Despite the enforcement of General Data Protection Regulations coming into play in the EU since 2018 and regulators elsewhere clamping down on how companies can access individuals’ data, practices are still lax.
As fines of up to €20 million, or 4% of a company’s global turnover, for GDPR violations came into prospect many publishers began to rely on consent management platforms to facilitate the submission and transfer of user consent for advertising purposes.
Although, facilitating the extraction and compliant transfer of audience data has not been all plain sailing in Europe over the past four years. And a report published this week claims that companies are unknowingly in breach of global data protection laws, including in Europe and the Americas, with consent management platforms a particular area of concern.
The audit was published by a company called Compliant, an outfit that claims to offer brands full transparency over their data supply chain, in a whitepaper dubbed “Data Privacy: The Compliance Illusion.”
It contains a Data Safety Index in which Compliant asserts that publishers in the region are placing themselves at risk of censure with a number of findings. Among them:
- 92% of European publishers operate a CMP
- 81% of these publishers pass user data to third parties before consent is gained
- The average European publisher website contains 27 piggybacked tags
At the core of the situation is ‘piggybacking’ — a method by which third-party tags access user data, oftentimes without direct authorization from a publisher (see video below).
Jamie Barnard, CEO of Compliant, told Digiday that the incorrect installation of CMPs on a publisher’s website can often be at the core of the problem and that the intricate ways in which many ad tech stacks are interwoven can also create difficulties for attempted remedies.
“It [a publisher’s ad tech operations] can be like a Jenga stack,” he explained. “Within organizations, rebuilding the ad tech stack is very difficult… replacing component parts that you don’t want anymore is hard because they’re all glued together, horizontally, vertically, and diagonally. No one wants the responsibility of pulling the whole thing down.”
While the use of piggybacking is often benign, it does introduce risk, and the ad ops teams at many publishers simply lack the resources to monitor piggybacked activity on their domains.
One publisher-side source, who requested anonymity as they were not cleared to speak with the press, noted how ad ops teams are often under more direct pressure to remain on track to hit their advertising targets. “When it comes to it, nobody has time to do all those things like reading Ads.txt lists, etc.,” they noted.
The study is the second audit of the sector containing such findings to be shared with Digiday in under 12 months. A 2021 study from Ebiquity analyzed 200,000 cookies and found that a third (32.3%) of those cookies were fired without valid user consent.
In addition, researchers also found that 70% of third-party marketing cookies transferred user data outside of the European Union, a practice that is subject to strict regulatory requirements.
‘Halloween is when Christmas ends’: A look at publishers’ pre-Black Friday commerce content playbooks
Publishers' Black Friday coverage plans are starting earlier and earlier but commerce teams are evolving to meet the demand.
How social media managers are coping with the Twitter debacle
Twitter – once a stable and trusty workhorse for social media strategists – now resembles the most wildly unpredictable social platform in the marketing arsenal.
‘A big reset in 2023’: After Big Tech’s mass layoffs, job candidates face intense competition
Recruiters report that 'we've never seen a market quite like this' as tens of thousands of employees flood the market.
SponsoredWhy cookie deprecation is deflating performance and inflating costs for advertisers
With the full deprecation of third-party cookies on the horizon, advertisers and publishers are navigating a challenging and quickly evolving landscape. The sunset of the third-party cookie continues as usage and lifetimes fall. Their deprecation is preventing brands from effectively measuring the effectiveness of media campaigns in real-time at highly granular levels. As the industry […]
Martin Sorrell-backed S4S Ventures, Bertelsmann invest $10M in data asset management outfit as it blends new content, analytics-based marketing for clients
The recent explosion in content has created the need not only for more sophisticated tools to manage it, but better ways to attach data and analytics to the content in order to better optimize it at the right time for the right opportunity.
Member ExclusiveMedia Buying Briefing: Which media will buyers turn to in a soft local market in 2023?
Traditional media including broadcast and print are expected to be hit hard by revenue losses. What will save local from a deeper downward trend next year will be local ad spending on digital, digital out-of-home (OOH) media and connected TV.