Home Online Advertising Acxiom’s European Privacy Officer (Mostly) Demystifies GDPR

Acxiom’s European Privacy Officer (Mostly) Demystifies GDPR

SHARE:

The EU’s General Data Protection Regulation (GDPR), which will become law next May, is stressing out the marketing industry.

“I have a feeling that people are just scared,” Acxiom’s European privacy officer, Sachiko Scheuing, told AdExchanger at Dmexco in Cologne, Germany. That fear may be preventing many advertisers from speaking up in the debate over GDPR.

GDPR was supposed to establish what sort of data sites can collect without asking for an opt-in.

However, a part of GDPR that’s still being drafted – called the ePrivacy Regulations – requires an opt-in for any data that is collected. This stance contradicts the more permissive parts of the GDPR, and it’s creating consternation among publishers, who argue that those with the largest audiences will have an easier time collecting opt-ins than smaller companies. This situation will allow power to accrue to only a handful of powerful players with large audiences.

“They are saying [in regulation drafts] that maybe the browser setting is sufficient,“ Scheuing said. “99.9999% of all the companies in the digital ecosystem and advertising and marketing field will not have much of a say in how the browser can function.”

Scheuing teased out more of the nuances of GDPR – and explained some of the basics – to AdExchanger.

AdExchanger: What’s the background of GDPR?

SACHIKO SCHEUING: It was not created with the vision of making a stumbling block for the economy.

A long time ago, when EU President [Jean-Claude] Juncker took his position, he took a look at the digital sector. He proposed a single market vision to make sure there was a legal framework to support more startups, and one of the first laws to be adopted is GDPR. The goal was to make privacy law in Europe uniform to help European economic expansion.

What are the consequences of GDPR that have everyone so worried?

You will have a maximum of 4% of your global annual turnover as sanction. You can be a DMP that is working on a margin of 10% or 20%, and they don’t give a toss. Since it’s your turnover, it could really hit companies. And they are introducing this concept of collective redress, which sounds fancy but it’s a class action in European English, which is also making people nervous. The law is applicable for companies established outside the EU, but who doesn’t sell goods and services to European consumers?

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

The original goal was to replace opt-ins. Why?

First, as a user I get annoyed every time I have to click “Yes, I agree.” I just got a new mobile phone and the number of times I had to do that was not normal. But the real problem is that by having the consumer click “I accept,” the legal responsibility is shoved over to the user. GDPR is going to make companies accountable by default, that they are respecting the privacy of their users. I think this is a fair deal.

What are these accountability standards?

You have to satisfy three conditions.

One, you have to have a legitimate interest. The law says that direct marketing is a legitimate interest. And you have to balance your interests against the interest of the consumer, which is referred to as “balance of interest.”

Condition two is that it has to meet the consumer expectation, and lawyers interpret that to mean more transparent.

The third thing is that you provide an opt-out link. If you fulfill those conditions, and do have a legitimate interest, that is the legal ground upon which you can process data. That’s the one good news.

The draft of the ePrivacy Regulation, on the other hand, is requiring an opt-in.

There is a huge discrepancy between [GDPR and ePrivacy Regulation], which is a sector-specific law of GDPR. We current have the first draft from the European Commission, and they say you can only do everything and anything if you have an opt-in.

On one side, you have people saying you need to think about the nature of this law. It’s supposed to be a specification of GDPR. We acknowledge that opt-in consent is not working, so why are we throwing that out of the window? The other camp, and this is often the Greens or the socialists, are saying that this is a human right, and they will not back down from an opt-in.

The opt-in requirement is not drawing raves from publishers.

Absolutely. Last week I was at a European publisher conference in Brussels, and they had a lively debate with the European reps of parliament, the commission and the industry.

They were appealing to the coalition that even with the millions of readers that some newspaper publishers have, it’s still limited [reach]. If this is going to be opt-in, it’s going to be bad for consumers.

Parliamentarians were saying that if users are paying with their data, publishers should just ask them for X euros to view the article.

To that, the publishers said, “We are not only interested in revenue, but also wide readership. We want to spread the news, and that is going to kill information plurality, because only those who can collect opt-ins will be able to provide articles.”

Acxiom-owned LiveRamp is involved in a consortium with other ad tech companies that will create a single identifier across companies. Is there a GDPR angle behind this consortium?

The moment you are doing something with European data, it’s applicable, and we have privacy engineers at Acxiom heavily involved.

What’s good about this is that [the consortium] is a pseudonymous process. Pseudonymous data is personal data, but like cookies or device IDs, I don’t know whose device ID is it unless I have the registration data.

The term comes from Germany, which has had it for decades, and it’s why Germany is flourishing despite having the toughest of privacy laws. By using pseudonymous data, you are protecting the risk a lot more.

It’s important for us to sell this idea of how to use pseudonymous data, and how it can protect data but also enable economic growth and free usage. Why not put pseudonymous data into ePrivacy Regulation? Imagine the benefit it would bring to all of us, and it will be in line with GDPR. 

This interview has been condensed and edited.

Must Read

Comic: Alphabet Soup

Buried DOJ Evidence Reveals How Google Dealt With The Trade Desk

In the process of the investigation into Google, the Department of Justice unearthed a vast trove of separate evidence. Some of these findings paint a whole new picture of how Google interacts and competes with its main DSP rival, The Trade Desk.

Comic: The Unified Auction

DOJ vs. Google, Day Four: Behind The Scenes On The Fraught Rollout Of Unified Pricing Rules

On Thursday, the US district court in Alexandria, Virginia boarded a time machine back to April 18, 2019 – the day of a tense meeting between Google and publishers.

Google Ads Will Now Use A Trusted Execution Environment By Default

Confidential matching – which uses a TEE built on Google Cloud infrastructure – will now be the default setting for all uses of advertiser first-party data in Customer Match.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Unraveling The Mystery Of PubMatic’s $5 Million Loss From A “First-Price Auction Switch”

PubMatic’s $5 million loss from DV360’s bidding algorithm fix earlier this year suggests second-price auctions aren’t completely a thing of the past.

A comic version of former News Corp executive Stephanie Layser in the courtroom for the DOJ's ad tech-focused trial against Google in Virginia.

The DOJ vs. Google, Day Two: Tales From The Underbelly Of Ad Tech

Day Two of the Google antitrust trial in Alexandria, Virginia on Tuesday was just as intensely focused on the intricacies of ad tech as on Day One.

A comic depicting Judge Leonie Brinkema's view of the her courtroom where the DOJ vs. Google ad tech antitrust trial is about to begin. (Comic: Court Is In Session)

Your Day One Recap: DOJ vs. Google Goes Deep Into The Ad Tech Weeds

It’s not often one gets to hear sworn witnesses in federal court explain the intricacies of header bidding under oath. But that’s what happened during the first day of the Google ad tech-focused antitrust case in Virginia on Monday.