bizdev close data download founders icon--facebook icon--instagram icon--linkedin icon--twitter icon_facebook icon_linkedin icon_twitter marketing-design product support-ops tech tick Skip to content

Skimlinks GDPR resource page

What do I need to know about GDPR and Skimlinks?

  1. You need to be GDPR compliant as a publisher if you have any EU traffic.
  2. We’ve updated our privacy policy and its requirements.
  3. When and how is consent required for EU end-users?
  4. We are enabling a GDPR revenue protection feature for our publishers.

1. Being a GDPR-compliant publisher

We are anticipating you will be GDPR-compliant by May 25th if you have any EU traffic, which involves a number of changes to your website.

If you need help understanding GDPR, we’ve published a free 12-page Practical Guide to GDPR for publishers. Last updated on April 25th with more guidance on consent management tools.

Otherwise we have some frequently asked questions about GDPR compliance with Skimlinks, such as what personal data we process.

2. Skimlinks privacy policy update

We updated our privacy policy on 27/04/2018. You can read the updated privacy policy here.

We have included our new obligations as a controller of personal data under GDPR, which can be quickly summarised as:

  1. Explanation of what personal data we collect and why, as well as what we share with third parties.
  2. Our legal basis for processing personal data. We use a mixture of consent and legitimate interest for processing personal data.
  3. Provision of end-user data protection rights for access, erasure etc. of personal data. This will be available at in early May.
  4. Explanation of how long we retain personal data, and how we transfer it internationally.

Publishers are bound by our terms of service to adhere to our privacy policy and make certain disclosures (usually in your own privacy policy) and capture consent:

  1. Publishers need to tell their end-users they are using Skimlinks.
  2. Publishers need to provide details of the cookies dropped by Skimlinks, what information Skimlinks collects and how it uses the information.
  3. If a publisher has EU traffic, you must get consent for cookies, and consent for certain uses of personal data (see section 3 & 4 below on how we can help).
    For more details and suggested wording please read ‘Section 2: Publishers’ in our privacy policy.

3. When and how is consent required for EU end-users?

(a) Cookies

For any use of cookies, consent is always required to place any cookies on a user’s device (except strictly necessary ones). This is an existing requirement by the ePrivacy Directive, which publishers have historically used “cookie banners” for. However with GDPR in force, the consent requirements for placing cookies fall under the new GDPR standards, so you should check if your cookie banner is sufficient any more.

(b) Affiliate links

If you are using Skimlinks/affiliate links, there are times when consent is required to be granted by an EU end-user to capture their data. Some major affiliate networks require GDPR consent for affiliate links, and if consent is not captured, a link may not be tracked and potential commissions will be lost. Other affiliate networks do not require additional consent for affiliate links.

(c) Skimlinks Audiences

For Skimlinks Audiences, since we are sharing end-user audience profile data with third parties, consent will be required 100% of the time to continue to earn data revenues from EU end-users.

How do I get consent?

Fear not, if you don’t have a way of capturing consent, there are several free and paid consent tools out there for you. These tools pop-up boxes to capture GDPR consent when an end-user visits the website, which you can install just like Skimlinks by adding a line of code to your site. Our Practical Guide to GDPR for Publishers has a list, but if you want a quick recommendation we suggest Quantcast Choice. It is free, GDPR compliant and has no catch for using their tool (we have no commercial relationship with Quantcast).

Once you set up your consent tool, you will need to choose which ‘purposes’ you get consent for. Our FAQs and Guide have more help on this.

If an end-user grants consent, this is stored usually for 12 months, so the request does not need to happen again before then (unless the end-user deletes their cookies or withdraws consent).

4. Skimlinks GDPR revenue protection feature

On Wednesday 2nd May, we plan to turn on a GDPR revenue protection feature for all publishers that captures EU end-user consent when consent is required but not yet granted.

This is designed to be a safety net in addition to your own consent management solution and will help prevent loss of EU affiliate and audience revenues. The feature simply checks for existing consent, and if not present, provides a streamlined ‘in-the-moment’ consent capture after the merchant link is clicked. As a publisher you do not need to make any changes to benefit from it.

How does Skimlinks decide when to capture consent?

  1. As Skimlinks aggregates together multiple affiliate networks, we know which networks require consent and which do not.
  2. We will be able to do a live check if the end-user already gave consent via your own consent tool or elsewhere on the Internet, so that we don’t duplicate the request.
  3. Therefore, the GDPR revenue protection feature will capture consent when it is required but not yet granted.

Consent will not be captured for non-EU users. If affiliate networks change their position on consent, we will automatically update our capture logic in step 1.

What does the feature do?
It works automatically for any publisher who is running the Skimlinks Javascript, with no changes required.

  1. When an EU end-user clicks on a merchant link.
  2. Skimlinks will pop-up a short message to capture consent for affiliate and advertising purposes.
  3. If the end-user accepts, we store a record of that consent. If the user does not, they still continue on to the merchant as usual.


How well does it perform?

In the last few months we have run beta-tests with over 200 publishers and

fine-tuned the user experience, resulting in exceptionally positive opt-in

consent rates (+90%) – meaning your affiliate and audience revenues will be as best protected as possible.

Do I still need a separate consent tool?
Yes – our feature is only designed to help protect your Skimlinks revenues. Think of it as a “companion” to your main consent tool, which you will need to capture consent for other services on your site. Refer to our Practical Guide to GDPR for Publishers for recommendations, which include free consent tools.

I already have a consent management tool, do I need this?
Absolutely – the feature works in tandem with your (IAB compatible) consent management tool, meaning the Skimlinks feature will only become visible if the user has not already consented via your consent management tool. It takes away the complexity of knowing which affiliate networks require consent. Think of the Skimlinks feature as a “safety net” to maximise the chance of retaining 100% of your EU revenues. Our capture will not interfere with any of your existing consent management tools as it only happens ‘on-click’.

We believe this strikes the right balance between data compliance, consumer transparency and publisher revenue.

If you are confident about achieving high consent rates before affiliate links are clicked and do not want to participate, please contact us at [email protected] and send us details of your solution for review, and we will stop your participation.

Is the Skimlinks GDPR consent capture compatible with IAB?
Yes – our GDPR revenue protection consent feature is registered with the IAB consent framework, which means we are able to read in real-time the status of consent, not duplicate consent requests, and pass consent to other partners. It also means we commit to a standard of consent management. You can see us listed as a supporter here.

What if I have questions or concerns about this feature?
We plan to roll this out to every publisher to help protect their revenues on Wednesday 2nd May, and you do not need to do anything for it to be enabled. However if you have any questions or concerns, please get in touch at [email protected].

Disclaimer: This guidance is provided for information purposes only and is not a definitive statement of law. Skimbit Limited (“Skimlinks”) is not liable for any damages arising in contract, tort or otherwise from the use of this guide or from any action or decision taken as a result of using this guide. The guide comprises Skimlinks’ views; they do not constitute legal or other professional advice. You should consult your professional adviser for legal or other advice.


Close menu
Log in to your account
Are you a Merchant or Affiliate Network?
Contact us
Message received. Thank you!