Common GDPR myths, debunked
Noise around the threat the European General Data Protection Regulation poses to publishers, ad tech companies and marketers is getting louder as the 2018 deadline for enforcement approaches. Naturally, a flurry of “GDPR experts” — some of them helpful, others compounding the confusion — have surfaced over the last year to help businesses navigate the challenges.
Robert Streeter, News UK’s data protection and privacy officer, emphasized the importance of separating fact from fiction regarding the regulations at Rubicon Project’s Automation event in London on Sept. 6. “When you read about ‘expert’ comment on GDPR, I’d advise taking that with caution and examining your own approach to it,” he said. “There’s a lot of misinformation circulating.”
Here are some of the myths, debunked:
Myth: The biggest threat is eye-watering fines
While it’s true that companies that don’t comply with the new laws will face fines of up to 4 percent of their revenues or a maximum £17 million ($22 million), these kinds of fines will be rare, at least in the U.K. They will only be applied to companies that flout the laws or fail to notify the Information Commissioner’s Office of data-privacy breaches that “affect people’s rights and freedoms.”
The ICO has already stated it prefers “the carrot to the stick” in this case. So while it has the power to fine up to that amount, imposing huge fines will be a last resort. “It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” wrote Elizabeth Denham, the U.K.’s information commissioner, in a recent blog post. Other sanctions the ICO will use to get companies to comply: warnings, reprimands, corrective orders. These many not hit organizations’ pockets, but they won’t do the companies’ reputations and public perception any good, she added.
Myth: ‘Consent’ is the only way to process data
The GDPR’s more stringent rules around companies obtaining explicit consent for collecting and processing customer data have caused a fair amount of hand-wringing across the ad market. The new array of adjectives used to describe different forms of consumer consent — “explicit,” “unambiguous,” “informed” — are enough to make hearts race. But as with most things, there are more ways to skin a cat. “Consent is the most viable and perhaps only option when it comes to some aspects of collecting and using personal data for digital advertising purposes. But, importantly, there are other ways, which may work for other aspects of data use,” said Yves Schwarzbart, head of policy and regulatory affairs at the Internet Advertising Bureau. So, it’s advisable not to just wait until the ICO gives guidance on consent. In fact, there are six other ways the GDPR allows for personal data to be processed, added Schwarzbart.
For example, before ascertaining what legal basis they have to process the data, companies need to know what partners they’re working with, and where and how the data is shared and traded by those partners, said Nick Stringer, public policy consultant at Entropy Data. They should also look into whether they need to appoint a data protection officer that will help establish a compliance map, he added. That’s what News UK is now doing. “We’re looking at how to get a sense of collecting user information and how the various third parties we’re working with are using it, further down the chain,” Streeter said.
Myth: GDPR is a Europe-only issue
Far from being some typically bureaucratic issue that applies to the 28 members of the EU (including the U.K., as Brexit won’t affect its compliance), GDPR will affect any American company that offers goods or services to consumers in the EU or monitors the behavior of people located in Europe, regardless of where their offices or ad servers are based.
Myth: GDPR is limited to personally identifiable information
GDPR won’t be restricted to collecting sensitive data relating to individuals. Personal data under GDPR applies to IP addresses and cookie tracking, too. “Traditionally, the digital ad sector treated cookies and IP addresses as anonymous, but now, that’s no longer the case,” said Stringer. “People are using language they’re used to, like PII and non-PII, which is confusing things. It’s important people treat non-PII as personal data, too.”
Myth: Google and Facebook will benefit
While numerous articles have been written detailing how Facebook and Google stand to gain from the data-privacy laws, not everyone believes that to be true. “In terms of revenue, Facebook and Google have the most risk tied to raising the bar on consumer privacy in the EU,” said Jason Kint, CEO of Digital Content Next. “Anyone who believes their lobbyists’ myth that privacy regulation will only help Google and Facebook is having the wool pulled over their eyes.”
How entertainment publishers are adapting their coverage
Coronavirus may have upended Bustle Digital Group's, People's and BuzzFeed's editorial schedules, but now the publishers creating new franchises out of the pandemic.
With ad rates falling, Snopes can’t keep up with coronavirus misinformation
Snopes had a 50% increase in traffic over the past 30 days, but dwindling ad revenue and a lack of resources is preventing the company from staffing up to combat coronavirus misinformation.
‘We’re looking at this as an opportunity’: Bloomberg Media CEO Justin Smith’s optimistic scenario for media’s recovery
"I just heard this morning from a colleague that was saying that the first couple of weeks are definitely the most difficult": Bloomberg Media CEO Justin Smith.
SponsoredSurvey: The threats of deceptive ads in 2020
Publishers and advertisers: How are you planning to block, eliminate and avoid deceptive ads in 2020? How will deceptive ads impact the 2020 election? Are you seeing deceptive ads that exploit the coronavirus crisis? Take this short survey and we’ll provide the results.
‘Embracing the imperfections’: The test kitchen is now a WFH kitchen
Tastemade, Meredith and the NYT Cooking grapple with what remote working will mean for their production schedules.
Member ExclusiveMedia enters the realm of unknown unknowns
In conversations with several media executives in the past 10 days, we are now firmly in the grip of the known unknowns and unknown unknowns.