As GDPR looms, marketers demand GDPR compliance from tech and media suppliers

Advertisers realize they “can’t just pass” all the risks of data management to their partners, said Benoit Grouchko, CEO of location marketing platform Teemo, now that they know that working with fewer ad tech companies might not be enough to provide a clear view of how data is being traded across all the exchanges they buy ads from.

One advertiser was so worried that it recently threatened to pull programmatic spend if its agency couldn’t prove it was working with GDPR-ready ad tech firms, said one publisher executive. Several agencies at the recent Digiday Programmatic Marketing Summit Europe said their clients had threatened similar cuts if questions about parts of their supply chain still linger at the end of the month. Other advertisers are abandoning data providers that aren’t one of the big technology platforms to avoid the stresses of not knowing whether the third-party data they buy is GDPR-ready. One media executive, on condition of anonymity, said an advertiser recently found the data it had bought from a vendor was useless and is seriously thinking about buying what it feels is more reliable data from the walled gardens.

“When you consider the scale of the [online technology companies’] data sets and the fact that they have legal teams to the hilt that are skilled up on everything GDPR and ePrivacy, it almost makes it a relatively easy decision for some advertisers,” said the executive.

Amid the threats from advertisers, vendors fear they will take on more of the risks of processing data in supply chains that are still opaque. A revised partnership with an advertiser isn’t fair to an agency or ad tech vendor, for example, if it makes them accountable for deleting a person’s data on request, but gives them no way of knowing what records to remove. There are brands effectively using contract revisions with their agencies to push risk further down the supply chain, said Doug Chisholm, CEO at location-data measurement firm Rippll.

“Everyone is saying, ‘We’ve updated our contracts, so we’re fine,'” Chisholm said. “But there’s not always technology underpinning those revisions, which is harsh on the ad tech vendor to take on so much risk, when they have no way of knowing what data to delete when someone opts out elsewhere in the supply chain. No amount of contracts will fix that.”

To resolve these issues, some of the world’s biggest advertisers are working on a better way to manage their supply chains after the GDPR takes effect. The World Federation of Advertisers has pulled together marketers from companies including Unilever, Diageo, Disney and Pernod Ricard to determine how to take greater control over their own data and how the data they buy propagates between businesses they work with directly and indirectly. Advertisers are “significantly revising and simplifying the value chain operating on their behalf,” said Stephan Loerke, CEO at WFA, “because there’s legal accountability for the brand owner.”

A recent survey of 34 WFA members that collectively spend more $65 billion globally on ads found that nearly two-thirds (64 percent) will review contracts with third parties such as agencies.

The greater scrutiny from advertisers could cause further strain on their relationships with agencies. There’s a danger that agencies have been white labeling a lot of technologies and passing it off as their own, which more advertisers will discover the more questions they ask about how data is sourced and if all the correct permissions were obtained. It’s become common agency practice to white label technology, said Lucy Cunningham, head of mobile and display at performance agency Roast. While there is an argument that one provider is often a market leader, Cunningham said consistently reviewing and assessing all the providers on an individual client basis will keep agencies ahead of the game.

Download Digiday’s guide to the GDPR to make sure you’re ready for May 25.