Home Privacy French Startup Teemo Appeases GDPR Regulators, Avoids A Fine

French Startup Teemo Appeases GDPR Regulators, Avoids A Fine

SHARE:

There is life after a GDPR enforcement warning.

Location data ad tech startup Teemo, one of the first companies admonished under the General Data Protection Regulation for gathering and processing data without informed consent, was given the all clear on Thursday.

Teemo, headquartered in Paris, received an ultimatum from France’s data protection authority, the Commission nationale de l’informatique et des libertés ( the CNIL ), in July: Either obtain the proper consents, provide the proper disclosures and set appropriate limits for data retention or face a possible fine.

The company tossed all its R&D resources to reach compliance, said Alexandra Chiaramonti, Teemo’s managing director for France. It took roughly two months to implement everything the CNIL was asking for.

It was highly unlikely that the CNIL was going to slap Teemo with a fine, though. Making a good faith effort to comply goes a long way with the DPAs. EU regulators aren’t gunning to put small businesses out of business.

The GDPR is “mainly intended to guide behavior, to encourage compliance, not as a vehicle for penalizing,” said Blaine Kimrey, a shareholder at Vedder Price in Chicago, who has spent most of his career litigating technology-related cases.

“The potential penalties are severe under GDPR and they’re definitely there for a reason, but the people I’ve heard speak about GDPR, including those involved in its drafting, don’t see penalties as the standard enforcement proceeding,” he said.

Carrying a big stick and not using it is somewhat of a foreign concept in the United States, where regulators are far more likely to levy fines when they come knocking, Kimrey said, but “companies that do their best, that devote whatever the EU data protection authority deems to be the appropriate level of resources to the matter, will get injunctive relief.”

Teemo’s publisher partners must now display a banner during the app installation process that gives users the opportunity to provide their informed consent for data collection before any data is actually collected. A link gives users more info on their data rights, including the duration of retention – 30 days for raw data and 12 months for aggregated data in Teemo’s case – and the ability to withdraw their consent at any time.

It’s too early to tell whether the changes will impact user opt in, but even if fewer users offer up their consent, that could end up being a good thing, Chiaramonti said. There might be less data, but the quality will ostensibly be better and “more interesting for advertising purposes,” she said.

Although its dustup with the CNIL was far from ideal – “I’m not going to lie, it’s been a very tough couple of months,” Chiaramonti said – there are positive takeaways, not least of which comes in the form of regulatory guidance. When a DPA like the CNIL takes action, it helps clarify the law for other companies looking to comply.

“If everyone is willing to find a reasonable solution which serves each party’s interest, we can get there,” Chiaramonti said. “GDPR doesn’t have to be scary; it can benefit the industry as a whole by building trust from the general public and making this market a lot healthier.”

It’s hard to say what the CNIL’s next move will be, whether it will give companies in its jurisdiction a little time to absorb its guidance on consent and get their own houses in order before making an example out of any other entities – but that’s not the only uncertainty, said Ronan Tigner, an associate at Morrison & Foerster who is focused on data privacy and security.

“We are still waiting for the reform on the ePrivacy regulation governing cookies and similar technologies used in the ads context, which isn’t likely to be finalized before the end of 2018, early 2019,” Tigner said. “There are potential impactful changes, such as more acceptance for consent through browser settings and new explicit consent exemptions, such as cookies for audience measuring or security updates – so, we may be looking at awareness raising and a gradual build-up for now until those rules are known and industry solutions stabilize.”

Fidzup, the other French location data company called out along with Teemo by the CNIL in its warning, is making progress towards compliance with the development of a consent management platform. CNIL reps are cooperating with Fidzup to test the platform, said COO and co-founder Anh-Vu Nguyen. Fidzup is awaiting a final decision from the CNIL about whether it’s efforts meet “all the expected criteria,” Nguyen said, but the company is “optimistic.”

Tagged in:

Must Read

Google’s Meridian And Meta’s Robyn: A Gift To Measurement Or Trojan Horses?

Google and Meta are quietly rewriting the rules of ad measurement, and they’re doing it with open-source marketing mix modeling tools that many marketers don’t even realize they’re using.

This New Training Framework Gives Publishers A Say In How AI Uses Their Work

A new initiative called SAIL compensates publishers when AI scrapes their content and guarantees the outputs adhere to the same cultural standards they apply to their own coverage.

AI Is Spreading Inaccurate Information About Brands. This Tool Can Help Fix That

Brands can’t just focus on how often they show up in AI search. They also need to pay attention to accuracy – and know what to do when AI gets it wrong.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

This K-Beauty Brand Is Collapsing The Marketing Funnel To Grow Its US Customer Base

The “K” in “K-beauty” stands for “Korean.” But it should also stand for “kaboom” because Korean beauty product sales are exploding internationally, especially in the US market.

LinkNYC Kiosks Have Started Airing World Cup Games – TV Ads And All

The cinematic trope of people stopping to watch the news on a storefront TV display feels pretty out of date today. But sometimes, life can still imitate art.

How TIME’s CMS Transition Laid The Foundation For Its AI-Driven Content Overhaul

The CMS migration helped unify TIME’s fragmented content data after years of platform transitions under multiple owners. This enabled TIME to launch its own AI search product and convert archival content into AI-friendly “markdown” pages.