<b>Q: I run EU traffic. Whose job is GDPR consent — mine, the network's, or the advertiser's?</b>
A: Short and unwelcome answer: probably yours too, more than you'd like. GDPR (the EU data-protection law) assigns responsibility to whoever decides why and how personal data is processed — and if you set up the tracking and collect the lead, that often includes you.
In a typical affiliate flow there can be several <i>controllers</i> (parties deciding the data use), not one. The advertiser is a controller for their CRM. The network is often a controller for conversion data. And if your landing page drops tracking cookies or collects form data before a user consents, you're processing personal data of EU residents — which pulls you in.
Practical baseline for EU/UK traffic:
— A real consent banner that blocks non-essential tracking until the user opts in (not a pre-ticked box).
— A privacy policy naming who receives the data downstream.
— Don't fire tracking pixels before consent on EU visitors.
This isn't legal advice, and your obligations depend on what you actually collect. But 'the network handles it' is a risky assumption when your own page sets cookies.
Short version: in EU flows there's usually more than one controller, and your landing page can make you one. Banner, policy, no pre-consent pixels.
Still stuck? Drop your case in the comments.
Clean Traffic Desk
@CleanTrafficDesk
<b>Q: I run EU traffic. Whose job is GDPR consent — mine, the network's, or the advertiser's?</b>
Этот пост опубликован в Telegram-канале Clean Traffic Desk. Подписаться можно по ссылке: @CleanTrafficDesk.