September 5, 2018 | Uncategorized | by Alexian Chiavegato

GDPR Ethics from a Publisher’s Perspective

Imagine this scenario. You walk into a supermarket and select a shopping basket full of items. You come to the checkout, get to the register and then politely decline to pay for all of those items. Yet, you walk out of the store with those items because somebody, somewhere decided that this is how it’s supposed to be.

How is this supposed to work for the owner of the supermarket?

Well, in one particular case, the “somebody” is the General Data Protection Regulation (GDPR) and the “somewhere” is the European Union. And this ethically challenging situation is being faced by many online publishers who, of course, are in the business of publishing content that can be monetized to the benefit of the publishers.

Yet, according to GDPR, publishers cannot block content if they don’t receive consent to use the user’s data. But this is a conundrum for publishers that have “free” content. They rely on this data because the data is what attracts advertisers. For the majority of publishers, this is their most important revenue stream. It allows them to auction off ad space at a premium because the inventory comes with targeting information, generally considered the “holy grail” of advertisers. That’s because advertisers and marketer’s value efficiency in their spending. The idea is to place the right ad at the right time to the right audience. Remember, “targeting” also benefits users. It allows advertisers and publishers to display ads that are relevant to users based on their interests so that instead of arbitrarily displaying random ads, users see advertisements for products and services that they might be interested in, thereby adding value to their browsing experience. If regulations to protect consumer privacy and data, however well-intentioned they are, take away that ability, it’s a problem. Nobody likes simply throwing money away.

Of course, the simplest solution is to block any user within the European Union who is subject to GDPR. And this has been done (and still being done) by several U.S. publishers against people with IP addresses based in the EU, solely based on the feeling that the requirements for full compliance can be quite onerous on publishers. So why bother? But many publishers, especially in the EU, don’t have that luxury.

And, of course, the ad tech industry finds itself smack dab in the middle of the entire situation. For the seekers and readers of online content, ad techs have been placed in an uncomfortable position to provide a safe environment where all the data is processed with proper consents. And, like Marfeel, most entities in the ad tech industry are committed to being fully GDPR compliant. We have implemented the technical mechanisms for our platform that explicitly complies with GDPR’s regulations. This includes using a Consent Management Framework (CMP) that follows IAB Europe’s framework and standards, listing the relevant vendors according to the IAB Global Vendor list. We’ve also put into operation the systems that allow our publishers to inform their users about the third-party vendors (analytics, ad networks, etc.) they employ and those parties’ own privacy policies.

Yet, ad techs still need to provide to publishers programmatic ad revenue to help keep them in business so this means, de facto, that ad tech is basically the police for GDPR laws. This is simply an untenable position to be in. Ad techs are the ones actually analyzing the cost of GDPR for publishers. It opens up the possibility of the industry playing the role of judge and jury in deciding whether or not it makes sense to be fully GDPR compliant in certain situations. For example, we are already seeing different regions or countries adopting different practices with consent popups. Seeing how complicated GDPR is, would it be surprising to learn that perhaps no one is 100-percent compliant right now? Would you be surprised if some folks deemed GDPR compliant still aren’t completely following the rules because it’s damaging to their business? Nobody in their right mind should cut corners with compliance. But sometimes people lose their minds if it means keeping their livelihood.