Affiliation can be difficult to understand when it comes to the collection and protection of customer data. By advertising for another site on its own digital space, it is not possible to have full control over the data of its users.
This is why it is interesting to question the link between affiliation and data protection .. Especially since the entry into force of the GDPR .
GDPR and data protection
First of all, you have to understand the GDPR regulations. (General Data Protection Regulation). As a continuation of the French Data Protection Act of 1978, the GDPR was put in place to provide a legal framework for the collection of user data on the Internet.
Since the entry into force of this legal measure, all professionals using the Internet as part of their activity must guarantee the protection of the data of their users (visitors, customers, prospects, partners, employees, etc.).
According to the CNIL, personal data is defined as “any information relating to an identified or identifiable natural person”.
What are personal data?
- A name
- a phone number
- a customer file number
- a picture,
- an element linked to the identity of the person.
In addition to the collection of personal data, the GDPR also takes into account the processing of this data and indicates that this must be done for a specific purpose.. That is to say that it is not possible to collect data without purpose or purpose: cEach collection of personal data must therefore be legitimate for your activity.
GDPR, protection of personal data and affiliation: are you concerned?
In the context of a commercial relationship between a site and a customer, it is up to the site that collects the data to put in place actions to protect them effectively.
In affiliation, we are on a relationship involving an advertiser and a publisher site which is responsible for advertising a product or service.
What does data protection law provide?
Here is what the CNIL says about affiliation : “Affiliation is an advertising technique that is not based on the collection of user browsing data”.
We could stop here, but, in fact, it is more complex. The CNIL may change its mind in the years to come if certain affiliate follow-ups use personal customer data.
Moreover, the CNIL explains that the GDPR concerns all sites that carry out their activity or part of their activity in France. (whether they are there or not). This therefore includes processors who collect and process customer data for other entities.
Therefore , to be in good standing with the GDPR as an advertiser or affiliate, you must ensure that all your partners involved in the commercial and advertising relationship are also in good standing.. And this obviously concerns the possible affiliation platform chosen.
Data protection: the points of attention
First of all, whether you are an affiliate or an advertiser, you must inform yourself precisely about how you collect and process your customers’ personal data.. This can concern both cookies and the forms offered to your customers and prospects. An audit may therefore be necessary.
In addition, you should know that the whole concept of protection of personal data is based on the consent of the Internet user.. There was already a law on cookies (ePrivacy Directive), but the GDPR is added to the latter by imposing the condition of unambiguous consent.
Internet users must know what they agree to share with the sites visited on their personal data and must do so with full knowledge of the facts. As a bonus, a site must be able to provide the person who requests it with all of their collected data and be able to erase it on request.
At Casaneo, we attach great importance to managing the protection of the personal data of our customers as well as possible, whether they are advertisers or affiliates.. As an affiliate platform acting as an intermediary, we advise you at this level and support you if necessary. as well for be in good standing with the law only to reassure your customers and partners on the subject of data collection and protection.