What do I need to know about GDPR and Collective Voice?
- What exactly is GDPR?
- Does GDPR affect me?
- Updated Collective Voice terms of service and its requirements
- When is consent required for EU end-users?
- What do I have to do to be compliant with GDPR?
- Retailer Changes for the EU
This guide does not constitute legal advice: You should seek your own legal counsel on your responsibilities under the GDPR.
1. What exactly is GDPR?
A regulation from the European Union that came into action on May 25, 2018. It’s about the management of personal data and privacy for any European user. Find out more here.
Think about GDPR from your visitor’s perspective and this basically breaks down to two concepts: transparency and control. You need to give your visitors transparency about what personal data you are collecting, what you are doing with it, and if you are sharing it (and with whom). And, you need to allow them control over what you can do with their personal data (, let them decide to what level they are comfortable with you using their personal data). If you get these two things right, you are on the path to GDPR compliance.
2. Does GDPR affect me?
We are anticipating you will be GDPR-compliant by May 25, 2018 if you reside in the EU and/or have any EU traffic, which involves a number of changes to your blog.
3. Collective Voice Terms of Service Update
We updated our terms of service on 3/7/2023. You can read the updated terms policy here (Section 14 covers Data Regulations and GDPR).
- 16. Data Regulations.
You shall take all necessary and proper measures to protect personal privacy on your Creator Properties, including, without limitation, making all appropriate privacy and data collection and/or data usage disclosures in accordance with Applicable Laws. You will comply with the obligations under applicable data protection, privacy or similar laws that apply to data processed in connection with this Agreement. If you operate from the European Economic Area ("EEA") or you market to or target individuals in the EEA or you collect or otherwise process any personal data (as defined by the Regulation (EU) 2016/679 ("GDPR")) from users in the EEA, then you agree to comply with the GDPR and the Directive 95/94/EC (collectively, Data Regulations"). You shall inform users in a prominent manner that you use tracking devices and cookies for advertising purposes, and obtain user consent to place tracking devices, such as cookies (including those enabled by Collective Voice, if any) on such users’ computers and devices. You will share such consent with Collective Voice in a manner that is mutually agreed upon and provide users the ability to withdraw such consent, in each case via the technology made available to you by Collective Voice or such other consent tool approved by Collective Voice. You will cooperate with Collective Voice as reasonably requested to enable the compliance with this Section.
4. When is consent required for EU end-users?
In the interests of transparency, the GDPR requires you to obtain user consent for some processes related to the user’s personal data. Please see below for common examples of where this is required.
(a) Cookies: For EU end-users, consent is always required for the use of any cookies (except strictly necessary ones). This is an existing requirement of the ePrivacy Directive, which creators have historically used “cookie banners” for. However with GDPR in force, the consent requirements for placing cookies fall under the new stricter standards. You should check to see if your cookie banner sufficiently meets GDPR requirements. For more information on consent requirements, please click here.
(b) Affiliate links: If you are using Collective Voice/affiliate links, there are times when consent is required to be granted by EU end-users to capture their data. Some major affiliate networks require GDPR consent for affiliate links, and if consent is not captured, a link may not be tracked and potential commissions will be lost. Other affiliate networks do not require additional consent for affiliate links.
5. What do I have to do to be compliant with GDPR?
If you don’t have a way of capturing consent, there are several free and paid consent tools out there for you. These tools pop-up boxes to capture GDPR consent when an end-user visits your blog, which you can install just like a Collective Voice widget by adding a line of code to your blog.