AddThis Terms of Service which clarifies the respective rights and obligations between Oracle and our publishers in connection with the publishers’ access to and use of the AddThis Services and Oracle use of Publisher Data. The AddThis Terms of Service also fully incorporate EU Standard Contractual Clauses for controller to controller relationships. Please see the AddThis Terms of Service if you have any questions about Oracle’s obligations towards Publisher Data.

 

Q: Since the AddThis tools use 3rd-party services (ex: Facebook, Pinterest, Tumblr, etc.), how do I update my privacy policy for GDPR to notify my visitors of potential tracking behaviors of each service?

A: The AddThis tools provide website visitors with the ability to share content with websites and social networks that are not affiliated with the publisher site. By clicking on those links or sharing that content, your website visitors may share personal information with these third parties. Publishers may want to encourage their website visitors to check the privacy policies and terms of use of any websites or services before providing personal information to those third parties.

 

Q: Email addresses are collected by both the AddThis email sharing service as well as the AddThis List Building tools. How is Oracle complying with the GDPR for its collection of email addresses?

A: As part of our AddThis List Building tools, Oracle collects email address on behalf of a publishers to assist the publisher in creating email lists. These email addresses are only used by the publishers and are not used by Oracle to provide interest-based advertising, or to provide Oracle marketing or other Oracle purposes. Oracle retains these email addresses for six months after collection. Any opt-in or consent language that may be required for email marketing is the responsibility of the publishers.

For the email addresses that are provided during the sharing process when a user uses the AddThis sharing tools, the email address is only used to deliver the content to the intended recipient. These email addresses are also not used by Oracle to provide interest-based advertising, or to provide Oracle marketing or other Oracle purposes.

 

Q: Is AddThis storing any user data? Is any of the data personally identifiable (that includes IP address)?

A:  AddThis data is collected online and indirectly identifies users. This data includes, for example:

  • Internet Protocol (IP) address, Mobile Advertising ID (MAID) (which allows mobile app developers to identify who is using their mobile apps), mobile application ID, browser type, browser language, type of operating system, and the date and time the user visited a publisher Site or a user used the Toolbar;
  • Behavior on a Publisher Site, such as how long a user visited the Publisher Site, a user’s sharing behavior of content on a Publisher Site, and a user’s scrolling behavior on a Publisher Site;
  • The referring URL and the web search a user used to locate and navigate to a publisher site;
  • Keywords entered into the AddThis Toolbar search functionality, and whether and when a user downloaded, installed, or uninstalled the AddThis Toolbar;
  • Information regarding how often a user used the AddThis Tools and how often a user used the AddThis Toolbar; and
  • Geo-location data derived from a user’s IP address.

 

Q: I understand that Oracle is transferring data to servers in the United States. Is this acceptable from a GDPR perspective?

A: In the AddThis Terms of Service, AddThis publishers are required to disclose that AddThis data will be transferred to the United States and collect the appropriate consents from users to transfer data to the United States.

 

Q: What is the AddThis user data retention policy?

A: We retain AddThis Data for up to 13 months.

 

Q: What do I need to do to comply with the GDPR?

A. You can review the AddThis Terms of Service for your legal obligations to Oracle when using the AddThis Tools. It remains AddThis Publisher’s responsibility to seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data, including through the use of any vendor’s products or services.

 

Disclaimer:

The information presented here may not be construed or used as legal advice about the content, interpretation, or application of any law, regulation, or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data, including through the use of any vendor’s products or services.

 

f8 2018 Recap

f8 2018 Recap

One of the things I love most about being a Product Manager is the opportunity and responsibility to keep tabs on industry news and developments. Having a good grasp of the digital publishing landscape – from emerging trends to competitive research – is critical to our ability to serve users well. When you’re in the sharing game, there are few better places to get a pulse on the industry than at Facebook’s annual developer’s conference, f8. And so, to f8 AddThis went.

Continue reading

GDPR and Frequently Asked Questions for Publishers

What is the GDPR and why should I, as a publisher, care about the GDPR?

GDPR stands for General Data Protection Regulation. It is a new regulation with comprehensive privacy and security requirements intended to strengthen and unify data protection in the European Union. The GDPR will go into effect on May 25, 2018. Under the GDPR, organizations that violate GDPR can be fined up to 4% of annual global turnover or 20MM euros, whichever is greater.

To help sift through some of the noise, we’ve complied a few frequently asked questions for publishers:

 

Continue reading

List Building Tool Users: Be Sure to Regularly Download Your Contacts!

If you are using our List Building tool to help capture your visitors’ email addresses, it is a good practice to regularly download the CSV file associated with the tool. For example, if you’re sending out marketing emails every week, you should be downloading your list just as often to make sure you are including your fresh sign-ups on the latest send.

Starting May 15, to ensure that publishers are keeping their lists up-to-date, your lists will need to be downloaded at least every 6 months. AddThis will no longer be storing your email lists indefinitely.

Continue reading