Facebook-Cambridge Analytica fallout extends to GDPR and ePrivacy enforcement
Any business that thought it could slide under the General Data Protection Regulation radar with a stitched-together compliance strategy can think again, thanks to the expected fallout of the Cambridge Analytica-Facebook user data scandal.
Vagueness around how the GDPR will be enforced has lulled many businesses, particularly in ad tech, into what may be a false sense of security. For some, that’s meant hiding behind the “legitimate interest” clause in the law, which they believe will save them from the worst of the fines. Others have tried to piggyback off publishers gaining consent on their behalf, while liability has been hoisted up and down the supply chain like a hot potato for months.
But the fallout from Cambridge Analytica’s misuse of Facebook user data to sway voters in 2016 and Facebook’s failure to alert users about it could help not only strengthen the credibility and enforcement of the GDPR globally, but it could also quash any hope that the stricter proposed ePrivacy Regulation will become more lenient, according to industry observers.
“The Channel 4 sting operation [on the Cambridge Analytica data breach] reveals more about the apathy data processors have toward their research subjects and the data commodity and the [consequent] risk to data controllers,” said a digital marketing exectuive. “GDPR and ePrivacy will gain more momentum and credibility in the wake of this scandal.”
Although the GDPR is a major talking point in Europe, its significance hasn’t managed to fully penetrate the U.S., where many businesses are still under the impression it won’t affect them, that it is merely yet another European bureaucratic lawmaking process blown out of proportion. But the GDPR has already led some U.S. vendors to pull back their businesses from Europe.
“This absolutely gives GDPR and ePrivacy more credibility globally,” said Jason Kint, CEO of U.S. publisher trade body Digital Content Next. “Consumers expect their data to be used within the context it was collected or by entities with which they have a relationship, but they don’t expect their data to be set out like a buffet at the Golden Corral, where anyone can walk in off the street and help themselves.” To that end, it’s “vital” lawmakers drive forward with the effort to ensure consumer trust while not granting even more power to a few big tech companies, he added.
Some believe regulators may get more power to enforce the GDPR more strictly. For instance, the Information Commissioner’s Office, the regulator that would enforce GDPR-related fines in the U.K., can only seize documents from companies deemed to be in serious breach of the GDPR if it has obtained a warrant. But some expect the ICO to now push to do “dawn raids” without warrant on those deemed in serious breach — something that will, in theory, be easier to debate in the wake of this latest data breach.
Meanwhile, any hopes for leniency around the ePrivacy Regulation, which is still in the proposal stage and has more dire consequences than the GDPR for using cookies without consent, have now been dashed.
Aside from in Germany, where publishers are more rattled by the ePrivacy Regulation than the GDPR, the general feeling about the ePrivacy law is it will be watered down, that lobbying will somehow win out — or should it not, then the U.K. would manage to skirt it using Brexit as a shield.
“We [the U.K.] have tried to slow the ePrivacy Regulation down for years due to Brexit and found a way to stall it,” said Dan Wilson, CEO of London Media Exchange. “But with something as high-profile as this [the Cambridge Analytica data breach], the ePrivacy Regulation will be expedited. It [the data breach scandal] will also kill legitimate interest as something to hide behind. Legitimate interest is now beyond thin.”
Download Digiday’s guide to GDPR to get primary research, checklists, and more that marketers, publishers and tech companies need to know.
‘People have had permission to experiment’: Pandemic expedites rethink on 9-to-5 work structures
Starting out as a short-term fix to weather the coronavirus storm, employers are seeing work hours outside the traditional 9-to-5 week as a new normal.
‘A digital Madison Square Garden’: How Complex reimagined the sponsorship opportunities for ComplexLand
The online event, which will combine music, conversation, gaming and shopping in an online world, will have 60 sponsors.
‘They wanted to unload it bad’: Why HuffPost made sense for BuzzFeed – and Verizon Media Group
BuzzFeed's acquisition of HuffPost will give it access to an older, more affluent cohort, potentially bolstering its news and commerce businesses.
SponsoredA buyer’s guide to new CTV terminology
by Austin Scott, Head of EMEA Video Market Development at Xandr There has been a seismic shift in the way audiences consume content. The average U.S. home owns 11 connected devices. More than 40 percent of consumers use connected TV (CTV) devices to stream content daily, and 77 percent of households are considered CTV households. […]
‘A start-up again’: New Quartz owner Zach Seward’s plan for longevity includes revenue innovation and reader support
Seward would not disclose current financials, but the upswing in ad revenue in third and fourth quarters has him optimistic about the company's position for 2021.
‘People are gonna shop’: Despite second coronavirus wave, consumer confidence ticks up and brakes on ad spend not slammed yet
Better prepared brands and more settled consumers have kept advertising revenues flowing, even as a second coronavirus wave rises.