Privacy by Design
SITU8ED‘s products are designed for GDPR, they have been built from the outset following the principles of ‘Privacy by Design’.
We see GDPR as an opportunity rather than a constraint, an opportunity to provide differentiated product that puts privacy at the core of the architecture, minimising the access to personal data and the need to share personal data.
Location is a particularly sensitive subject – location can reveal much about people of interest to marketeers, but also much that we as members of the public would prefer to keep private.
GDPR recognises this both in calling out location coordinates as personal data and in highlighting their sensitivity when they reveal passage in cancer wards, HIV clinics, religious centres, prisons, military bases, …
SITU8ED‘s products can never report on sensitive places, they neither store or share location data, and they ensure that all results are anonymous as defined by GDPR and therefore in general exempt from the legislation.
Ad Ids, Consent and User Rights
Much of the Ad Tech stack still uses Advertising Ids which are personal data. We therefore support a variant where our otherwise anonymous results are tagged with Ad Ids, making them pseudonymous.
With Advertising Ids, host applications must collect consent for all controllers that receive these Ids for use in profiling. Receiving controllers must be support end-user rights over this information, but are already liable to do this if they already receive the Ad Ids.
Without Ad ids, use of SITU8ED‘s products requires only that the host application has permission to access the GPS, and that it declares that this information will be used for profiling. End user rights are entirely addressed within the SITU8ED products.