Once European regulators start enforcing the General Data Protection Regulation, don’t be surprised if brands with noncompliant sites try to shift the blame to their agencies. In the latest in our Confessions series, where we grant anonymity for honesty, a digital agency executive whose company helps build Fortune 500 companies’ websites said brands make agencies contractually responsible for GDPR violations. This conversation has been edited and condensed.
How has GDPR affected your agency’s work?
It feels like the decision-making is, “Let’s figure out how we can pass liability onto agencies as soon as possible because they’re the ones who are building these products.” In theory, it is your clients’ responsibility. But as the law was getting into place, all of a sudden all these Fortune 100 companies, were immediately sending you an update to their MSA [master services agreement] that you’ve agreed on for years that is now saying, “If you are designing and building this, you are assuming responsibility for assuming the nuance of this law, and we won’t indemnify you if something is noncompliant.” So rather than understanding or caring about the intent of the law, it’s mostly just making sure they’re not going to be financially liable or responsible.
What can you do to avoid assuming full liability?
Typically with the MSAs, it’s, “if you want to keep working with us, you’re going to do this.” And we’re certainly not at a point where we would say, “No, we’re not going to work with you anymore because you’re making us liable for this particular law.” So we’ll understand the law and do our best in making sure we’re compliant.
How does it work? A regulator comes after a client, and the client tells the regulator to go after you instead?
I think what happens — and this has not happened yet — is that the company gets sued and then the company sues the agency. What we were told is even when there is no case, you still end up paying legal fees because they’re going to try to push the risk downstream. We’ve tried to make assumptions very, very clear in each contract, and try to supersede some of those terms, so there’s a clear understanding of risk. And then there’s capped indemnity.
So you can only be held liable to a certain degree?
Yeah, we would only be liable for up to X amount of something. Because the thing that’s hard is, if you’re doing a project for a few hundred thousand dollars, and someone gets sued for a million dollars and they try to pass that down to you, the level of risk and reward from a project standpoint changes. The other challenge from this is it changes project timelines and adds costs in the amount of development work. When the lawyers get involved, all the nice and fuzzies of relationships go away.
How do you account for those added costs? Do you tell clients that if the agency assumes liability, it costs 10 or 20 percent extra?
We wouldn’t have success if we structured it that way. They’re not going to give us a markup on something. So we bake into the project cost itself where there are these new or additional resources or additional time because they’ve added complexity from a requirement standpoint. It’s almost like another feature. And they can’t push back on that.
Have you talked with other agencies about banding together and pushing back on clients that pass on liability?
We haven’t done that yet. I would assume that until one of us has a significant issue come out, we’re probably all going to want to stay under the radar a little bit. Because it’s not every single client that’s doing this and passing that on. It’s one of those things where the more you flaunt certain things, the more likely that people talk about it and bring it into your MSA, or a lawsuit [occurs]. On some level, we’re waiting to see how the dust settles.
‘Cost conscious consumers, restrictive economy’: Advertising’s tough ride in 2022
The big issue for advertisers from an ad spending impact isn't the war in Europe. It’s the supply chain woes emanating from china, the pandemic and the lockdown
Why a CBD brand is experimenting with OOH advertising to counter e-commerce buzzkills
As the digital marketing landscape continues to be murky for niche brands, CBD brand Sunday Scaries looks to OOH as a workaround.
How work-anywhere trend helped Vista attracted senior talent from heavy hitter brands
A remote-first, flexible working operating model has enabled Vista to snag top talent from major brands like Nike, Spotify, Converse and Netflix in the last year.
SponsoredHow marketers and retailers are unlocking the true value of retail media
Ben Kneen, senior director of product management, Xandr It’s a challenging time for retailers in the advertising industry. As they cope with supply chain woes and inflation-related pressures, they seek high-margin revenue streams amid evolving privacy regulations and massive shifts in identity solutions — including IDFA, the deprecation of third-party cookies and more. In light […]
Quontic Bank’s metaverse outpost demonstrates the importance of brand utility in metaverse activations
Legal concerns notwithstanding, Quontic’s plans for its Decentraland location show that the bank is approaching the metaverse as a functional space for every day use, rather than an escape from reality.
In-game advertising experts question Microsoft and Sony’s gaming advertising plans
The importance of free-to-play titles is one reason why some in-game advertising experts are skeptical about the tech giants’ ability to succeed in their chosen business.