Facebook-Cambridge Analytica fallout extends to GDPR and ePrivacy enforcement
Any business that thought it could slide under the General Data Protection Regulation radar with a stitched-together compliance strategy can think again, thanks to the expected fallout of the Cambridge Analytica-Facebook user data scandal.
Vagueness around how the GDPR will be enforced has lulled many businesses, particularly in ad tech, into what may be a false sense of security. For some, that’s meant hiding behind the “legitimate interest” clause in the law, which they believe will save them from the worst of the fines. Others have tried to piggyback off publishers gaining consent on their behalf, while liability has been hoisted up and down the supply chain like a hot potato for months.
But the fallout from Cambridge Analytica’s misuse of Facebook user data to sway voters in 2016 and Facebook’s failure to alert users about it could help not only strengthen the credibility and enforcement of the GDPR globally, but it could also quash any hope that the stricter proposed ePrivacy Regulation will become more lenient, according to industry observers.
“The Channel 4 sting operation [on the Cambridge Analytica data breach] reveals more about the apathy data processors have toward their research subjects and the data commodity and the [consequent] risk to data controllers,” said a digital marketing exectuive. “GDPR and ePrivacy will gain more momentum and credibility in the wake of this scandal.”
Although the GDPR is a major talking point in Europe, its significance hasn’t managed to fully penetrate the U.S., where many businesses are still under the impression it won’t affect them, that it is merely yet another European bureaucratic lawmaking process blown out of proportion. But the GDPR has already led some U.S. vendors to pull back their businesses from Europe.
“This absolutely gives GDPR and ePrivacy more credibility globally,” said Jason Kint, CEO of U.S. publisher trade body Digital Content Next. “Consumers expect their data to be used within the context it was collected or by entities with which they have a relationship, but they don’t expect their data to be set out like a buffet at the Golden Corral, where anyone can walk in off the street and help themselves.” To that end, it’s “vital” lawmakers drive forward with the effort to ensure consumer trust while not granting even more power to a few big tech companies, he added.
Some believe regulators may get more power to enforce the GDPR more strictly. For instance, the Information Commissioner’s Office, the regulator that would enforce GDPR-related fines in the U.K., can only seize documents from companies deemed to be in serious breach of the GDPR if it has obtained a warrant. But some expect the ICO to now push to do “dawn raids” without warrant on those deemed in serious breach — something that will, in theory, be easier to debate in the wake of this latest data breach.
Meanwhile, any hopes for leniency around the ePrivacy Regulation, which is still in the proposal stage and has more dire consequences than the GDPR for using cookies without consent, have now been dashed.
Aside from in Germany, where publishers are more rattled by the ePrivacy Regulation than the GDPR, the general feeling about the ePrivacy law is it will be watered down, that lobbying will somehow win out — or should it not, then the U.K. would manage to skirt it using Brexit as a shield.
“We [the U.K.] have tried to slow the ePrivacy Regulation down for years due to Brexit and found a way to stall it,” said Dan Wilson, CEO of London Media Exchange. “But with something as high-profile as this [the Cambridge Analytica data breach], the ePrivacy Regulation will be expedited. It [the data breach scandal] will also kill legitimate interest as something to hide behind. Legitimate interest is now beyond thin.”
Download Digiday’s guide to GDPR to get primary research, checklists, and more that marketers, publishers and tech companies need to know.
‘We see a world where publisher data replaces third-party data’: News U.K. puts its data at the nucleus of post-cookie push for media budgets
News U.K. has overhauled the way it collects, sorts and monetizes its audience data across all its titles via first-party data platform Nucleus.
Here’s why the loss of the third-party cookie is heading toward a collapse in the middle
In the absence of third-party cookies, marketers will need to work more closely with trusted publishers to reach their audiences. Who will lose out? It is posed for a collapse in the middle.
Member ExclusiveMedia Briefing: What to expect from the Digiday Publishing Summit
This week's Media Briefing previews the upcoming Digiday Publishing Summit, which kicks off on Sept. 27 and will feature speakers from media companies including The Washington Post, BDG, Group Nine Media and Essence.
SponsoredHow retailers can be ready for holiday shoppers this year
Suchi Sastri, managing director and partner, Boston Consulting Group As the holiday season approaches and the pandemic continues to evolve, retailers want to know what to expect. Will e-commerce continue to grow at the rate it did last year? How big of a role will in-store shopping play in holiday shopping? While it’s still early, […]
How the pandemic has been a real a buzz kill for office happy hour bonding, culture
As COVID-19 crawls on, more companies are rethinking the wisdom of mixing booze and the stresses of the workplace.
‘Football has lost its soul’: How Copa90 is repositioning itself around the creator economy
Copa90’s overseers believe there’s another shift happening in tandem with the corporatization of the sport that has the potential to be just as transformative