With less than a month to go until the enforcement of the General Data Protection Regulation, publishers are still working hard to vet ad tech partners.
Publisher executives gathered at the Digiday Hot Topic UK: GDPR event in London on May 1 to share how they’ve approached getting compliant.
Here are the takeaways:
GDPR will speed the ad tech winnowing
With the GDPR looming, ad tech partners that can’t guarantee compliance with publishers will be dropped fast. For instance, ad tech companies must be able to tell travel publisher Lastminute.com’s sales team how their technologies track readers legally under the regulation; otherwise, they won’t be able to access its inventory, according to Alessandra Di Lorenzo, chief commercial officer for media and partnerships at Lastminute.com.
However, a shorter supply chain won’t necessarily equate to a GDPR-proof commercial model, as GiveMeSport discovered. The sports publisher went from working with 23 different ad tech partners to five partners last year in an attempt to gain more control over how its inventory is sold. Despite the move, it didn’t realize how many companies were plugged into its site until it did a test that found up to 500 companies were processing its visitors’ personal data in ways that could be illegal under the regulation.
“We looked through all the partners plugged into the site and recognized 8 percent of them — that’s pretty shocking,” said Ryan Skeggs, gm at GiveMeSport. “We didn’t have any idea who 92 percent [of those businesses] were.”
Axel Springer: Don’t let GDPR strengthen the duopoly
Two major European publishers have endorsed the arrival of the Internet Advertising Bureau’s Transparency & Consent Framework: Axel Springer and Schibsted. The framework’s concept is that participating publishers can select which ad tech vendors they wish to continue working with for programmatic from a centralized list of vendors. Once publishers have chosen vendors from the list, they must then get consent from the consumer on those vendors’ behalf. The framework produced a mixed response from some publishers when it was initially unveiled in March. The core gripe: The framework would require them to assume the legal risk in order to maintain ad tech’s status quo.
Moritz Holzgraefe, Axel Springer’s chief operating officer of corporate digital platforms, called for publishers to get behind the framework and its standardized way of gaining consent. If they don’t, publishers will fall behind while other major players like Google take control of the situation.
“Google interprets the law in a certain way and has the power to push that back to the market. But at Axel Springer, we want to have control. That’s why we have picked the IAB framework,” said Holzgraefe. “We need an industry standard and think the IAB framework has a chance [of working] — it gives us [publishers] more control of the vendors and better control over data leakage. Google will push its own solution, which is better for itself, but which we regard with skepticism.”
The wrestling match to become data controller
The GDPR puts a premium on consent. Theoretically, this is good for publishers, which have direct relationships with users, unlike unknown ad tech middlemen. But some publishers see a danger in becoming the one to ask for consent on behalf of others using their leverage. Google wants publishers to gain consent on its behalf to continue using some of its ad services. Google wants to gain co-controller status in the process, which would give it more control over the use of the first-party data. That approach has prompted major backlash from publishers in the U.S., with three media trade associations appealing to Google directly to change its GDPR demands on publishers.
For magazine group Immediate Media, publisher of consumer titles like Top Gear, accepting a co-controller status with big players like Google is inevitable.
“There are some things we’re asking our tech partners to do that we cannot ask them to do without being co-controllers,” said Duncan Tickell, managing director of advertising and international at Immediate Media. “That hot air that you’re hearing about these evil ad tech partners who are asking you to do stuff that you shouldn’t, we don’t see it like that. We see it as there are some things that you need to do as a co-controller and some things that you can take back a little bit of control — and have people just be processors.”
Jessica Davies contributed reporting.
Download Digiday’s full guide to GDPR.