Once European regulators start enforcing the General Data Protection Regulation, don’t be surprised if brands with noncompliant sites try to shift the blame to their agencies. In the latest in our Confessions series, where we grant anonymity for honesty, a digital agency executive whose company helps build Fortune 500 companies’ websites said brands make agencies contractually responsible for GDPR violations. This conversation has been edited and condensed.
How has GDPR affected your agency’s work?
It feels like the decision-making is, “Let’s figure out how we can pass liability onto agencies as soon as possible because they’re the ones who are building these products.” In theory, it is your clients’ responsibility. But as the law was getting into place, all of a sudden all these Fortune 100 companies, were immediately sending you an update to their MSA [master services agreement] that you’ve agreed on for years that is now saying, “If you are designing and building this, you are assuming responsibility for assuming the nuance of this law, and we won’t indemnify you if something is noncompliant.” So rather than understanding or caring about the intent of the law, it’s mostly just making sure they’re not going to be financially liable or responsible.
What can you do to avoid assuming full liability?
Typically with the MSAs, it’s, “if you want to keep working with us, you’re going to do this.” And we’re certainly not at a point where we would say, “No, we’re not going to work with you anymore because you’re making us liable for this particular law.” So we’ll understand the law and do our best in making sure we’re compliant.
How does it work? A regulator comes after a client, and the client tells the regulator to go after you instead?
I think what happens — and this has not happened yet — is that the company gets sued and then the company sues the agency. What we were told is even when there is no case, you still end up paying legal fees because they’re going to try to push the risk downstream. We’ve tried to make assumptions very, very clear in each contract, and try to supersede some of those terms, so there’s a clear understanding of risk. And then there’s capped indemnity.
So you can only be held liable to a certain degree?
Yeah, we would only be liable for up to X amount of something. Because the thing that’s hard is, if you’re doing a project for a few hundred thousand dollars, and someone gets sued for a million dollars and they try to pass that down to you, the level of risk and reward from a project standpoint changes. The other challenge from this is it changes project timelines and adds costs in the amount of development work. When the lawyers get involved, all the nice and fuzzies of relationships go away.
How do you account for those added costs? Do you tell clients that if the agency assumes liability, it costs 10 or 20 percent extra?
We wouldn’t have success if we structured it that way. They’re not going to give us a markup on something. So we bake into the project cost itself where there are these new or additional resources or additional time because they’ve added complexity from a requirement standpoint. It’s almost like another feature. And they can’t push back on that.
Have you talked with other agencies about banding together and pushing back on clients that pass on liability?
We haven’t done that yet. I would assume that until one of us has a significant issue come out, we’re probably all going to want to stay under the radar a little bit. Because it’s not every single client that’s doing this and passing that on. It’s one of those things where the more you flaunt certain things, the more likely that people talk about it and bring it into your MSA, or a lawsuit [occurs]. On some level, we’re waiting to see how the dust settles.
David Beckham and ‘Carnitas’: How Frito-Lay’s World Cup marketing strategy served up celebs and regional snacking flavors
Frito-Lay wants to be front and center as the go-to snack brand during the World Cup. Here's a look at its strategy.
Why a feminine wellness brand is prioritizing its organic social media strategy
With strict content rules, data privacy regulations and tight budgets, a feminine wellness brand remains bullish on its organic social media strategy.
Why this non-alcoholic beverage brand focused on experiential, working with bartenders to boost brand awareness with a sober Gen Z
Bare Zero Proof wants to tap into younger consumers interest in non-alcoholic alternatives as sober culture has become more common.
SponsoredPublishers are adapting advertising strategies for a privacy-first world
Tina Iannacchino, senior publisher director, Seedtag So much of the attention around the death of third-party cookies and its impact on the digital advertising industry is focused on the implications for brands and consumers, which is far from the complete picture. The digital publishing industry in the U.S. is massive and set to be shaken […]
WTF is the difference between in-stream and out-stream video ads?
In August, the IAB Tech Lab issued guidelines that introduced a new distinguishing characteristic that separates in-stream and out-stream video ads
Why HelloFresh struck an ad deal with StreamElements to reach the gaming community
StreamElements’ plug-and-play interface creates a lighter lift for brands looking to reach the gaming community, eschewing the protracted negotiations and production time that can come along with brand partnerships with prominent individual streamers.