In this announcement:
The EU General Data Protection Regulation (GDPR) is European legislation meant to consolidate data privacy regulations across Europe. The date to begin enforcement for GDPR compliance is May 25, 2018.
The data controller determines the purposes and means of collecting personal data and is the owner of the data. All personal data collected is subject to GDPR and requires consent from the data subjects. The consent must be a clear affirmative act. In addition, the data controller must be able to demonstrate that the data subject has given consent to the processing operation.
When you send data into the products–EventStream, AudienceStream, or DataAccess–we act as a data processor. As a data processor, we have the responsibility to provide you (the data controller) the means to fulfill data subject access requests and to provide responsible data collection practices. Read below to learn more the Visitor API.
Our client-side solution to tag management (iQ) ensures that we do not collect or process personal data being sent directly to third-party vendors via the browser or device. However, iQ Tag Management offers a feature to help you, as the data controller, with data governance and consent management. Read below to learn more about the Consent Management feature.
Update (May 8th, 2018)
The full releases of the Explicit Consent Prompt Manager and Consent Preferences Manager are now available. Once activated and turned on, your next publish will contain the new consent features.
Update (May 1st, 2018)
Preview releases of the Explicit Consent Prompt Manager and Consent Preferences Manager are available. They can be configured, but not activated. An upcoming release will make it possible to activate and publish them.
As a data controller, you are responsible for ensuring that consent is properly acquired from your users and to give them the option to withdraw that consent at any time. iQ offers Consent Management to help you comply with these requirements.
Consent Management uses the following two (2) components to help you manage consent:
Consent Management offers the following features:
This is an upcoming feature and more details will be announced as they become available. Until then, enjoy this quick preview of the consent management feature:
Update (May 10th, 2018)
The Visitor Lookup tool is now available in AudienceStream. Use this new feature to lookup individual visitor records and delete the if needed. Also, see the details of the API running behind the scenes, which is available to customers to build their our GDPR compliance features.
Update (March 26th, 2018)
A preview release of the Visitor API is now available: Tealium API > Visitor Lookup API
This release includes active endpoints that can be developed against, however they will only return placeholder data. Stay tuned for a future release that will fully enable the API to service visitor lookup requests for your account.
As a data controller, you must comply with data subjects' rights to access, rectify, and delete data. The Visitor API will be available as a screen within AudienceStream as well as an API to be integrated programmatically. Access to the API is secured by access keys that must be granted to active users of the account.
The Visitor API offers the following features:
Yes, if enabled, EventDB and EventStore can accommodate this logging.
While Tealium does not inherit the burden of consent responsibility, Tealium iQ will offer a convenient set of consent management features that assist with collecting consent.
No, erasure and consent are independent. If you submit an erasure request, all data for that user is deleted. If that user visits your site again, without withdrawing consent, then data collection will continue.
Tealium is a data processor with respect to your web properties and your users.
Tealium is a data controller only with respect to our own web properties and services such as tealium.com and my.tealiumiq.com.
No, your customers will submit their data inquiries directly to you and you will use the API or the Universal Data Hub (UDH) user interface to fulfill those inquiries, as detailed above in this document.
No, Tealium cannot certify or monitor the data inquires of third-party vendors. Tealium iQ Tag Management software only honors the consent response and tracking preferences of the data subject as configured in the consent management feature.
Tealium is dedicated to passing along the data inquiry to vendors that provide an API for GDPR Data Subject Access Requests. Check the Connector Marketplace for vendors that support this functionality.
Consent is granted on a device, browser, or app basis. A user will be tracked on any device, browser, or app where consent has been given and not tracked on those devices where it has not be given (or has been withdrawn).
The new Consent Management tools are a replacement for the functionality offered by the Privacy Manager extension. After the Consent Management tools are fully released the Privacy Manager extension will be removed from the Extension Marketplace, though existing instances of the extension will continue to function.