The arrival of the General Data Protection Regulation has advertisers worried they’ll be on the hook for violations of their agencies, tech vendors and publishing parters.
Under GDPR, advertisers will often operate as the controller given they own the data that’s being processed by agencies or ad tech firms to target ads. It is, however, getting harder for advertisers to know what companies — whether directly or indirectly — are processing that data due to revisions to data processing agreements. Without that knowledge, it leaves brands open to fines if there’s a GDPR screw-up even if it isn’t their fault.
“Advertisers are concerned that the data-processing agreements they’re being asked to sign don’t give them enough protection as the data controller,” said Matt Green, global lead for media and digital at the World Federation of Advertisers.
In the weeks leading up to and then immediately after the arrival of GDPR, advertisers were flooded with DPAs, created to comply with the regulation — from agencies and ad tech vendors they struggled to understand. Nissan, for example, is currently working with its agencies to assess the privacy policies of ad tech firms it uses.
“We’re working with our agency partners to rank our data partners,” said Nissan’s top marketing executive in Europe, Jean-Pierre Diernaz. “Some will become clear winners against others. It’s a learning curve. You could argue that the industry is currently in a wait-and-see moment when it comes to the GDPR before the ecosystem is properly restructured. I would assume that once that’s done the programmatic environment is going to improve.”
But not every advertiser can call on the media, data and procurement expertise that Diernaz can. Data-protection officers and legal-counsel staff have been heavily overburdened with companywide GDPR projects. The WFA, like the British advertiser trade body ISBA before it, has launched a DPA addendum with the Dutch Advertising Association that Green claimed will show brands how to reapportion liability more evenly between themselves and their partners.
A key part of the addendum, which has been devised by digital media consulting firm Digital Decisions, is to give advertisers the leverage needed to manage the data processors and sub-controllers they share data with. It won’t just cover operational partners, like agencies or trading desks but ad tech firms, Facebook and Google, as well as the different cloud providers like Amazon Web Services.
“It’s inevitable that the DPAs written by publisher or an agency, for example, will represent their data-processor perspective,” said Green. “There are many documents out there that don’t always represent the data controller so what we’re trying to do seeks to re-address that balance.”
Agencies, ad tech providers and law firms say many clients were caught unprepared for the ramifications of GDPR and thought they could simply shift liability off on partners.
“Some brands used their DPAs as an excuse to send massive (30-page plus) addenda, and some agencies signed without really reading what was in there,” said one exec at a law firm. “Other agencies took control of the issue and sent our pro processor DPAs, which tired to apportion risk in a way that is favorable to agencies. Lots of those DPAs were sent out prior to the May deadline for the GDPR, but I’m still seeing lots of clients negotiating them because not all DPAs were signed prior to the deadline.”
Advertisers admit they will probably need to work with fewer advertising businesses post-GDPR, and yet knowing which ones to pick is as complicated as it is urgent. Large swathes of the third-party data market have clearly decided that legitimate interests is their best bet. It probably is, but that’s fundamentally different to it being a good bet.
“It’s easy to see how the more established platforms and partners will benefit in the short-term,” said Sam Fenton-Elstone, CEO of media agency Anything is Possible. “For many, the bigger platforms reduce risk. They are a safer bet. This remains to be seen, however. We’ve seen how even the biggest [online] media platforms have dealt with personal data, and it wasn’t pretty.”
With Roku leading the pack, study says 94% of households are reachable through CTV
Connected TV remains on the rise in programmatic advertising, fueled by the popularity of Roku, Samsung and Amazon devices.
Digital investors take time out as British Pound plummets
Don’t expect an M&A frenzy, despite Sterling’s historic low, as volatility cools investors’ appetites.
Member ExclusiveMedia Briefing: The pros, cons of three pricing models for publisher, sportbook content deals
Publishers and sportsbooks are looking for new payout models beyond the standard cost-per-acquisition structure, which is priced on average between $200-500 per new customer.
SponsoredHow FAST channels are redefining primetime opportunities for advertisers
Sponsored by Vevo With the competition from content providers continuing to build, the traditional primetime TV slots are no longer guaranteeing the mass audiences they once did. Television viewership is evolving, and the primetime window of 8–11 p.m. is less broadly reflective of younger audiences’ content consumption habits. In 2022, attracting TV viewers is a […]
The New York Times looks to gaming product to grow subscriptions
The Times' use of games as a subscriber funnel is part of a renewed focus on gaming sparked by the company's acquisition of Wordle in January.
Inside the NFL’s youth-focused social strategy
As part of the NFL Content Creator Network, the league is engaging with fans in new, innovative ways via gaming or just through creative social media activations.