UK publishers are banding together to get clarity on GroupM’s GDPR policy

The aim of the AOP-led meeting with GroupM is to iron out gray areas in the contract, so publishers can fully understand what it requires and then decide if they are willing to sign it, according to Richard Reeves, managing director of the AOP.

GroupM has been open to the discussion. “We are continuously engaged in positive dialogue with the AOP, and we’re pleased they’ve reached out about our approach to the GDPR,” said Bethan Crockett, senior director of brand safety and digital risk for GroupM in Europe, the Middle East and Africa. “We are looking forward to meeting with them in the coming weeks, which presents us all with a great opportunity to discuss questions, share perspectives and work together on best practices.”

The decision to engage directly with GroupM came after a recent meeting of AOP board members, according to the AOP. The Telegraph, Dennis, ESI Media, the Guardian, News UK, Centaur Media and Incisive Media are among the board members, though the AOP wouldn’t confirm which ones attended the meeting.

“It is in the interest of the entire industry that we understand what the motivations and values are [of all publisher partners] around pivotal moments like GDPR and the ePrivacy Regulation,” said Reeves. “Our approach is entirely driven by a recognition of responsibility and a desire to continue to retain and respect consumer trust.”

A bone of contention in the DPA for some publishers Digiday spoke to has been legal loopholes, which they believe would make them vulnerable under the GDPR, should they sign the contract. The idea is to address all concerns in the meeting.

The question of who should shoulder liability under the GDPR has become seriously blurred over the last few months, with companies trying to pass liability up and down the supply chain for months. Publishers are classified as data controllers under the GDPR because they are the source of audience data and therefore have a direct relationship with users, meaning they are in a strong position to ask for users’ consent to track their online behavior.

Publishers must also ensure they have consent in order to work with their advertising partners and that all their ad partners are compliant in turn. It’s harder to gain consent for companies like agencies and independent ad tech vendors, which are classified as data processors under the GDPR, as their brands aren’t known to consumers. That’s meant that publishers are in some ways having to act as vehicles to gain consent on behalf of their partners.

However, some publishers believe they have allowed advertising intermediaries to make money from their own site data, with little or no benefit to themselves, for too long, sources said. Issues such as the rise of ad blocking in 2016 shed light on how user experience has become secondary to programmatic ad revenue. Now, many publishers feel the GDPR is the moment to fully course-correct, ensuring they are firmly back in control of their digital ad supply chain and guaranteeing consumer trust.

“We have, as an industry, commoditized users [with practices like bad retargeting] and alienated them from the ad experience,” said Reeves. “That has undermined their confidence and trust. But premium publishers genuinely respect the relationship they have with their consumers and understand the importance of maintaining that trust. So we won’t be endorsing actions that have the potential to contravene the legal position of GDPR and further undermine consumer confidence.”

The GroupM DPA came soon after Google reportedly asked publishers to gain consent on its behalf for third-party websites and apps that use Google’s ad technology to sell ads, according to The Wall Street Journal.

At the request of its publisher members, the AOP is working with its legal counsel to gain clarity on Google’s GDPR consent plan, according to Reeves. He said the U.K. trade body has been speaking with U.S. publisher trade body Digital Content Next to ensure their findings align.

DCN’s CEO Jason Kint has vehemently disagreed with any notion that Google can assume a co-controller role. “We [DCN] intend to raise the bar on consumer and advertiser trust globally,” he said. “It’s high time Google and Facebook step up as leaders to ensure this is happening rather than playing legal games to protect their duopoly.”

Download Digiday’s guide to GDPR for checklists, research, a GDPR dictionary and more.