The arrival of the General Data Protection Regulation has advertisers worried they’ll be on the hook for violations of their agencies, tech vendors and publishing parters.
Under GDPR, advertisers will often operate as the controller given they own the data that’s being processed by agencies or ad tech firms to target ads. It is, however, getting harder for advertisers to know what companies — whether directly or indirectly — are processing that data due to revisions to data processing agreements. Without that knowledge, it leaves brands open to fines if there’s a GDPR screw-up even if it isn’t their fault.
“Advertisers are concerned that the data-processing agreements they’re being asked to sign don’t give them enough protection as the data controller,” said Matt Green, global lead for media and digital at the World Federation of Advertisers.
In the weeks leading up to and then immediately after the arrival of GDPR, advertisers were flooded with DPAs, created to comply with the regulation — from agencies and ad tech vendors they struggled to understand. Nissan, for example, is currently working with its agencies to assess the privacy policies of ad tech firms it uses.
“We’re working with our agency partners to rank our data partners,” said Nissan’s top marketing executive in Europe, Jean-Pierre Diernaz. “Some will become clear winners against others. It’s a learning curve. You could argue that the industry is currently in a wait-and-see moment when it comes to the GDPR before the ecosystem is properly restructured. I would assume that once that’s done the programmatic environment is going to improve.”
But not every advertiser can call on the media, data and procurement expertise that Diernaz can. Data-protection officers and legal-counsel staff have been heavily overburdened with companywide GDPR projects. The WFA, like the British advertiser trade body ISBA before it, has launched a DPA addendum with the Dutch Advertising Association that Green claimed will show brands how to reapportion liability more evenly between themselves and their partners.
A key part of the addendum, which has been devised by digital media consulting firm Digital Decisions, is to give advertisers the leverage needed to manage the data processors and sub-controllers they share data with. It won’t just cover operational partners, like agencies or trading desks but ad tech firms, Facebook and Google, as well as the different cloud providers like Amazon Web Services.
“It’s inevitable that the DPAs written by publisher or an agency, for example, will represent their data-processor perspective,” said Green. “There are many documents out there that don’t always represent the data controller so what we’re trying to do seeks to re-address that balance.”
Agencies, ad tech providers and law firms say many clients were caught unprepared for the ramifications of GDPR and thought they could simply shift liability off on partners.
“Some brands used their DPAs as an excuse to send massive (30-page plus) addenda, and some agencies signed without really reading what was in there,” said one exec at a law firm. “Other agencies took control of the issue and sent our pro processor DPAs, which tired to apportion risk in a way that is favorable to agencies. Lots of those DPAs were sent out prior to the May deadline for the GDPR, but I’m still seeing lots of clients negotiating them because not all DPAs were signed prior to the deadline.”
Advertisers admit they will probably need to work with fewer advertising businesses post-GDPR, and yet knowing which ones to pick is as complicated as it is urgent. Large swathes of the third-party data market have clearly decided that legitimate interests is their best bet. It probably is, but that’s fundamentally different to it being a good bet.
“It’s easy to see how the more established platforms and partners will benefit in the short-term,” said Sam Fenton-Elstone, CEO of media agency Anything is Possible. “For many, the bigger platforms reduce risk. They are a safer bet. This remains to be seen, however. We’ve seen how even the biggest [online] media platforms have dealt with personal data, and it wasn’t pretty.”
Media Briefing: The case for and against monthly and annual subscriptions in the battle for retention
There are no one-size-fits-all solutions for improving retention in a subscriptions business. While annual subscribers might stick around longer for some, other publishers will have better luck with monthly plans.
Digiday+ Research: The economy will hit the media and marketing industries this year, but differently
The economy will plague both the media and marketing industries in 2023, but the hit will be uneven between publishers and agencies.
Podcast ad buyers have yet to see a slowdown
Ad buyers have yet to see clients cut their podcast budgets – though the time of podcasts as the shiny new medium may be coming to an end.
SponsoredWhy Best Buy Ads sees retail media as integral to its customer-centric purpose
Sponsored by Best Buy Ads Retail media networks have become critical for marketers, with retailers investing in ways that enable advertisers to engage consumers across online and offline channels. Given the wealth of retailers’ first-party customer data and measurement capabilities, retail media networks have become a natural fit for augmenting performance marketing programs. Alongside the […]
The programmatic open marketplace is faltering, but publishers see a bright spot in private programmatic deals
Publishers are coming to terms with their open programmatic marketplace RPMs being 20-55% lower than they were this time last year, but the hope is that programmatic guaranteed deals will make up the deficit.
Atlas Obscura wants to be profitable before raising funds in a tricky media market
Atlas Obscura wants to turn a profit this year before it raises another funding round, at a time when publishers are facing lower valuations and pickier investors as deal activity slows.