Common GDPR myths, debunked
Noise around the threat the European General Data Protection Regulation poses to publishers, ad tech companies and marketers is getting louder as the 2018 deadline for enforcement approaches. Naturally, a flurry of “GDPR experts” — some of them helpful, others compounding the confusion — have surfaced over the last year to help businesses navigate the challenges.
Robert Streeter, News UK’s data protection and privacy officer, emphasized the importance of separating fact from fiction regarding the regulations at Rubicon Project’s Automation event in London on Sept. 6. “When you read about ‘expert’ comment on GDPR, I’d advise taking that with caution and examining your own approach to it,” he said. “There’s a lot of misinformation circulating.”
Here are some of the myths, debunked:
Myth: The biggest threat is eye-watering fines
While it’s true that companies that don’t comply with the new laws will face fines of up to 4 percent of their revenues or a maximum £17 million ($22 million), these kinds of fines will be rare, at least in the U.K. They will only be applied to companies that flout the laws or fail to notify the Information Commissioner’s Office of data-privacy breaches that “affect people’s rights and freedoms.”
The ICO has already stated it prefers “the carrot to the stick” in this case. So while it has the power to fine up to that amount, imposing huge fines will be a last resort. “It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” wrote Elizabeth Denham, the U.K.’s information commissioner, in a recent blog post. Other sanctions the ICO will use to get companies to comply: warnings, reprimands, corrective orders. These many not hit organizations’ pockets, but they won’t do the companies’ reputations and public perception any good, she added.
Myth: ‘Consent’ is the only way to process data
The GDPR’s more stringent rules around companies obtaining explicit consent for collecting and processing customer data have caused a fair amount of hand-wringing across the ad market. The new array of adjectives used to describe different forms of consumer consent — “explicit,” “unambiguous,” “informed” — are enough to make hearts race. But as with most things, there are more ways to skin a cat. “Consent is the most viable and perhaps only option when it comes to some aspects of collecting and using personal data for digital advertising purposes. But, importantly, there are other ways, which may work for other aspects of data use,” said Yves Schwarzbart, head of policy and regulatory affairs at the Internet Advertising Bureau. So, it’s advisable not to just wait until the ICO gives guidance on consent. In fact, there are six other ways the GDPR allows for personal data to be processed, added Schwarzbart.
For example, before ascertaining what legal basis they have to process the data, companies need to know what partners they’re working with, and where and how the data is shared and traded by those partners, said Nick Stringer, public policy consultant at Entropy Data. They should also look into whether they need to appoint a data protection officer that will help establish a compliance map, he added. That’s what News UK is now doing. “We’re looking at how to get a sense of collecting user information and how the various third parties we’re working with are using it, further down the chain,” Streeter said.
Myth: GDPR is a Europe-only issue
Far from being some typically bureaucratic issue that applies to the 28 members of the EU (including the U.K., as Brexit won’t affect its compliance), GDPR will affect any American company that offers goods or services to consumers in the EU or monitors the behavior of people located in Europe, regardless of where their offices or ad servers are based.
Myth: GDPR is limited to personally identifiable information
GDPR won’t be restricted to collecting sensitive data relating to individuals. Personal data under GDPR applies to IP addresses and cookie tracking, too. “Traditionally, the digital ad sector treated cookies and IP addresses as anonymous, but now, that’s no longer the case,” said Stringer. “People are using language they’re used to, like PII and non-PII, which is confusing things. It’s important people treat non-PII as personal data, too.”
Myth: Google and Facebook will benefit
While numerous articles have been written detailing how Facebook and Google stand to gain from the data-privacy laws, not everyone believes that to be true. “In terms of revenue, Facebook and Google have the most risk tied to raising the bar on consumer privacy in the EU,” said Jason Kint, CEO of Digital Content Next. “Anyone who believes their lobbyists’ myth that privacy regulation will only help Google and Facebook is having the wool pulled over their eyes.”
How Forbes’ 30 Under 30 franchise has become a top selling point for the brand
The 30 Under 30 franchise has given Forbes another avenue to sell its advertising clients on cross-platform campaigns for top dollar.
‘Outside the four walls of a restaurant’: Why The Infatuation cooked up a marketplace model during the pandemic
The NYC-focused marketplace, which offers everything from private dinners to cooking classes, will be braided into the rest of the Infatuation's business next year.
‘I believe enough in this to try to do it myself’: CollegeHumor owner Sam Reich on the brand’s future potential
In January, IAC decided it was no longer willing to finance CollegeHumor and sold it to Sam Reich, who had joined the company in 2006 to build out original video.
SponsoredWhy ad buyers (and sellers) need to pay more attention to viewer attention
By Yan Liu, CEO, TVision Like the proverbial tree falling in the forest, we all recognize that oftentimes the TV is on, but no one is in the room to hear or see it. And yet some ad buyers continue to rely on a metric that fails to account for this. To mix metaphors, buyers […]
‘The experience is much more valuable’: How publishers are testing hybrid approaches to keep their events engaging
In order to reignite the spark of excitement that experiential is meant to offer, some publishers have begun testing the limits of hybrid events.
Care packages replace canapés as Coronavirus cancels media holiday party extravagances
With social distancing keeping coworkers apart in December, media companies and agencies have turned to care packages to replace the holiday party.