Scrabble letters spelling Digital Marketing
Home Resources Articles Data protection and Affiliate Marketing - an impossible match?

Data protection and Affiliate Marketing – an impossible match?

by Usercentrics
May 5, 2020
Scrabble letters spelling Digital Marketing
Table of contents
Show more Show less
Book a demo
Learn how our consent management solution can improve privacy and user experience for your users.
Get your free data privacy audit now!

Ever since the ECJ ruling on the active consent requirement for (advertising) cookies, the online marketing industry has been in a frenzy: Will GDPR-compliant affiliate marketing even be possible in the future? And what role do Consent Management Tools play in this?  

The topic surrounding all Consent Management Platforms (CMP) has been skyrocketing – 43% of affiliate marketers find this to be the case according to a survey conducted by earlier this year. And it is not surprising at all, considering the latest legal rulings and the guidelines from the AdTech industry (ex. the IAB Transparency and Consent Framework (TCF) 2.0).

But can this shotgun wedding between affiliate marketing and CMPs work?

One thing is certain: Consent Management and Affiliate Marketing will go fully hand in hand in the future – perhaps not completely voluntarily at first, because let’s face it, who wants to break old habits? But, the affiliate industry must find ways to master the balancing act between its desire for maximum information on the one hand and the users’ desire for maximum privacy on the other. 

On the basis of which legal framework could GDPR-compliant Affiliate Marketing be conducted in the future? Every company or website operator should seek comprehensive advice from a certified lawyer specializing in data privacy. Here, the following questions should be clarified: Which category do I assign Affiliate Marketing to? And on which legal basis do I invoke a legitimate interest or user consent?

The legal interpretation of the BVDW in regards to “Affiliate Marketing in Conformity with Data Protection” is based on legitimate interest in the area of tracking. The Conference of Independent Data Protection Authorities of the Federal Government and the States (DSK), on the other hand, assumes that explicit user consent is required in order to use tracking technologies as a website operator. 

Anyone who closely observes the current trend in regulations towards ever stricter data protection requirements must expect that in future, things will change. Both advertisers and affiliates will not be able to avoid obtaining the consent of users for certain technologies, especially if the profiling or tracking of user behaviour is made possible as a result. 

The right to maximum transparency in data protection

This makes everything considerably more transparent to the user in regards to what data is collected and, above all, for what purposes it is passed on to third parties. A general right to chose is embedded in the GDPR regulations. 

A Consent Management Platform (CMP) enables website operators to give their users a right to choose when collecting their personal data. 

If the website user agrees to the use of certain technologies in a granular manner, he or she in turn enables the website operator to use the user data for personalised advertising measures.

Every website operator must carefully assess which technology is of legitimate interest (without consent) or which technology can classify obtaining consent as a legal requirement and set up his or her CMP accordingly. If you are interested in finding out how such a GDPR-compliant implementation of a CMP can look like, click here.


All in all, let’s not forget: A GDPR-compliant approach to user consent also represents a great opportunity – especially for Affiliate Marketing. Because if and only if, the data controller can prove correct, informed, concrete and explicitly gathered consent, can the use of data be legally valid.

Data-driven business models can then work not only with greater transparency with clients, but also deeper into the data. For operational purposes such as AI, tracking or retargeting, as well as for Affiliate Marketing, a legally compliant database will be an essential component in the future. This will make marketing measures focused on opt-in users even more successful.



We, as Usercentrics, assume no legal liability for the texts in our database. Please check them yourself and/or with your legal advisor.

Related Articles

End-user License Agreement (EULA)

What is an End-user License Agreement (EULA)? Here’s what you should know

End-user License Agreements (EULA) are probably the most often agreed-to but least-read contracts. We’ve highlighted what...

Maryland Online Data Privacy Act: an overview

Maryland Online Data Privacy Act: an overview

The Maryland Online Data Privacy Act takes effect on October 1, 2025. It includes stricter privacy compliance...