Dear Network Partners: Effective April 3rd, SHE Media has updated our Publishing Network Agreement, to reflect obligations under new data privacy laws that have been adopted by several U.S. states, including California, Colorado, Virginia, Connecticut, and Utah and which have or will become effective in 2023. The Network Partner Agreement already reflects that Partners are required to comply with all applicable laws, including data privacy laws, and this update does not change that. You will see these updates in the revised Exhibit A, a copy of which is attached for your reference. In addition, we are notifying Partner that once the IAB’s Multi-State Privacy Agreement (“MSPA”) is finalized, we expect to become a signatory. The MSPA is intended to address the obligations under these new U.S. state data laws and supplant the IAB’s Limited Service Provider Agreement. Once applicable, Partners will also need to become signatories to the MSPA.
If you have any questions at all, please don’t hesitate to ask our team.
Your SHE Media Collective team
Exhibit A – Data Protection Law Compliance
Publisher understands and agrees that it is required to take all measures required to comply with the all applicable laws, regulations, and other legal requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the processing of personal data, including without limitation, to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and any amendments thereto (“CCPA”); the Colorado Privacy Act; the Virginia Consumer Data Protection Act; the General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”); the Swiss Federal Data Protection Act; and the United Kingdom Data Protection Act of 2018 (“UK Privacy Act”)(collectively, “Data Protection Laws”). Without limiting the foregoing, Publisher shall to the extent applicable and in compliance with Data Protection Laws::
- Clearly post on the Site a privacy policy
- Explaining, among other things, the type of information Publisher collects from users, information automatically collected as the user accesses the site, and cookie and other tracking technologies, how Publisher uses, shares, discloses, or sells the information collected, and the user’s options regarding advertising , including targeted and cookie or pixel based advertising.
As a best practice, we recommend that Publisher links to the SHE Media Ad Services Privacy Policy from its privacy policy. The SHE Media Ad Services Privacy Policy can be found here: https://www.shemedia.com/ad-services-privacy-policy
- Obtain and document evidence of legally required (including under GDPR)-compliant consent from Site users to the collection of Personal Data by means and for the purposes used by the Company as set out in the Agreement and include an easy to use mechanism whereby users can withdraw such consent (e.g., opt-out);
- Respond appropriately to all requests from users to exercise their rights under applicable Data Protection Laws, including, without limitation, access to, correction of, or deletion of a user’s Personal Data from a site;
- Maintain all records required under Data Protection Laws and all information necessary to demonstrate compliance with such laws and allow for and contribute to audits and inspections by Company and/or Penske as reasonably requested to confirm compliance;
- Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk regarding Personal Data;
- Ensure that persons authorized to process Personal Data have committed to confidentiality;
- Promptly take all appropriate corrective action to remedy and mitigate any Personal Data breach, notify Company without undue delay after becoming aware of a Personal Data breach; and provide reasonable assistance to Company for it to comply with applicable law; and
- Provide reasonable assistance to and cooperation with Company for Company’s performance of its applicable Data Protection Law obligations.
- If Publisher sells Personal Data, including in connection with the delivery of digital advertising, provide explicit notice regarding the consumer’s rights under the CCPA or other Data Protection Laws, including explaining in clear terms what will happen to their data, and to notify the downstream technology companies with which the publisher does business that such disclosures were given.
- Provide consumers with and honor legally required opt out rights, including the right to opt out of the sale of Personal Data or processing data for targeted advertising on Publisher’s Site and the right to limit the processing of sensitive Personal Data (including, as applicable, via a “Do Not Sell or Share My Personal Information” link or “Your Privacy Choices” link on your Site).
- This link must provide the ability to automatically opt out of the sale or processing of personal data for targeted advertising or provide information about how to opt out of the sale.
- Please note, if Publisher engages in selling other information, such as email lists, an opt-out page should include a way for consumers to contact you (e.g., via email address and webform) to opt out of such sale.
- Read, understand, and sign the Limited Service Provider Agreement and once effective, the IAB Multi-State Privacy Agreement (“MSPA”): https://www.iabprivacy.com/
Comments
0 comments
Article is closed for comments.