Ogury: GDPR Compliant By Design

GDPR-Compliant
, - Apr 25 2018
Ogury: GDPR Compliant By Design

Since 2014, Ogury has empowered end users to make informed choices about their mobile data. Accountability and end users’ rights have been our focus since day one, long before the General Data Protection Regulation (GDPR) became central to conversations about user data.

Fast forward to today, at the dawn of a new era of regulation and stringent new standards for protecting user privacy, and Ogury customers can be secure in the knowledge that all of our products are GDPR compliant by design. Below is an overview explaining how this is the case; how Ogury collects user data, how it is used, and the choices we present to users. But first, some background.

What is GDPR?

GDPR is a piece of legislation that protects the data privacy rights of EU citizens. It enshrines the following rights into law from May 25th, 2018:

  • The right to access data and to have any errors corrected
  • The right to portability (or to be given data on request)
  • The right to erasure (or to be ‘forgotten’ on request)

For any company that serves customers within the EU and deals with user data, it will still be legal to track individuals through properties such as websites and apps. However, in order to do so, companies must now obtain explicit consent from every individual by asking them in a clear and understandable way. Additionally, companies must give users the ability to opt-out of having their data collected on request.

While GDPR is a law set by the EU, it applies to any company that deals with the data of EU citizens. This includes companies based outside of the EU, including the USA, Asia, Africa, and the Middle East. In short; if you serve users based in the EU, then GDPR applies to you.

The penalties for misuse of data post GDPR are potentially severe, running up to €20m (approx. $24.7m, £17.4m) or 4% of annual revenue, whichever is greater. In the face of numbers like these, it pays to ensure your data provider is watertight when it comes to GDPR.

How Ogury collects data

Integrated with thousands of apps, Ogury collects raw signal data only after explicit user consent has been granted. We use a clear and straightforward consent notice written in plain English, as well as German, French, Spanish, and Italian where required. This has been the case since the company began operating in 2014, making Ogury a pioneer in user-consented data.

More to the point, Ogury is one of the very few providers in the market today to not have to make significant changes to its collection policies in order to comply with GDPR or any other data regulations. Additionally, the company’s founding principles are aligned with those of GDPR, including lawfulness, fairness, transparency, accountability, and accuracy. It’s for these reasons that Ogury and its products are truly GDPR compliant by design.

How Ogury uses data

Once collected, our state of the art machine learning engine interprets these mobile signals and generates unique, high-quality anonymized mobile user and journey data. The app publishers, brands, and advertisers who work with Ogury use this data to target relevant advertising to users like never before and to boost the overall results of their campaigns to record levels.

The data we generate is device-level, first-party behavioral data (apps installed, apps usage and web browsing), context data (device type, ISP, connection type) and some personal data (email address, IP address). Ogury’s mobile data is unique in depth, recency, and accuracy, and is not available anywhere else.

Personal user data is never passed on to any third parties. The data drawn is linked to the individual user’s Android Advertising ID identifier, which is pseudonymous and is not linked to any identifiable data such as names or phone numbers. Consequently, Ogury does not hold this kind of information.

A clear opt-out choice for users

In addition to the opt-in consent notice, Ogury provides users with the opportunity to opt-out of its data collection at any time. Every ad served by Ogury displays a link to a dedicated online opt-out form, which can also be accessed directly through this link. Users can alternatively reset the AAID (Android Advertising ID) on their device, or change their device settings to ‘opt-out of interest-based ads’.

Not giving consent does not have any negative impact on the user, other than that they do not receive our targeted, recommended ads. If users do not opt-in, Ogury does not collect data. It’s that simple.

Other providers have relied on somewhat questionable legal grounds regarding user consent, such as ‘implied consent’ or ‘legitimate interests’. As such, there are many examples of companies that have collected data without properly informing users and obtaining long-term consent. We are proud to say that Ogury does things differently.

Should you have any specific queries relating to Ogury’s data generation and collection, please consult our privacy policy, or contact us directly via support@ogury.com