For persons located in the EU: The EU General Data Protection Regulation ("GDPR") will come into force on 25 May 2018. The GDPR updates and will replace existing EU Member States laws based on the EU Data Protection Directive (46/95/EC).  As privacy and data protection is important to us, we are providing you with the additional information you are entitled to receive under the GDPR.

We have included information about how we process your data, and here we’re explaining the basis on which we do so:

  • Where you sign up for any of our products or services, we process your personal data in order to perform our contract with you;
  • We may process your personal data where an EU law requires us to;
  • If we have a legitimate interest in processing data, such as for direct marketing or research purposes; or
  • We will also process your personal data where you have provided us with consent to do so.

The GDPR also gives you additional data protection rights and you may request the following from us:

  • To correct any personal data that is incorrect or incomplete;
  • To object to our processing of your personal data, in certain circumstances, if we are processing it on the basis of our legitimate interest;
  • To object to any automated decision-making based on your conduct, such as analytics for direct marketing conducted by us.  We perform automated processing when using cookies placed on third party websites for web audience measurement, which measure how you interact with and use different publishers’ websites, or to analyze TV viewing habits where you participate in one of our research communities, and from our panelists;
  • To withdraw your consent to our processing of your personal data;
  • To complain to the national data protection authority in your country of residence. 

We use automated processing for marketing and media research and for measuring advertising. Our methods of conducting this form of processing include: collecting data from our census digital network implementing software code, referred to as “tagging”; measuring ad placement, viewability, user engagement, brand safety and audience size; obtaining television viewership information from satellite, telecommunications and cable operators covering set top boxes and Video on Demand (VOD) viewership; measuring gross receipts and attendance information from movie theaters. Web audience internet usage and TV viewing information and survey results are used together with information from millions of other research panel members to create research reports on Internet trends, TV viewing habits, e-commerce and mobile device activities.  In most cases, this information is pseudonymized and/or anonymized and will not identify you by name or household. In some instances, we utilize longitudinal behavior data for an ID to infer audience segment (interest and demographic) membership for use in our reporting This is a probability and not a direct read of this.

If we collect and process your personal data to fulfill products and services you request or to meet contractual terms, we may not be able to fulfill your request or our contractual commitments without such personal data. Where you seek to exercise a right, we may request additional information from you to help us verify you and to help us respond to your request. Click here to learn more about your Data Subject Rights under GDPR.

comScore is a recognized global leader in cross-platform measurement of audiences, advertising and consumer behavior. Built on precision and innovation, comScore combines proprietary TV, digital and movie viewing data with vast demographic details to measure consumers’ multiscreen behavior at scale. With more than 3,200 clients and a global footprint in 70 countries, comScore is delivering the future of media measurement.

comScore products and services help our customers measure audiences and consumer behavior across media platforms, while also providing a validation of advertising delivery and its effectiveness. Our products and services are organized around four major offerings:

  • Digital Audience Measurement: provides the size, behavior and characteristics of online audiences across multiple digital platforms including computers, tablets, smartphones, game consoles and other connected devices.
  • Advertising Measurement:  provides end-to end solutions for planning, optimization and evaluation of advertising campaigns.
  • TV and Cross-Platform Measurement: measures consumer viewership of television content for both linear and on-demand viewing in the U.S. at the national level and in [all 210] local markets.  Provides an unduplicated view of cross-platform consumer behavior when integrated with our Digital Audience and Advertising Measurement products and services.
  • Movie Measurement: precisely measures movie viewership, uses social media and exit polling to capture audience demographics and sentiment and provides tools to the largest movie studios and movie theater customers around the world.

The following identifies the different categories of recipients with who we may share your personal data. This may include:

  • Our selected third party partners;
  • Third party data enrichers, data quality aggregators and providers of data cohort matching services;
  • Our customers;
  • Our vendors, consultants, agents, contractors, and other service providers that we use to support our business;
  • Joint industry committees (“JIC’s”) involved in media audience measurement and research. Further details of JIC’s can be found here: http://i-jic.org/about_us;
  • comScore affiliates, subsidiaries, or parent companies; and
  • A prospective seller or buyer in the event of a sale or purchase of any comScore business or asset.

The GDPR Preparedness Kit 

What is the GDPR?

  • The General Data Protection Regulation (GDPR) is a new European Union (EU) law that updates and replaces all existing national data protection legislation in Europe. It is effective and applies across all EU and European Economic Area (EEA) markets from May 25, 2018.
  • The GDPR is a comprehensive reform because it applies directly to all EU and EEA markets and therefore represents one data protection law applicable across all of the EU. However, the GDPR does allow EU countries to issue their own data protection laws on some topics.  
  • The GDPR imposes new rules on companies – regardless of their location - that offer goods and services directly to people in the EU, or that ‘monitor’ their behavior (e.g. for analytics or behavioral targeting purposes).
  • The GDPR introduces new rules for the governance of personal data, building upon existing EU data protection laws. It broadens the scope of personal data to include scenarios where an individual is both “identified” and “identifiable” and specifically includes the use of online identifiers (e.g. cookies).  

 

What is personal data?

GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Does the GDPR apply to comScore?

  • Most comScore products fall under GDPR. As comScore collects, stores and uses personal data, it is 'processing’ personal data and subject to the rules under the GDPR; comScore additionally sells market solutions in the EU commercial marketplace.
  • ‘Processing’ means any operation performed on personal data, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing or destructing. As comScore collects, stores and uses personal data it is ‘processing’ personal data and subject to the rules under the GDPR.

 

What ‘personal data’ does comScore collect?

comScore collects personal data through a variety of ways, including directly from individuals who are panelists, from publishers or third parties that comScore may partner with. 

  • The types of personal data collected about individuals may include, for example, user demographic data (i.e. region, language, age group, gender, etc.), the types of cookies deployed to an individual’s device, URLs/websites and webpages visited and other web browsing activity data, device identifiers and information included in online forms the individual may have completed. 

 

What is comScore doing to comply with GDPR?

  • comScore has been focused on developing and implementing a GDPR program that reflects the significant importance of privacy and security to our business, our clients and partners, and each of us individually.  Our accomplishments under this program are many, including updating our privacy policies, implementing technology changes to protect the data we collect and store, implementing data protection practices related to our third parties and much more. 
  • comScore complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area and Switzerland to the United States. To learn more, please view our EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Statement
  • comScore has been actively engaged in several key industry and legal organizations to better understand the GDPR requirements.  These organizations include: ESOMAR, IAB GDPR Implementation Working Group, Association of Corporate Counsel (ACC), International Association of Privacy Professionals (IAPP). comScore is also a registered vendor of the IAB Consent Management Platform (CMP).

 

Can you provide some insight on your data security?

  • Our Information Security team has implemented a number of security controls pertaining to comScore’s business, including:
    • SSAE16 SOC 1 and SOC 2 compliant data centers
    • DDOS prevention service
    • Intrusion detection/prevention services
    • Encryption of data in transit and at rest
    • Disaster recovery plan and failover site
    • Security and privacy awareness training for employees and vendors

Additionally, comScore has processes and procedures in place that will allow us to respond and provide the required notifications in the event of a data breach.

 

How can I exercise my data rights?

If we collect and process your personal data to fulfill products and services you request or to meet contractual terms, we may not be able to fulfill your request or our contractual commitments without such personal data. Where you seek to exercise a right, we may request additional information from you to help us verify you and to help us respond to your request. Click here to learn more about your Data Subject Rights under GDPR.

 

Does comScore have an appointed DPO?

Yes, comScore has identified and appointed two Data Protection Officers: Amy Yeung, Deputy General Counsel of Privacy, and Louis Zwager, Senior Counsel. You can contact them at gdpr@comscore.com.

 

I am a digital media owner. Where can I find more information about GPDR compliance and what I need to do?

Please visit and log into comScore Direct for more information.