As the deadline for GDPR compliance draws near, brands, publishers, and agencies are worried how the changes will affect them. Publishers in particular have major cause for concern.
Some experts feel the burden of GDPR falls on the publisher, and they’re not wrong. Here are three things that are worrying publishers, plus how they’re reacting.
1. Having the Bulk of User Consent Liability
Getting user consentis a major component of GDPR compliance, and the bulk of that liability is getting pushed onto publishers. Google wants publishers to be responsible for getting user consent for third-party websites and apps that use Google’s ad technology to sell ads. And that’s just one example of passing the buck.
Not surprisingly publishers are angry. They think agencies should take more responsibility for data sharing. As a safeguard, some publishers are negotiating contracts with ad tech vendors to ensure compensation in the event of a hefty violation fine caused by the vendor. They’re also including language that requires a vendor is GDPR compliant, too.
2. Failing to Be Compliant in Time
Getting user consent takes time, something that publishers don’t really have. A prime example are email newsletters. Here, publishers are being tasked with pinpointing a specific date when a user clearly consented to having their data used by publishers.
However, the majority of publishers don’t have this information on file, especially for long-time email subscribers. Not only will they need to track each subscriber down, but they risk a percentage of their subscriber base dropping out, too.
Consequently, many publishers are playing the “wait and see” game. Some are waiting to see if they’re exempt under the regulations, others are waiting for third-party provider tools, and some are waiting to see what their counterparts are going to do. But while waiting, they’re putting themselves at risk for hefty fines that can range in the millions.
3. Being Held Accountable for Others’ Data Leaks
Not only are publishers being held liable for the majority of obtaining user consent, but for controlling data leaks, too. One form of data leaks are agencies who bid on impressions they never intend to get, only to collect publisher data and sell it to consumers at a cheaper cost. This nefarious bait and switch puts publishers at risk under GDPR.
There’s also the issue of third-party cookies from vendors and others that run on publisher pages. These third-party cookies typically share a portion of data with publishers, even if the publisher isn’t using the info the cookies collect. If that data isn’t cleared for user consent, or it somehow gets hacked, publishers are jointly liable with the third-party vendor.
In an attempt to minimize risk, some publishers are drafting strict contracts that establish data-collection standards, emphasizing the prohibition of using cookies for data capture.
What Happens Next
There isn’t much time left, but it isn’t too late for publishers to attempt to right the ship. To minimize their risk, they need to be working only with partners that are GDPR compliant, conducting a data audit, creating a compliance plan, updating privacy policies, and appointing a Data Protection Officer (DPO).