Mixed signals from GDPR regulators spark industry confusion
It seems it isn’t just publishers and advertising companies that have interpreted the General Data Protection Regulation widely, but regulators too.
Media industry executives are becoming increasingly worried that the data protection authorities (DPAs) of the 28 European Union countries are interpreting and enforcing GDPR very differently. That could result in further uncertainty, confusion and result in higher costs for those businesses attempting to comply with multiple interpretations, according to privacy experts.
“It’s frustrating that DPAs across the EU have different interpretations of the same law,” said Matthias Matthiesen, director of privacy and public policy for the Interactive Advertising Bureau Europe. “The point of the GDPR is that the law is the same across the EU.”
Austrian publishers were recently thrown a bone by the country’s data protection authority when it dismissed a complaint against an online media publisher over its GDPR consent approach. The publisher, which wasn’t named fully in the DPA’s ruling, has created a paid-subscription offer of €6 ($7) per month for users who don’t want their data to be used for any advertising and tracking purposes. The publisher provides two other options: Users can browse all content for free in exchange for giving consent to being served personalized ads, or they can have partial access to content in return for giving consent.
The Austrian DPA deemed this approach totally fine and dismissed the complaint, citing the importance of publishers being able to maintain advertising revenue models. The regulator also stated that the €6 charge per month wasn’t regarded as high enough to be prohibitive for users. Other major Austrian publications including derStandard.at also use the paid model in return for no tracking.
In the U.K., however, the Information Commissioner’s Office has taken a stricter stance on the Washington Post’s consent strategy, which offers a $9 per month premium subscription option for users who don’t wish to be served personalized ads, and only partial access to content in exchange for consent.
The ICO hasn’t published an official ruling against the Washington Post but sent a letter informing the publication that the current approach is in breach of GDPR, according to the ICO. In its letter, the ICO stated: “The Washington Post has not offered a free alternative to accepting cookies on their website, and therefore in this case consent cannot be freely given and is invalid.”
The question of whether a publisher can block site access in return for consent, or give users a no-tracking option in exchange for a micropayment under GDPR, has been debated for some time. The GDPR states clearly that user consent must be freely given as well as specific, unambiguous and informed. The ICO has determined that in the Washington Post’s case, users shouldn’t have to pay not to be tracked.
In its letter, the ICO requested that the Washington Post improve its information rights practices and ensure its website users have the option to access all levels of subscription without having to accept cookies.
Although the two cases are subtly different (the Austrian publication does provide an option where users can have partial access in return for not giving consent, whereas the Washington Post has no free non-consent option), the different stances have concerned privacy experts. “This [Austrian] model looks very much comparable model with what WashPost is offering, which means that the two DPA decisions refer to comparable cases with contradictory results,” said Oliver von Versch, Hamburg-based publisher consultant.
“The fundamental change within the EU is that they are defining privacy as a ‘human right,’ which means that the concept of using privacy as a form of currency is illegal,” said Thomas Baekdal, Denmark-based publisher consultant. In other words, site visitors should be allowed to read all the free content regardless of whether they have given consent or not. “It seems pretty clear that publishers can’t do ‘give up your privacy or pay us,’” added Baekdal.
The European Data Protection Board, formerly known as the Article 29 Working Party, comprises the 28 EU regulators, is intended to help ensure DPAs align. The aim of this group is to provide consistency and discuss country-specific DPA decisions such as those made by French regulator CNIL last November. If a company operates across multiple countries, each with a DPA that has taken a different interpretation, the EDPB’s “consistency mechanism” kicks in, according to Matthiesen. However, no official clarification has yet been issued by the EDPB on how to resolve any discrepancies in approach. Digiday contacted the EDPB and will update this story if it responds. The ICO didn’t want to comment on another regulator’s decision until it had time to examine it in full.
Ultimately it’s the Court of Justice of the European Union, which gets the final say on any DPA opinion and decision. However, that can be a very lengthy process which could take years to be finalized, according to Matthiesen.
‘Off the field business’: Sports is still shaky but sports business publications see a lucrative play
The business of sports has been turned upside down and a number of media companies are racing to capitalize on the opportunity.
As the Facebook boycott ends, brand advertisers are split on what happens next with their marketing budgets
Of the top 20 Facebook advertisers, according to Pathmatics’ 2019 data, five of them -- Microsoft, Unilever, Diageo, Coca-Cola and CVS -- are keeping media dollars away from the social network.
‘No brainer’: Marie Claire launches sampling business to boost revenue and data practice
With retail on lockdown "Working in skincare, samples are the number-one way to get people into a product."
SponsoredAs live sports roar back onto screens, brands capture a social-media lift
By TJ Adeshola, head of U.S. Sports Partnerships at Twitter Live sports are back and sports fans couldn’t be more excited. It’s no surprise that communities across the country are welcoming their teams back with open arms. For many, the return of sports brings a sense of normalcy — 67 percent of U.S. fans see […]
‘Make bold moves’: How Allure is using its platform to challenge the outdated standards in beauty
Through the pandemic, seismic shifts have occurred in how brands can interact with customers. So beauty magazines, like Allure, have stepped up to provide a valuable connection between their consumers.
How the world’s biggest advertisers are spending (or not) as the pandemic grinds on
Having pulled back in Q1, some advertisers are gearing up for a big push in the second half of the year. Others are bracing themselves for a rocky road ahead.