GDPR and location targeting – what should digital media agencies be aware of?

In today’s fast-developing world, businesses are increasingly exploiting data to optimize their products and processes. However, using personal data can conflict with consumers’ and employees’ privacy expectations, especially with location targeting.

Digital media agencies use location targeting (or geo-targeting) to collect users’ data and then deliver ads, content, or services based on their location. This technique helps marketers use location tracking to target users, notify them, and provide them with services.

Despite their convenience for businesses, targeted advertisements

rely heavily on data collectors with constant access to people’s personal information.

These practices are restricted under the European Union (EU) General Data Protection Regulation (GDPR).

How does GDPR impact location targeting, and what should digital media agencies be aware of when using such techniques?

  1. The impact of GDPR

The GDPR aims to protect individuals’ personal data. The regulation applies to all EU-members, and all businesses worldwide dealing with the EU market, including companies engaging in location-based marketing. Failing to comply with the rules will result in charges and penalties.

As a result, digital media agencies started implementing new business models, technologies, and data processing methods that sync with the new regulations. They are now required to follow tight rules regarding data collection and their location data practices.

According to some industry actors, location data is not personally identifiable. However, if data is collected frequently, identifying the user becomes easy in certain times and certain places.

The GDPR put an end to the debate and classified location data as personal data. Article 3(2) provides that the GDPR “applies to the processing of personal data of data subjects who are in the Union.”

That being said, location targeting and, consequently, data collection will be more difficult in Europe as digital media agencies will have to comply with stricter requirements.

  1. GDPR requirements

Since the implementation of the GDPR, firms are required to inform and to get active consent from their users to collect their location data. The permission to track users can no longer be “hidden in the small print of an onerous privacy policy, nor will a simple opt-in ‘pop-up’ on an app necessarily be adequate” (Trussell, 2019).

Every marketer is required to share bold and transparent information about why they need the data, what kind of marketing process they are adopting, and how personal data can benefit location-based marketing. Once permission is granted, the data is then collected, managed, and protected according to the standards defined in the GDPR.

Moving forward

Businesses will have to optimize their agreements and clauses based on the GDPR rules to access the required data efficiently. These changes require time and effort that could slow down the marketing industry’s growth for a while.

If you are a digital media agency and would like to know more about GDPR requirements and how to comply, you can book a consultation with a data protection lawyer on Lexyom

Read more articles on