To Safeguard Privacy, Advertisers Must Align Their Tech And Legal Departments

albertlukData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Albert Luk, VP of operations and general counsel at Jumbleberry.

FTC Commissioner Julie Brill recently urged the ad industry to abide by regulations related to cross-device data collection and native advertising.

This reminder to the industry is nothing new. The legal issues surrounding programmatic have been a concern for compliance officers in the industry since automated buying and selling took off. With the FTC now bringing these issues to the forefront, however, we can no longer overlook them.

As programmatic becomes more ubiquitous and gains visibility, legal issues are sure to arise. But advertisers can dodge the potential pitfalls by following best practices, keeping privacy top of mind and aligning the tech and legal sides of their businesses.

The Media Storm

As we’ve seen with the rise of ad blocking and prompts to opt out of cookie collection, the modern consumer is getting smarter about what information is being collected. And they are doing something about it.

Every legal issue starts with a media storm. In 2009, Facebook unleashed a blizzard of bad publicity over the implementation of its now infamous privacy policy. The policy gave privacy concerns a back seat in an attempt to simplify how users interfaced with the social media site. As a result, third-party application makers could obtain personal information from users without them knowing or consenting to such collection.

After being subjected to the costs of responding to regulators and the reputational damage from a perception that it didn’t care about users’ privacy, Facebook changed its tune and created more user-friendly policies. The message and lesson was clear: Tread carefully with the privacy rights of your community and balance legitimate business purposes with legal rights.

Applying the lessons of Facebook proved difficult. In 2014, Google admitted to privacy regulators that its AdSense and Adwords algorithm worked too well. A user who searched for a cure for sleep apnea was surprised to find that Google started serving him ads for medical equipment to treat his condition – a violation of Google’s own policies.

What was the root cause of the problem? The tech department created a far-too-sophisticated product, which is a good thing, but the legal department didn’t monitor it properly, which is a bad thing.

The regulators concluded that internal monitoring was lax, employees required more training of Google’s own policies and automated review systems needed upgrading. Sometimes the technological right hand moves too fast for the legal left hand to catch up.

In a more recent example, Bell Canada was allowing third parties to deliver targeted ads to its customers by using non-individualized data for network usage along with existing customer account information. Part of the issue is that the data, combined, could potentially allow a party to identify someone. Customer reaction was swift and negative. Bell is now subject to $750 million lawsuit as well as being on the losing end of a regulatory decision.

The Bell example addresses the newest legal problem in programmatic. A party can collect single points of data to facilitate programmatic legally. But, when combined with other pieces of data, have we tipped the balance between business purposes and privacy rights too far in favor of the former?

The technologist says never. The lawyers say it depends.

Don’t Get Sued

For those looking to avoid the next $750 million lawsuit, therein lies the problem. Can you align the business imperative of the tech department with the legal department? Neither code nor legalese are plain English, which makes communication between them hard.

But it’s not impossible. A good starting point is a privacy-by-design approach, which recognizes that privacy is not an afterthought but an everyday practice in how programmatic is carried out.

Advertisers need to align how programmatic is carried out with legal terms and conditions. Ideally, the legal department should be looped into the process early so it can make proper amendments to create such alignment and implement a proper monitoring program to ensure programmatic does not violate those policies.

Finally, the age of opt-out consent is over. Opt-in may become the standard as programmatic continues to grow. The perception remains that opt-out will cause less friction in the customer journey and allow technology to capture more data points but the risk to reputation and the bottom line, as shown above, is no longer hypothetical.

Follow Jumbleberry (@JB_Group) and AdExchanger (@adexchanger) on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!