For persons located in the EU: The EU General Data Protection Regulation ("GDPR") will come into force on 25 May 2018. The GDPR updates and will replace existing EU Member States laws based on the EU Data Protection Directive (46/95/EC).  As privacy and data protection is important to us, we are providing you with the additional information you are entitled to receive under the GDPR.

We have included information about how we process your data, and here we’re explaining the basis on which we do so:

  • Where you sign up for any of our products or services, we process your personal data in order to perform our contract with you;
  • We may process your personal data where an EU law requires us to;
  • If we have a legitimate interest in processing data, such as for direct marketing or research purposes; or
  • We will also process your personal data where you have provided us with consent to do so.

The GDPR also gives you additional data protection rights and you may request the following from us:

  • To correct any personal data that is incorrect or incomplete;
  • To object to our processing of your personal data, in certain circumstances, if we are processing it on the basis of our legitimate interest;
  • To object to any automated decision-making based on your conduct, such as analytics for direct marketing conducted by us.  We perform automated processing when using cookies placed on third party websites for web audience measurement, which measure how you interact with and use different publishers’ websites, or to analyze TV viewing habits where you participate in one of our research communities, and from our panelists;
  • To withdraw your consent to our processing of your personal data;
  • To complain to the national data protection authority in your country of residence. 

We use automated processing for marketing and media research and for measuring advertising. Our methods of conducting this form of processing include: collecting data from our census digital network implementing software code, referred to as “tagging”; measuring ad placement, viewability, user engagement, brand safety and audience size; obtaining television viewership information from satellite, telecommunications and cable operators covering set top boxes and Video on Demand (VOD) viewership; measuring gross receipts and attendance information from movie theaters. Web audience internet usage and TV viewing information and survey results are used together with information from millions of other research panel members to create research reports on Internet trends, TV viewing habits, e-commerce and mobile device activities.  In most cases, this information is pseudonymized and/or anonymized and will not identify you by name or household. In some instances, we utilize longitudinal behavior data for an ID to infer audience segment (interest and demographic) membership for use in our reporting This is a probability and not a direct read of this.

If we collect and process your personal data to fulfill products and services you request or to meet contractual terms, we may not be able to fulfill your request or our contractual commitments without such personal data. Where you seek to exercise a right, we may request additional information from you to help us verify you and to help us respond to your request.

comScore is a recognized global leader in cross-platform measurement of audiences, advertising and consumer behavior. Built on precision and innovation, comScore combines proprietary TV, digital and movie viewing data with vast demographic details to measure consumers’ multiscreen behavior at scale. With more than 3,200 clients and a global footprint in 70 countries, comScore is delivering the future of media measurement.

comScore products and services help our customers measure audiences and consumer behavior across media platforms, while also providing a validation of advertising delivery and its effectiveness. Our products and services are organized around four major offerings:

  • Digital Audience Measurement: provides the size, behavior and characteristics of online audiences across multiple digital platforms including computers, tablets, smartphones, game consoles and other connected devices.
  • Advertising Measurement:  provides end-to end solutions for planning, optimization and evaluation of advertising campaigns.
  • TV and Cross-Platform Measurement: measures consumer viewership of television content for both linear and on-demand viewing in the U.S. at the national level and in [all 210] local markets.  Provides an unduplicated view of cross-platform consumer behavior when integrated with our Digital Audience and Advertising Measurement products and services.
  • Movie Measurement: precisely measures movie viewership, uses social media and exit polling to capture audience demographics and sentiment and provides tools to the largest movie studios and movie theater customers around the world.

The following identifies the different categories of recipients with who we may share your personal data. This may include:

  • Our selected third party partners;
  • Third party data enrichers, data quality aggregators and providers of data cohort matching services;
  • Our customers;
  • Our vendors, consultants, agents, contractors, and other service providers that we use to support our business;
  • Joint industry committees (“JIC’s”) involved in media audience measurement and research. Further details of JIC’s can be found here: http://i-jic.org/about_us;
  • comScore affiliates, subsidiaries, or parent companies; and
  • A prospective seller or buyer in the event of a sale or purchase of any comScore business or asset.

The GDPR Preparedness Kit – May 2018 is Coming

Here is a comScore FAQ to help you with your GDPR compliance.[1]

Executive Summary  

  • The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018.
  • Most of comScore products fall under GDPR. As comScore collects, stores and uses personal data, it is 'processing’ personal data and subject to the rules under the GDPR; comScore additionally sells market solutions in the EU commercial marketplace.
  • Under GDPR, we are required to update contract provisions with any company where we provide, receive or exchange data with that company. We have done this outreach in March and April of 2018.
  • You can direct any questions to GDPR@comscore.com.

 

What is the GDPR?

  • The General Data Protection Regulation (GDPR) is a new European Union (EU) law that will update and replace all existing national data protection legislation in Europe. It will apply and be enforced across all EU and European Economic Area (EEA) markets from May 25, 2018.
  • The GDPR is a comprehensive reform because it applies directly to all EU and EEA markets and therefore represents one data protection law applicable across all of the EU. However, the GDPR does allow EU countries to issue their own data protection laws on some topics.  
  • The GDPR will have a global impact: it imposes new rules on companies – regardless of their location - that offer goods and services directly to people in the EU, or that ‘monitor’ their behavior (e.g. for analytics or behavioral targeting purposes).
  • The GDPR introduces new rules for the governance of personal data, building upon existing EU data protection laws. It broadens the scope of personal data to include scenarios where an individual is both “identified” and “identifiable” and specifically includes the use of online identifiers (e.g. cookies).  

 

What does comScore do?

comScore is a recognized global leader in cross-platform measurement of audiences, advertising and consumer behavior.  Built on precision and innovation, comScore combines proprietary TV, digital and movie viewing data with vast demographic details to measure consumers’ multiscreen behavior at scale.  With more than 3,200 clients and a global footprint that spans more than 75 countries, comScore is delivering the future of media measurement.

Our Products and Services
comScore products and services help our customers measure audiences and consumer behavior across media platforms, while also providing a validation of advertising delivery and its effectiveness. 

Our products and services are organized around four major offerings:

  • Digital Audience Measurement: provides the size, behavior and characteristics of online audiences across multiple digital platforms including computers, tablets, smartphones, game consoles and other connected devices.
  • Advertising Measurement:  provides end-to end solutions for planning, optimization and evaluation of advertising campaigns.
  • TV and Cross-Platform Measurement: measures consumer viewership of television content for both linear and on-demand viewing in the U.S. at the national level and in [all 210] local markets.  Provides an unduplicated view of cross-platform consumer behavior when integrated with our Digital Audience and Advertising Measurement products and services.
  • Movie Measurement: precisely measures movie viewership, uses social media and exit polling to capture audience demographics and sentiment and provides tools to the largest movie studios and movie theater customers around the world.

Third Party Accreditation, Certification and Review
comScore is committed to providing the market with transparency into the methods, methodologies, practices and techniques we use in our measurement. To do so, we continuously engage with third-party auditors around the world to prove the soundness of our measurement methods. Learn more at https://www.comscore.com/About-comScore/Third-Party-Review.

 

Does the GDPR apply to comScore?

  • Yes. ‘Processing’ means any operation performed on personal data, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destructing. As comScore collects, stores and uses personal data it is ‘processing’ personal data and subject to the rules under the GDPR.

The following are examples of our data sourcing:

  • Digital Audience Measurement:  We have created an opt-in Total Home Panel® which can capture all forms of data that run through a home’s internet connection.  This expands our intelligence to include OTT and IOT behavior and is captured in an aggregate form.
  • Advertising Measurement:  We integrate many of our services with ad serving platforms. We collect data from our census digital network implementing software code, referred to as “tagging.”
  • TV: We obtain television viewership information from satellite, telecommunications and cable operators covering set top boxes and Video OnDemand (VOD) viewership.
  • Movie Measurement: We measure gross receipts and attendance information from movie theaters.  

 

What ‘personal data’ does comScore collect?

As you can see from above, comScore collects personal data through a variety of ways, including directly from individuals who are panelists, from publishers or third parties that comScore may partner with. 

  • The types of personal data collected about individuals may include, for example, user demographic data (i.e. region, language, age group, gender, etc.), the types of cookies deployed to an individual’s device, URLs/websites and webpages visited and other web browsing activity data, device identifiers and information included in online forms the individual may have completed. 

 

What is the ePrivacy Regulation (ePR)?

  • The ePrivacy Regulation is a draft piece of legislation being discussed in the EU with the aim of reforming the existing ePrivacy Directive (aka ‘cookie directive’) which requires the user’s informed consent for the storing of information of a device or accessing that information (e.g. via a cookie or Advertising ID). It aims to align with the GDPR but as a sector-specific regulation for electronic communications, ComScore will need to comply with it as well as the GDPR. The ePrivacy Regulation has not yet been agreed upon and it is still in draft form. We will continue to monitor updates on the ePrivacy Regulation as necessary but it will not distract us from preparing for the GDPR.

 

What is comScore doing to comply with GDPR?

  • comScore has significant experience in protecting data, championing privacy, and complying with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. 
  • comScore is in the process of taking all necessary steps to comply with the GDPR, including evaluating all our data processing activities and reviewing contracts as well as privacy and security policies, and procedures, to ensure that they are in line with the GDPR in advance of the May 25, 2018 deadline.
  • We are also reviewing how we communicate our data processing activities and privacy policies in our ‘Privacy Notice’. The GDPR outlines very clear transparency requirements for organizations and we will be setting out the “who, how, what, why, where and what” of comScore’s data processing activities in clear and plain language.
  • comScore complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area and Switzerland to the United States. To learn more, please view our EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Statement
  • comScore has been actively engaged in several key industry and legal organizations to better understand the GDPR requirements.  These organizations include: ESOMAR, IAB GDPR Implementation Working Group, Association of Corporate Counsel (ACC), International Association of Privacy Professionals (IAPP).  

 

Can you provide some insight on your data security?

  • Our Information Security team has implemented a number of security controls pertaining to comScore’s business, including:
    • SSAE16 SOC 1 and SOC 2 compliant data centers
    • DDOS prevention service
    • Intrusion detection/prevention services
    • Encryption of data in transit and at rest
    • Disaster recovery plan and failover site
    • Security and privacy awareness training for employees and vendors

If you have additional questions, please contact us at gdpr@comscore.com.

[1] Legal disclaimer: This should not be construed as legal advice nor is intended to be a complete listing of GDPR obligations. comScore recommends that entities subject to legislation seek legal counsel from qualified sources.