Confessions of a digital agency exec: Marketers are shifting GDPR liability to agencies
Once European regulators start enforcing the General Data Protection Regulation, don’t be surprised if brands with noncompliant sites try to shift the blame to their agencies. In the latest in our Confessions series, where we grant anonymity for honesty, a digital agency executive whose company helps build Fortune 500 companies’ websites said brands make agencies contractually responsible for GDPR violations. This conversation has been edited and condensed.
How has GDPR affected your agency’s work?
It feels like the decision-making is, “Let’s figure out how we can pass liability onto agencies as soon as possible because they’re the ones who are building these products.” In theory, it is your clients’ responsibility. But as the law was getting into place, all of a sudden all these Fortune 100 companies, were immediately sending you an update to their MSA [master services agreement] that you’ve agreed on for years that is now saying, “If you are designing and building this, you are assuming responsibility for assuming the nuance of this law, and we won’t indemnify you if something is noncompliant.” So rather than understanding or caring about the intent of the law, it’s mostly just making sure they’re not going to be financially liable or responsible.
What can you do to avoid assuming full liability?
Typically with the MSAs, it’s, “if you want to keep working with us, you’re going to do this.” And we’re certainly not at a point where we would say, “No, we’re not going to work with you anymore because you’re making us liable for this particular law.” So we’ll understand the law and do our best in making sure we’re compliant.
How does it work? A regulator comes after a client, and the client tells the regulator to go after you instead?
I think what happens — and this has not happened yet — is that the company gets sued and then the company sues the agency. What we were told is even when there is no case, you still end up paying legal fees because they’re going to try to push the risk downstream. We’ve tried to make assumptions very, very clear in each contract, and try to supersede some of those terms, so there’s a clear understanding of risk. And then there’s capped indemnity.
So you can only be held liable to a certain degree?
Yeah, we would only be liable for up to X amount of something. Because the thing that’s hard is, if you’re doing a project for a few hundred thousand dollars, and someone gets sued for a million dollars and they try to pass that down to you, the level of risk and reward from a project standpoint changes. The other challenge from this is it changes project timelines and adds costs in the amount of development work. When the lawyers get involved, all the nice and fuzzies of relationships go away.
How do you account for those added costs? Do you tell clients that if the agency assumes liability, it costs 10 or 20 percent extra?
We wouldn’t have success if we structured it that way. They’re not going to give us a markup on something. So we bake into the project cost itself where there are these new or additional resources or additional time because they’ve added complexity from a requirement standpoint. It’s almost like another feature. And they can’t push back on that.
Have you talked with other agencies about banding together and pushing back on clients that pass on liability?
We haven’t done that yet. I would assume that until one of us has a significant issue come out, we’re probably all going to want to stay under the radar a little bit. Because it’s not every single client that’s doing this and passing that on. It’s one of those things where the more you flaunt certain things, the more likely that people talk about it and bring it into your MSA, or a lawsuit [occurs]. On some level, we’re waiting to see how the dust settles.
‘You’re not going to get it all right’: IBM CMO Michelle Peluso on managing through a crisis
As marketers manage another crisis, they are thinking about how to help their teams as well as how they should be advertising.
‘Stand for something’: As protests continue, tone-deaf influencer marketing is in the spotlight
Questions about diversity in influencer marketing, opportunism and the need for brands to get comfortable with influencers taking a stance on politics and racial issues are bubbling up now as this may be a moment of self-reflection for the influencer marketing community.
‘There isn’t a talent pipeline problem’: Confessions of a black advertising exec
In this edition of our Confessions series, in which we exchange anonymity for candor, we hear from a black media buyer who believes brands need to do more to support for Black Lives Matter and that agencies still haven't truly changed their hiring policies.
SponsoredVideo: Marketers discuss the future state of less interruptive in-stream ads
In a new video, experts from GumGum, The Martin Agency and Pinterest discuss the future of video advertising — and outline their vision for how video ads can be less disruptive.
Member ExclusiveDigiday Research: Over half of brands say they handle marketing ‘mostly’ with internal resources
Digiday’s quarterly benchmarking survey found that about 83% of marketers are managing their marketing either mostly in-house or completely in-house. That's up from the 55% of marketers six months ago who said the same.
Member Exclusive‘Our job is to sell’: Marketers, moving past coronavirus response, return to selling products
Marketers need to get back to the job at hand: Keeping the squeaky wheels of capitalism turning.