All articles

April 20, 2026 · 4 min read

Data Protection and Streaming Advertising: What You Should Know as an Advertiser

How data protection works in streaming advertising: GDPR, ePrivacy and EMFA explained simply, why CTV works without invasive tracking, and what that means for you.

Data protection in streaming advertising: GDPR, ePrivacy and EMFA explained

Data protection is a sore point for many advertisers, especially at small and medium-sized businesses that do not have their own legal department. The good news: streaming advertising on the big screen works fundamentally differently from the tracking-heavy world of feeds and mobile. This article explains the legal framework in plain terms, shows why connected TV works without invasive tracking, and what that concretely means for you.

One note upfront: this is general information, not legal advice. For your specific case, you should consult a specialized lawyer or your data protection officer if in doubt.

The legal framework in Europe

Three sets of rules are relevant. The General Data Protection Regulation (GDPR) governs how personal data may be processed and requires a legal basis for it, often consent. The ePrivacy rules add to this for access to end devices, for example setting cookies. For most digital campaigns, this means: without valid consent, no tracking may run.

Added to this recently is the European Media Freedom Act (EMFA, Regulation (EU) 2024/1083). It entered into force in May 2024, and its audience measurement provisions have applied since August 2025. Article 24 obliges providers of audience measurement systems to ensure greater transparency, traceable methods and annual independent audits. Important for you: this obligation applies to measurement providers and large platforms, not to you as an advertiser. The effect is still in your interest, though, since comparable and verifiable audience figures create a fairer market in which you can better judge what your advertising is actually delivering.

Why streaming advertising intervenes less in tracking

The decisive difference lies in the technology behind it. Advertising in the social media feed relies on tracking individual users across apps and websites, via pixels and advertising IDs. It is exactly this cross-device tracking that is under pressure, through Apple's iOS rules, through the end of third-party cookies, and through stricter consent requirements.

Connected TV works differently. According to IAB Europe's CTV 101 Guide (2026), CTV environments are largely cookieless, and targeting is usually delivered at household and region level as well as by content, not through the granular tracking of individual people across the web. Put simply: you reach the right households without chasing individual people. That makes streaming advertising structurally more privacy-friendly than what many people associate with online advertising.

Your own responsibility: your own data and consent

One point that often gets overlooked: if you use your own data, for example contacts from your CRM, you are responsible yourself for the legal basis of that data. You should therefore make sure you have a suitable consent or another permissible basis for using that data for advertising purposes, and document it. That applies regardless of which platform you ultimately deliver through. If in doubt, this is exactly the point you should quickly check with your data protection officer.

What this means for you

Streaming advertising lets you advertise in a targeted way on the big screen without relying on the invasive tracking that makes the feed increasingly tricky, both legally and technically. It is built to be more privacy-friendly, consent at the website level is regulated, and the market is becoming fairer through new transparency rules. Your own use of data remains your responsibility, but the basic mechanics of connected TV take away a large part of the tracking worries.

How CTV works in principle is explained in the overview What Is CTV Advertising. Why targeted regional delivery without tracking individuals is so effective is shown in the article on regional targeting in streaming TV.

Want to know what this could look like for your business in a privacy-compliant way? Book a free demo, and we will go through your questions together in 30 minutes.

FAQ

Is streaming advertising GDPR compliant? Streaming advertising is, by its basic mechanics, more privacy-friendly than feed advertising, because it is usually targeted at household and region level instead of through individual tracking. Whether a specific campaign is GDPR compliant depends on the particular setup and on your own use of data. This is general information, not legal advice.

Do I need cookies for CTV advertising? Usually not in the classic sense. Connected TV is, according to IAB Europe, largely cookieless, with targeting delivered through household, region and content. Once personal data is processed, the consent and transparency obligations from GDPR and ePrivacy still remain relevant.

What is EMFA Article 24? The European Media Freedom Act (Regulation (EU) 2024/1083) entered into force in May 2024, and its audience measurement rules have applied since August 2025. Article 24 obliges providers of audience measurement systems to ensure transparency, traceable methods and annual independent audits. The obligation applies to measurement providers, not to individual advertisers, but it results in more comparable and verifiable figures across the market.

Am I allowed to use my customer data from the CRM for advertising? Only if you have a valid legal basis for it, usually consent, and can document it. You are responsible yourself for the lawfulness of your own data, regardless of the platform. When in doubt, clarify this with your data protection officer.

Big Screen Insights, straight to your inbox

New articles, studies and industry updates, concise and spam-free.