By Cameron Hulett, Global Head of Sales and Marketing at Acceleration
Online marketers are aggressively moving away from buying content, towards buying audience in real time. To buy audience you need data, which means that data is the new fuel of digital marketing.
This has everyone, from publishers to ad networks to data providers, scrambling to own that data and use it to their advantage.
To protect consumers from being exploited in this war, new EU data privacy legislation was introduced in May 2011 which has far-reaching implications for how publishers receive approval, collect data and use this data.
For publishers to protect themselves, first they need to understand what the legislation means, what they need to do in order to become compliant and what collection is occurring on their sites. A breakdown of the EU Data Legislation
The new EU data privacy legislation is complex. It includes rules for websites using cookies and similar technologies, fines for serious breaches of the regulations (up to £500,000) and has investigative powers for the Information Commissioner’s Office (ICO). The topic of third party cookies is however, the weakest part of the guidance and certainly the most challenging area in which to achieve compliance.
The ICO comments:
“The process of getting consent for these cookies is more complex and our view is that everyone has a part to play in making sure that the user is aware of what is being collected and by whom.”
In summary, the new legislation requires businesses and organisations to receive informed consent before dropping cookies on computers within the EU, irrespective of where the website is hosted
. This means that even US sites need to be compliant for site visitors residing in the EU. In addition, publishers are liable for 3rd party data collection and utilisation activities.
But the threat is not only legal non-compliance, but also loss of valuable data, which can have a very real commercial impact. Nearly every third party serving an ad or widget on a publisher’s site is attempting to gather and reuse the data, either secretly or openly.
It effectively allows them to sell or leverage a publisher’s data to compete against the publisher itself.
The directive suggests that publishers do three things:
So what does all of this mean for publishers?
- Have an audit performed as soon as possible to determine what type of cookies and similar technologies you use and how you use them. Then classify what is ‘strictly necessary’ vs. ‘requires consent’, and remove highly intrusive collection channels.
- Assess how intrusive the cookies are compared to your business expectations/requirements and legal requirements.
- Develop a plan and decide which solutions you will implement to obtain consent. Relying on browser settings is not sufficient. This plan must be implemented by March 2012.
First, it means that publishers need to get their house in order before March 2012. This is a clear requirement that most publishers can meet, albeit with some effort.
But the legislation also produces an opportunity: when considering who this legislation will most adversely affect, it is surely the third parties such as the ad networks, data exchanges and trading desks. Their entire business models revolve around data. So although the legislation creates extra work, it also means publishers have the opportunity to regain control of audience data, which they can leverage to their own advantage.
Publishers need to look beyond the legal ramifications and see the potential commercial benefits of the legislation. Third parties have been eating publishers’ lunch for some time. The legislation forces the game to change, but the question remains: will publishers seize the opportunity?
This article is based on a presentation given to AOP’s Product Development Committee
is an Associate Member of AOP
Join the AOP group on LinkedIn
- open for all Members
to AOP's e-newsletter.