The fine line that runs between keeping tabs on consumer behavior and interests – and invading their online privacy – is a tricky one. We’ve all had the experience of looking up something on a browser, only to see it appear suddenly as sponsored content on our Facebook feed or finding it in our Skype sidebar or favorite news site marked as paid content. The sense that someone is watching your every move online isn’t simply paranoia – your actions are, in fact, being tracked by the companies whose services you are using, so-called data brokers.

Information, or in its commercial form, data, is a commodity today, and the easily-minable source of this information is none other than we, the consumer. In fact, we give away our information easily, even if we’re aware of the fact that our information is being monitored and probably being sold to interested parties.

And just when it seems that everyone was happy with this status – as long as both sides were getting what they wanted/needed – the European Parliament decided that party was over, passing the General Data Protection Regulation (GDPR), which will be enforced as of May 25, 2018.

Let’s look a bit closer at the requirements. First, personal data is essentially any information that can be used to directly or indirectly identify the person. This can include the person’s name, a photo, an email address, bank details, posts on social networking websites, medical information, or their computer IP address.

There are also two levels of data “holders” – data processors and data controllers. Data controllers are companies that determine the purposes, conditions and means of processing the aforementioned personal data. Data processors are simply the entity that processes the personal data for the controllers. In the world of video, the former are companies that create the video platform, while the latter are the operators and service providers.

So far so good. GDPR is essentially requiring companies to obtain user consent to gather and keep data, and to erase data when consumers ask to do so. The regulation specifies that user consent must be “provided in an intelligible and easily accessible form, using clear and plain language”. No less important, users must be able to withdraw consent as easily as they give consent. For sensitive personal data, this means a clear “opt-in” and “opt-out” solution.

But is it really all bad news?

While it looks as though the main burden of meeting GDPR appears to rest on the data processors, who must obtain consent for gathering the data, in fact, the data controllers are equally required to meet the GDPR regulations, especially those that are designed to protect user information from data breaches (Yahoo, eBay, Target just to name a few…).

But wait, you said something about good news? Well, yes. Because the consumer will be consciously opting-in and agreeing to share data, the information we have will be clearer and more targeted. This is a definite win for Targeted TV and audience segmentation. It means that if the consumer has already opted-into the data gathering, he or she is not only willing to share information, but expecting us to provide information that’s customized to their needs.

And despite the headache of compliance, that’s still a definite win.