Common GDPR myths, debunked
Noise around the threat the European General Data Protection Regulation poses to publishers, ad tech companies and marketers is getting louder as the 2018 deadline for enforcement approaches. Naturally, a flurry of “GDPR experts” — some of them helpful, others compounding the confusion — have surfaced over the last year to help businesses navigate the challenges.
Robert Streeter, News UK’s data protection and privacy officer, emphasized the importance of separating fact from fiction regarding the regulations at Rubicon Project’s Automation event in London on Sept. 6. “When you read about ‘expert’ comment on GDPR, I’d advise taking that with caution and examining your own approach to it,” he said. “There’s a lot of misinformation circulating.”
Here are some of the myths, debunked:
Myth: The biggest threat is eye-watering fines
While it’s true that companies that don’t comply with the new laws will face fines of up to 4 percent of their revenues or a maximum £17 million ($22 million), these kinds of fines will be rare, at least in the U.K. They will only be applied to companies that flout the laws or fail to notify the Information Commissioner’s Office of data-privacy breaches that “affect people’s rights and freedoms.”
The ICO has already stated it prefers “the carrot to the stick” in this case. So while it has the power to fine up to that amount, imposing huge fines will be a last resort. “It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” wrote Elizabeth Denham, the U.K.’s information commissioner, in a recent blog post. Other sanctions the ICO will use to get companies to comply: warnings, reprimands, corrective orders. These many not hit organizations’ pockets, but they won’t do the companies’ reputations and public perception any good, she added.
Myth: ‘Consent’ is the only way to process data
The GDPR’s more stringent rules around companies obtaining explicit consent for collecting and processing customer data have caused a fair amount of hand-wringing across the ad market. The new array of adjectives used to describe different forms of consumer consent — “explicit,” “unambiguous,” “informed” — are enough to make hearts race. But as with most things, there are more ways to skin a cat. “Consent is the most viable and perhaps only option when it comes to some aspects of collecting and using personal data for digital advertising purposes. But, importantly, there are other ways, which may work for other aspects of data use,” said Yves Schwarzbart, head of policy and regulatory affairs at the Internet Advertising Bureau. So, it’s advisable not to just wait until the ICO gives guidance on consent. In fact, there are six other ways the GDPR allows for personal data to be processed, added Schwarzbart.
For example, before ascertaining what legal basis they have to process the data, companies need to know what partners they’re working with, and where and how the data is shared and traded by those partners, said Nick Stringer, public policy consultant at Entropy Data. They should also look into whether they need to appoint a data protection officer that will help establish a compliance map, he added. That’s what News UK is now doing. “We’re looking at how to get a sense of collecting user information and how the various third parties we’re working with are using it, further down the chain,” Streeter said.
Myth: GDPR is a Europe-only issue
Far from being some typically bureaucratic issue that applies to the 28 members of the EU (including the U.K., as Brexit won’t affect its compliance), GDPR will affect any American company that offers goods or services to consumers in the EU or monitors the behavior of people located in Europe, regardless of where their offices or ad servers are based.
Myth: GDPR is limited to personally identifiable information
GDPR won’t be restricted to collecting sensitive data relating to individuals. Personal data under GDPR applies to IP addresses and cookie tracking, too. “Traditionally, the digital ad sector treated cookies and IP addresses as anonymous, but now, that’s no longer the case,” said Stringer. “People are using language they’re used to, like PII and non-PII, which is confusing things. It’s important people treat non-PII as personal data, too.”
Myth: Google and Facebook will benefit
While numerous articles have been written detailing how Facebook and Google stand to gain from the data-privacy laws, not everyone believes that to be true. “In terms of revenue, Facebook and Google have the most risk tied to raising the bar on consumer privacy in the EU,” said Jason Kint, CEO of Digital Content Next. “Anyone who believes their lobbyists’ myth that privacy regulation will only help Google and Facebook is having the wool pulled over their eyes.”
How The 19th relied on memberships and funding to launch during a pandemic
In order to keep on schedule to launch ahead of the U.S. presidential election, non-profit publisher The 19th had to rely heavily on membership and fundraising to meet its launch goal of $4 million.
‘Let the buyers know you exist’: How Morning Brew plans to grow brand ad dollars from its base of direct response
Direct-response ads accounted for 90% of Morning Brew's 2019 revenue in 2019. Its CEO wants brand advertising to account for 50% by the end of 2021.
‘A significant uptick in deal flow’: Why Europe is becoming a hotbed of ad tech innovation
Ad tech companies with data privacy and identity solutions are in vogue among the sector's investors and acquirers.
SponsoredPublishers: Assessing risk and ensuring payments in times of crisis
As the industry navigates the continued impacts of COVID-19, here’s the questions publishers should ask their programmatic partners or ad management providers to protect themselves from clawbacks and lost revenue.
‘We can be agile and evolve’: News UK is quickly growing a 7-figure incremental revenue stream from social video
The goal for Social Studio is a 10-day turnaround from campaign booking to going live.
Lack of events revenue squeezes B2B media, forcing virtual volume — and innovation
Advertising, subscriptions and commerce have begun to recover. But events have not, and B2B media companies are feeling the squeeze.