Back to Blogs
By Aqilliz
Published on July 09, 2020
From the anticipation of the demise of third-party cookies, coronavirus contact tracing apps, to new regulatory frameworks on the horizon, privacy has been front and centre for businesses, regulators, and consumers alike. But what is privacy, what does it have to do with data protection, and where are we today, in developing global industry standards to hold ourselves accountable?
Last night, the Global Advertising Lawyers Alliance (GALA) and the International Advertising Association (IAA) unveiled the world’s first guide to privacy laws and their impact in marketing and advertising. Entitled “Privacy Law: A Global Legal Perspective on Data Protection Relating to Advertising & Marketing”, the over 700 page guide offers a holistic view of how privacy frameworks and data protection regulations impact the advertising and marketing ecosystem in more than 70 countries.
To mark the occasion, our CEO Gowthaman Ragothaman spoke on a panel entitled “Evolving Privacy Regulations and the Challenges of Dealing with a Fragmented Regime” with:
  • Cecilia Alvarez, EMEA Privacy Policy Director at Facebook
  • Daniel M. Goldberg, Counsel, Privacy & Data Security Group at Frankfurt Kurnit Klein & Selz
  • Soren Pietzcker, Partner and EU-GDPR expert at Heuking Kühn Lüer Wojtek and GALA German Representative and Privacy Expert
  • Srinivasan Swamy, Chairman and Managing Director of RK Swamy Hansa group and Chairman of IAA
  • Moderator Carla Michelotti, former Chief Legal, Government, and Corporate Affairs Officer at Leo Burnett Worldwide and Strategic Consultant and IAA Vice President for Government Affairs
Touching upon the culture of privacy and surveillance, the need for common industry standards, and the realities of self-regulation, we’ve unpacked some of the key takeaways from last night’s discussion.
According to Alvarez, while data protection is a “fundamental right”, like all fundamental rights and freedoms, it is not absolute. Considering the integral part that data now plays today across the entirety of the global digital economy, “the issue should not be to avoid data collection or to avoid data sharing, per se, but to focus on how this data gathering, data use, and data sharing, is made responsible”.
While GDPR certainly isn’t the first of its kind, it definitely has inspired other similar frameworks around the world. In aggregate, these regulations represent the crucial first step in outlining what looks like “a more responsible approach” to how data ought to be handled.
That said, GDPR has been highly publicised and in some cases to its detriment. Alvarez describes this as the transition of going from “being ignored to being scared” due to a lack of education among businesses who suddenly feel tasked with the burden of responsibility. Instead, businesses should first focus on the safeguards of how they’re handling data, to ensure that their activities best serve the interests of their consumers in a compliant manner. Leadership should also be supportive of their data protection officers, ensuring that they’re perceived as enablers rather than a hindrance to day-to-day operations. A culture of data protection needs to be encouraged from the top-down.
The unfortunate reality is that not all jurisdictions have sufficiently robust data protection frameworks and in some cases, have no frameworks at all. Right now, what advertisers are either doing is tackling each market individually or taking a lowest common denominator approach by using GDPR as the gold standard. “At the end of the day, it’s about being a good citizen or a good corporation. It’s about respecting the dignity of human beings.” according to Alvarez.
According to Goldberg, in view of the COVID-19 crisis, the collection of sensitive healthcare data will lend to a pendulum swing in perceptions of how data is treated across the board—“with increased data, comes increased scrutiny”. Singapore’s Personal Data Protection Commission has issued an amendment that some might view to be “toeing the line between ensuring public safety and surveillance” as G’man pointed out, whereby data can be collected without consent for contact tracing. Meanwhile, Pietzcker pointed out that within the EU, the existing appreciation and recognition of GDPR has resulted in “increased expectations” from consumers that while data must be collected at this time, it must be treated appropriately.
In the beginning, there was only context and context has predated the use of cookies for decades. Cookies, on the other hand, came in with the goal of providing enhanced personalisation. Intrusive at best, third-party cookies are enabling a system that hampers customer experience and brand perception as a whole. What’s crucial here is consent and moderation—first-party data must be used with consent and its use must be moderated. According to G’man, “when the cookie crumbles, there will be reduced personalisation, less snooping, and enhanced use of first-party data.”
Google isn’t the first—let’s remember that Apple’s Safari and Mozilla’s Firefox already began phasing out support for third-party cookies years prior. The reality is, we just need to accept that there will be multiple browsers and in some emerging markets, this will be especially pronounced in very mobile-first societies. Consumers are going to be engaging the online environment not only through browsers, but also mobile applications. This goes beyond browsers—it’s simply not enough to subsist with the infrastructures we have at our disposal today.
Privacy is going to be a key competitive differentiator across all industries in the years to come. If a company is privacy compliant, the chances and opportunities for collaboration are greater. Choosing your partners well and ensuring that they’re behaving ethically will be key as the advertising and marketing ecosystem becomes increasingly collaborative as a whole.
While there may be concerns that engaging with anonymised or pseudonymised data is a setback, the big takeaway for brands is that there are simply additional obligations around the data but not that we can’t do things with it as a whole. “We need to recognise that we’re going to be wearing different spectacles to see our consumers—it’s going to be high-definition”, according to G’man. Even with cookies, there’s only a 50 percent success rate but at a cheaper CPM. “Today, we’re going to have a higher CPM but a much higher strike rate and thus, a better ROI.”
While self-regulation is a must, G’man argues that “the internet is fundamentally decentralised”—while it’s good to see industry initiatives such as the IAB Tech Lab’s Project Rearc, the dialogue needs to involve all relevant stakeholders. A framework that encourages equal collaboration and encompasses all voices from outside the industry is key.
The industry has admittedly been hard at work, but during both pre- and post-GDPR, no industry codes of conduct have been approved by regulators to date. This doesn’t mean that efforts are hopeless, as codes of conduct still have a place in ensuring that the industry is holding itself accountable. This will only become increasingly more important as frameworks crop up around the world, often without regard for the technical implications of what’s being demanded of businesses. In light of that, it’s important that the industry is one step ahead, protecting their consumers and users’ rights and already self-regulating.
Marketing is not on a collision course with law, consumer opportunity, and marketing opportunities. As G’man puts it, “our existing system of value exchange is simply under a test that simply needs to be revised”.
Hardbound copies of the two-volume global legal compendium are available for purchase on (Volume 1, Volume 2). PDF versions can be requested (for free of charge as a member!) from IAA and GALA directly. As marketers navigate the new realities of the digital landscape, we highly recommend that you give it a read!