Let's say, I have consent (double opt-in) from a person who lives in Europe or who has an EU citizenship.
Can I track their behavior such as opened an email or clicked an email since s/he gave me a consent?
Does anyone know?
Hi Sule - first, remove the "who has an EU citizenship" piece. GDPR doesn't look at citizenship or residency. It applies to anyone that's IN THE EU. An American, a Canadian, an Australian, an Italian... everyone.
Have a look at these two great posts that include additional detail to what you're asking:
Thanks Dan for your prompt response.
My understanding was that it applies to anyone that's in the EU and it includes also "who has an EU citizenship" -it doesn't matter they live in Europe or not - that's why me any my organization will apply GDPR standards to not only Europe but globally.
Please see below;
"The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site. "
"Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process 'in context of an establishment'. This topic has arisen in a number of high profile court cases. GPDR makes its applicability very clear - it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU. "
These statements have been taken from www.eugdpr.org
Please correct me if my understanding is wrong.
Yes, if the EU citizens are also in the EU, then GDPR applies to them. And realistically, this is the primary audience. But there are circumstances where GDPR does not apply - take this example:
A German citizen lives in NY and works for JP Morgan/Chase. This person also exists in our marketing database. Since he/she is not in the EU, GDPR does not apply to them and we must only consider the US CAN-SPAM laws when marketing to this person.
There are website compliance software solutions that can present the website visitor with the choice to allow or block cookies by type. For example, they scan your website on a regular basis and present the visitor with an update list of cookies. They inform the visitor what the cookie does and allows them to both give and withdraw consent. As long as they give consent to your Marketo tracking cookie - you can use that.
If this sounds like it may be of interest message me for more details email@example.com.
Best of luck!
We're in the process of deploying the solution from OneTrust into our site (and Marketo LPs): https://onetrust.com/products/cookies/
Here's a visual example of how this works. When you initially visit a site, you'll see a notification banner at the top/bottom:
If the user does not consent to having cookies placed on their device/browser, they have an option to disable these:
Some solutions are provided in the community using some JS.
You also can open a free Onetrust account and use it on your LP templates.