SlideShare a Scribd company logo

The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represents UK advertisers

Johnny Ryan
Johnny Ryan

The document discusses how brands can stay safe from GDPR risk. It notes that brands face risk from holding non-compliant first-party personal data or buying personal data from other sources. It also discusses risk from buying behavioral ads online, which requires sharing personal data with many partners. The document then provides diagrams illustrating how real-time bidding works in programmatic advertising and where data leakage can occur. It emphasizes that contracts are needed between controllers and processors to ensure compliance. Overall, the document aims to educate brands on GDPR risks in online advertising and how to pressure ad tech partners to use non-personal data to eliminate risk.

Marketing
1 of 45
Download to read offline
HOW BRANDS STAY SAFE FROM GDPR RISK. johnny@pagefair.com Dr Johnny Ryan PageFair
Risk to BRANDS
Holding first-party personal data that are now non-compliant1 Risk (brands)
Buying personal data (directly or indirectly identifiable) from other sources to augment profiles BROKER 2 Holding first-party personal data that are now non-compliant1 Risk (brands)
Buying behavioural ads online, which currently requires the sharing of personal data with countless partners. 3 Buying personal data (directly or indirectly identifiable) from other sources to augment profiles BROKER 2 Holding first-party personal data that are now non-compliant1 Risk (brands)
How RTB/ programatic works
/// Visitor Site Brand $
/// Visitor Site SSP DSP DMP Brand $ “Demand side”“Supply side” Ad Exchange
/// Visitor Site SSP Ad Exchange DSP DMP request segment deliver segment Brand $ store data “Demand side”“Supply side”
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request segment ad request cookie to SSP deliver segment Ad request Brand $ store data “Demand side”“Supply side”
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad deliver segment Ad request Brand $ store data “Demand side”“Supply side”
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
The Daily Bugle 1. Page loads. 2. What ad should we show this user?
The Daily Bugle ExchangeExchange Exchange Exchange 1. Page loads. 2. What ad should we show this user? 3. Send details of user to ad exchange(s) to solicit bids from advertisers
The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP
The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
The Daily Bugle ADVERTISEMENT ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DMPDSP DMP DMP DSP ? ? ? ? ? ? ? ?
DATA LEAKAGE
Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP W inningbid DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Channel of data leakage Personal data Legend Money DATA LEAKAGE
/// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
“Controller” “Processor” “Processor” “Processor” contract contract contract Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller GDPR requires a chain of accountability
All potentially liable! The Courts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court, and can take the regulator to court for inaction. Supervisory Authority /// /// Visitor Site SSP Ad Exchange DSP DMP Brand $
We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Text links to tool for withdrawing consent. 
 Article 7, paragraph 3. Text links to tool to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. 
 Article 13, para 1, a, b, and e. A (probably non-compliant) GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand for product offers
We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Thinking of yourself as a visitor to websites, what would you select if shown this message? 79% 21%
Please allow your browsing habits on our sites to be shared with We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months Might GDPR consent requests actually look like this? [Consortium] and its participants duration “Ad choices”
Please allow your browsing habits on our sites to be shared with Open ID participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months [Ad exchange] [Ad exchange] [DMP] [DMP] [DSP] [DSP] [Verification vendor] i i i i i i i [Consortium] and its participants Each controller. and categories of processors. Might GDPR consent requests actually look like this?
51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200%
51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200% Can not deny access Article 7(2) prohibits conditionality.
3%46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? 1st party tracking on a website 3rd party tracking on a website 23% 0% 100% 200% No YesYes, if denied access to the site otherwise
3% 3%32%65% 46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No Yes, if denied access to the site otherwise Yes 1st party tracking on a website 3rd party tracking on a website Tracking by any party, anywhere on the web 23% 0% 100% 200%
Needs “opt-in” consent, but user has little incentive to agree 4 Needs “opt-in” consent, and may get it 3 Can show an “opt-out” before using data 2 Out of scope of Regulation if business is modified 1 Already out of scope of the Regulation 0 GDPR scale (digital advertising) 5 Needs “opt-in” consent, but is unable to communicate with users
5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Facebook Audience Network • WhatsApp advertising (see assumption 1) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1 and 2) • Instagram ads (see assumption 1) 1 Out of scope of the regulation, if business is modified. 0 Already out of scope of the regulation. Assumption 2. GDPR Article 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR, Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. GDPR scale: FACEBOOK Assumption 1. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Most personalized AdWords ads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross-device tracking), “customer match”, “remarketing” (see assumption 1) • Gmail ads • Programmatic services (DoubleClick) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • Location targeting in Maps (see assumption 2) 1 Out of scope of the regulation, if business is modified. • AdWords (if all personalized features are removed) on Google properties including Search, Youtube, Maps 0 Already out of scope of the regulation. • “Placement-targeted” ads on Google properties. Assumption 1. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google may be able to further process their data for other purposes. GDPR scale: GOOGLE Assumption 2. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% 32% 32% 21% 12% 4% Not at all To a small degree Moderately Highly Very highly
Not at all How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% To a small degree Moderately Highly Very highly How concerned are you about your online behaviour being tracked? 5% 7% 21% 35% 32% 32% 32% 21% 12% 4%
Consent is meaningless, unless it is enforceable NEED TO PREVENT RISK OF DATA LEAKAGE //
2. DIGITAL ETHICS 1. ENFORCEMENT The Answer? +
Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY Ads (Ethical Data)Ads (Conventional Data) Personal Data Non-personal Data
Ads (Ethical Data)Ads (Conventional Data) Fossil Fuel Renewable Energy Personal Data Non-personal Data N20 C02 Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY
Ads (Ethical Data)Ads (Conventional Data) Fossil Fuel Fossil Fuel powered Classic Cars Renewable Energy Personal Data Ads (Conventional Data) Personal Data with Consent and Enforceable Protection Non-personal Data N20 C02 HYPER PREMIUM NICHE // Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY
Need to pressure ad tech partners. URGENCY FACTOR: PageFair has solved this - but few adtech or agency colleagues seem to care.
1. With or without consent, personal data are leaked and at risk in online ad system. 2. Brands are exposed. 3. Need to pressure ad tech to neutralise risk by leveraging non-personal data. johnny@pagefair.com Summary See PageFair.com/GDPR

Recommended

GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media
Johnny Ryan
 
GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech
Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park.
Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR
Johnny Ryan
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back.
Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Johnny Ryan
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)
Johnny Ryan
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
Johnny Ryan
 

Recommended

GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media GDPR, ePrivacy Regulation, consent, and online media
GDPR, ePrivacy Regulation, consent, and online media
Johnny Ryan
 
GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech GLG webcast impact of GDPR on ad tech
GLG webcast impact of GDPR on ad tech
Johnny Ryan
 
Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park. Deck at GDPR Summit at Croke Park.
Deck at GDPR Summit at Croke Park.
Johnny Ryan
 
Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR Deck for Chardan conference call on ePrivacy and GDPR
Deck for Chardan conference call on ePrivacy and GDPR
Johnny Ryan
 
Tech stole your audience. Take it back.
Tech stole your audience. Take it back. Tech stole your audience. Take it back.
Tech stole your audience. Take it back.
Johnny Ryan
 
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Slides from PageFair presentation in Athens, GDPR for Marketers Conference, 1...
Johnny Ryan
 
Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)Ethical digital marketing (Trinity College Dublin)
Ethical digital marketing (Trinity College Dublin)
Johnny Ryan
 
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
GDPR solution for websites and apps. Digital Content Next (DCN) webinar, Apri...
Johnny Ryan
 
Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
Gerry L. H.
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data Collection
PaulDonahue16
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
Raghu KLN
 
Advanced Affiliate Program Management
Advanced Affiliate Program ManagementAdvanced Affiliate Program Management
Advanced Affiliate Program Management
Evgenii Prussakov
 
Advanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & AnalysisAdvanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & Analysis
Affiliate Summit
 
Privacy Controversy
Privacy ControversyPrivacy Controversy
Privacy Controversy
AlyssaVanDurme
 
Get Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPRGet Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPR
emmersons1
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
Hannah Flynn
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
CMassociates
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking PerformanceGed Carroll
 
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's NextThe Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
Splash
 
The Ad Quality Conundrum
The Ad Quality ConundrumThe Ad Quality Conundrum
The Ad Quality Conundrum
Conversant, Inc.
 
White Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without CookiesWhite Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without Cookies
Gigya
 
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
Tealium
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
Visitor Analytics
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
Dan Brookman
 
CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
Johnny Ryan
 

More Related Content

Similar to The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represents UK advertisers

Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
Johnny Ryan
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
Gerry L. H.
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data Collection
PaulDonahue16
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
Raghu KLN
 
Advanced Affiliate Program Management
Advanced Affiliate Program ManagementAdvanced Affiliate Program Management
Advanced Affiliate Program Management
Evgenii Prussakov
 
Advanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & AnalysisAdvanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & Analysis
Affiliate Summit
 
Privacy Controversy
Privacy ControversyPrivacy Controversy
Privacy Controversy
AlyssaVanDurme
 
Get Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPRGet Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPR
emmersons1
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
TrustArc
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
Hannah Flynn
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
CMassociates
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking PerformanceGed Carroll
 
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's NextThe Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
Splash
 
The Ad Quality Conundrum
The Ad Quality ConundrumThe Ad Quality Conundrum
The Ad Quality Conundrum
Conversant, Inc.
 
White Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without CookiesWhite Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without Cookies
Gigya
 
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
Tealium
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
Visitor Analytics
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
Dan Brookman
 

Similar to The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represents UK advertisers (20)

Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech Talk to Norwegian CMOs about the folly of adtech
Talk to Norwegian CMOs about the folly of adtech
 
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
Johnny Ryan PageFair slide deck from SIINDA (search industry trade body) conf...
 
Criteo CCPA project
Criteo CCPA project Criteo CCPA project
Criteo CCPA project
 
Everything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data CollectionEverything You Need To Know About First-Party Data Collection
Everything You Need To Know About First-Party Data Collection
 
The Comprehensive story of Universal IDs
The Comprehensive story of Universal IDsThe Comprehensive story of Universal IDs
The Comprehensive story of Universal IDs
 
Advanced Affiliate Program Management
Advanced Affiliate Program ManagementAdvanced Affiliate Program Management
Advanced Affiliate Program Management
 
Advanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & AnalysisAdvanced Affiliate Program Management & Analysis
Advanced Affiliate Program Management & Analysis
 
Privacy Controversy
Privacy ControversyPrivacy Controversy
Privacy Controversy
 
Get Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPRGet Advertising Smart - Transforming Customer Relationships with the GDPR
Get Advertising Smart - Transforming Customer Relationships with the GDPR
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
 
Cookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing ImpactCookies, FLoC & GDPR: Marketing Impact
Cookies, FLoC & GDPR: Marketing Impact
 
081118 - Tracking Performance
081118 - Tracking Performance081118 - Tracking Performance
081118 - Tracking Performance
 
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's NextThe Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
The Post-GDPR World for Event Marketers: What Happened, What We Did, What's Next
 
The Ad Quality Conundrum
The Ad Quality ConundrumThe Ad Quality Conundrum
The Ad Quality Conundrum
 
White Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without CookiesWhite Paper: Marketing in a World without Cookies
White Paper: Marketing in a World without Cookies
 
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
[Webinar] How the Cookie Crumbled: Preparing for a Time without Third-Party C...
 
Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...Shift from GDPR readiness to sustained compliance to improve your business an...
Shift from GDPR readiness to sustained compliance to improve your business an...
 
GDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to KnowGDPR's Impact on Social Media - Everything You Need to Know
GDPR's Impact on Social Media - Everything You Need to Know
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 

More from Johnny Ryan

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
Johnny Ryan
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
Johnny Ryan
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
Johnny Ryan
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
Johnny Ryan
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
Johnny Ryan
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
Johnny Ryan
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
Johnny Ryan
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Johnny Ryan
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
Johnny Ryan
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
Johnny Ryan
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Johnny Ryan
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
Johnny Ryan
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
Johnny Ryan
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
Johnny Ryan
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
Johnny Ryan
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
Johnny Ryan
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
Johnny Ryan
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Johnny Ryan
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Johnny Ryan
 

More from Johnny Ryan (20)

CPDP 2022
CPDP 2022CPDP 2022
CPDP 2022
 
Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020 Brief presentation to UCD 17 December 2020
Brief presentation to UCD 17 December 2020
 
Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020Presentation to world news publishers, November 2020
Presentation to world news publishers, November 2020
 
Ofcom briefing
Ofcom briefing Ofcom briefing
Ofcom briefing
 
Kryptonite, neglected
Kryptonite, neglected Kryptonite, neglected
Kryptonite, neglected
 
Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019Judiciary Committee Senate staffer briefing 8 September 2019
Judiciary Committee Senate staffer briefing 8 September 2019
 
Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力Brave2020報告書:データ保護当局の執行能力
Brave2020報告書:データ保護当局の執行能力
 
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing Talk at IAPP London May 2020: Competition, and why the GDPR is failing
Talk at IAPP London May 2020: Competition, and why the GDPR is failing
 
Presentation at CPDP
Presentation at CPDP Presentation at CPDP
Presentation at CPDP
 
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
Johnny Ryan, Presentation at Data Protection Leadership Day, Arthur Cox Solic...
 
Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...Purpose limitation in data protection law as a protection against "cascading ...
Purpose limitation in data protection law as a protection against "cascading ...
 
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event. Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
Briefing on adtech, RTB, and the GDPR at dmexco Brave event.
 
Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers Briefing for World Federation of Advertisers Media Buyers
Briefing for World Federation of Advertisers Media Buyers
 
IVIR summer school slides
IVIR summer school slidesIVIR summer school slides
IVIR summer school slides
 
Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association Presentation to ANFO, Norwegian Advertisers Association
Presentation to ANFO, Norwegian Advertisers Association
 
Presentation to FTC technology taskforce
Presentation to FTC technology taskforce Presentation to FTC technology taskforce
Presentation to FTC technology taskforce
 
Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC. Discussion starter at Future of Privacy Forum in Washington, DC.
Discussion starter at Future of Privacy Forum in Washington, DC.
 
Presentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European CommissionPresentation to European Political Strategy Centre at the European Commission
Presentation to European Political Strategy Centre at the European Commission
 
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
Quick 10 minute overview of RTB problems to be fixed at ICO stakeholders' ses...
 
Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019Presentation at UK Direct Marketing Association Data Protection Conference 2019
Presentation at UK Direct Marketing Association Data Protection Conference 2019
 

Recently uploaded

SEO Master Class - Steve Wiideman, Wiideman Consulting Group
SEO Master Class - Steve Wiideman, Wiideman Consulting GroupSEO Master Class - Steve Wiideman, Wiideman Consulting Group
SEO Master Class - Steve Wiideman, Wiideman Consulting Group
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Top 3 Ways to Align Sales and Marketing Teams for Rapid Growth
Top 3 Ways to Align Sales and Marketing Teams for Rapid GrowthTop 3 Ways to Align Sales and Marketing Teams for Rapid Growth
Top 3 Ways to Align Sales and Marketing Teams for Rapid Growth
Demandbase
 
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny LeibrandtThe New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
How to Run Landing Page Tests On and Off Paid Social Platforms
How to Run Landing Page Tests On and Off Paid Social PlatformsHow to Run Landing Page Tests On and Off Paid Social Platforms
How to Run Landing Page Tests On and Off Paid Social Platforms
VWO
 
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Winning local SEO in the Age of AI - Dennis Yu
Winning local SEO in the Age of AI - Dennis YuWinning local SEO in the Age of AI - Dennis Yu
Winning local SEO in the Age of AI - Dennis Yu
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Core Web Vitals SEO Workshop - improve your performance [pdf]
Core Web Vitals SEO Workshop - improve your performance [pdf]Core Web Vitals SEO Workshop - improve your performance [pdf]
Core Web Vitals SEO Workshop - improve your performance [pdf]
Peter Mead
 
The What, Why & How of 3D and AR in Digital Commerce
The What, Why & How of 3D and AR in Digital CommerceThe What, Why & How of 3D and AR in Digital Commerce
The What, Why & How of 3D and AR in Digital Commerce
PushON Ltd
 
May 2024 - VBOUT Partners Meeting Group Session
May 2024 - VBOUT Partners Meeting Group SessionMay 2024 - VBOUT Partners Meeting Group Session
May 2024 - VBOUT Partners Meeting Group Session
Vbout.com
 
BLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
BLOOM_May2024 (r). Balmer Lawrie Online Monthly BulletinBLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
BLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
BalmerLawrie
 
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny LeibrandtThe New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Email Marketing Master Class - Chris Ferris
Email Marketing Master Class - Chris FerrisEmail Marketing Master Class - Chris Ferris
Email Marketing Master Class - Chris Ferris
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel BussiusYour Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
DMF Portfolio Piece Smart Goals - Artist Management.docx
DMF Portfolio Piece Smart Goals - Artist Management.docxDMF Portfolio Piece Smart Goals - Artist Management.docx
DMF Portfolio Piece Smart Goals - Artist Management.docx
TravisMalana
 
How to Use AI to Write a High-Quality Article that Ranks
How to Use AI to Write a High-Quality Article that RanksHow to Use AI to Write a High-Quality Article that Ranks
How to Use AI to Write a High-Quality Article that Ranks
minatamang0021
 
Monthly Social Media News Update May 2024
Monthly Social Media News Update May 2024Monthly Social Media News Update May 2024
Monthly Social Media News Update May 2024
Andy Lambert
 
ThinkNow 2024 Consumer Financial Wellness Report
ThinkNow 2024 Consumer Financial Wellness ReportThinkNow 2024 Consumer Financial Wellness Report
ThinkNow 2024 Consumer Financial Wellness Report
ThinkNow
 
SMM Cheap - No. 1 SMM panel in the world
SMM Cheap - No. 1 SMM panel in the worldSMM Cheap - No. 1 SMM panel in the world
SMM Cheap - No. 1 SMM panel in the world
smmpanel567
 
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
DigiMarCon - Digital Marketing, Media and Advertising Conferences & Exhibitions
 
15 ideas and frameworks on the art of storytelling
15 ideas and frameworks on the art of storytelling15 ideas and frameworks on the art of storytelling
15 ideas and frameworks on the art of storytelling
Aatir Abdul Rauf
 

Recently uploaded (20)

SEO Master Class - Steve Wiideman, Wiideman Consulting Group
SEO Master Class - Steve Wiideman, Wiideman Consulting GroupSEO Master Class - Steve Wiideman, Wiideman Consulting Group
SEO Master Class - Steve Wiideman, Wiideman Consulting Group
 
Top 3 Ways to Align Sales and Marketing Teams for Rapid Growth
Top 3 Ways to Align Sales and Marketing Teams for Rapid GrowthTop 3 Ways to Align Sales and Marketing Teams for Rapid Growth
Top 3 Ways to Align Sales and Marketing Teams for Rapid Growth
 
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny LeibrandtThe New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
 
How to Run Landing Page Tests On and Off Paid Social Platforms
How to Run Landing Page Tests On and Off Paid Social PlatformsHow to Run Landing Page Tests On and Off Paid Social Platforms
How to Run Landing Page Tests On and Off Paid Social Platforms
 
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
Your Path to Profits - The Game-Changing Power of a Marketing OS for Your Bus...
 
Winning local SEO in the Age of AI - Dennis Yu
Winning local SEO in the Age of AI - Dennis YuWinning local SEO in the Age of AI - Dennis Yu
Winning local SEO in the Age of AI - Dennis Yu
 
Core Web Vitals SEO Workshop - improve your performance [pdf]
Core Web Vitals SEO Workshop - improve your performance [pdf]Core Web Vitals SEO Workshop - improve your performance [pdf]
Core Web Vitals SEO Workshop - improve your performance [pdf]
 
The What, Why & How of 3D and AR in Digital Commerce
The What, Why & How of 3D and AR in Digital CommerceThe What, Why & How of 3D and AR in Digital Commerce
The What, Why & How of 3D and AR in Digital Commerce
 
May 2024 - VBOUT Partners Meeting Group Session
May 2024 - VBOUT Partners Meeting Group SessionMay 2024 - VBOUT Partners Meeting Group Session
May 2024 - VBOUT Partners Meeting Group Session
 
BLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
BLOOM_May2024 (r). Balmer Lawrie Online Monthly BulletinBLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
BLOOM_May2024 (r). Balmer Lawrie Online Monthly Bulletin
 
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny LeibrandtThe New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
The New Era Of SEO - How AI Has Changed SEO Forever - Danny Leibrandt
 
Email Marketing Master Class - Chris Ferris
Email Marketing Master Class - Chris FerrisEmail Marketing Master Class - Chris Ferris
Email Marketing Master Class - Chris Ferris
 
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel BussiusYour Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
Your Path to Profits - The Game-Changing Power of a Marketing - Daniel Bussius
 
DMF Portfolio Piece Smart Goals - Artist Management.docx
DMF Portfolio Piece Smart Goals - Artist Management.docxDMF Portfolio Piece Smart Goals - Artist Management.docx
DMF Portfolio Piece Smart Goals - Artist Management.docx
 
How to Use AI to Write a High-Quality Article that Ranks
How to Use AI to Write a High-Quality Article that RanksHow to Use AI to Write a High-Quality Article that Ranks
How to Use AI to Write a High-Quality Article that Ranks
 
Monthly Social Media News Update May 2024
Monthly Social Media News Update May 2024Monthly Social Media News Update May 2024
Monthly Social Media News Update May 2024
 
ThinkNow 2024 Consumer Financial Wellness Report
ThinkNow 2024 Consumer Financial Wellness ReportThinkNow 2024 Consumer Financial Wellness Report
ThinkNow 2024 Consumer Financial Wellness Report
 
SMM Cheap - No. 1 SMM panel in the world
SMM Cheap - No. 1 SMM panel in the worldSMM Cheap - No. 1 SMM panel in the world
SMM Cheap - No. 1 SMM panel in the world
 
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
Unknown to Unforgettable - The Art and Science to Being Irresistible on Camer...
 
15 ideas and frameworks on the art of storytelling
15 ideas and frameworks on the art of storytelling15 ideas and frameworks on the art of storytelling
15 ideas and frameworks on the art of storytelling
 

The GDPR Risk to Brands. Presentation at ISBA, the UK trade body that represents UK advertisers

  • 1. HOW BRANDS STAY SAFE FROM GDPR RISK. johnny@pagefair.com Dr Johnny Ryan PageFair
  • 3. Holding first-party personal data that are now non-compliant1 Risk (brands)
  • 4. Buying personal data (directly or indirectly identifiable) from other sources to augment profiles BROKER 2 Holding first-party personal data that are now non-compliant1 Risk (brands)
  • 5. Buying behavioural ads online, which currently requires the sharing of personal data with countless partners. 3 Buying personal data (directly or indirectly identifiable) from other sources to augment profiles BROKER 2 Holding first-party personal data that are now non-compliant1 Risk (brands)
  • 8. /// Visitor Site SSP DSP DMP Brand $ “Demand side”“Supply side” Ad Exchange
  • 9. /// Visitor Site SSP Ad Exchange DSP DMP request segment deliver segment Brand $ store data “Demand side”“Supply side”
  • 10. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request segment ad request cookie to SSP deliver segment Ad request Brand $ store data “Demand side”“Supply side”
  • 11. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad deliver segment Ad request Brand $ store data “Demand side”“Supply side”
  • 12. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
  • 13. The Daily Bugle 1. Page loads. 2. What ad should we show this user?
  • 14. The Daily Bugle ExchangeExchange Exchange Exchange 1. Page loads. 2. What ad should we show this user? 3. Send details of user to ad exchange(s) to solicit bids from advertisers
  • 16. The Daily Bugle ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
  • 17. The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP
  • 18. The Daily Bugle Exchange Exchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
  • 19. The Daily Bugle ADVERTISEMENT ExchangeExchange Exchange Exchange DSP DMP DSP DMP DSP DMP DSP DMP DSPDMP DSPDMP DSPDMP DMP DSP DMPDSP DMP DMP DSP ? ? ? ? ? ? ? ?
  • 20.
  • 22. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor ADVERTISERS website.com AD DMP DMP DMP DMP DMP DMP DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP W inningbid DSP Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Channel of data leakage Personal data Legend Money DATA LEAKAGE
  • 23. /// Visitor Site SSP Ad Exchange DSP DMP serve page request page request bid request segment ad request cookie to SSP deliver ad sync deliver segment sync Ad request Brand $ store data “Demand side”“Supply side”
  • 24. “Controller” “Processor” “Processor” “Processor” contract contract contract Contracts required that determine the following: • the nature of processing and its duration, • the obligations of the “controller”, • and a guarantee that the “processor” handles the data only as dictated by documented instructions from the controller GDPR requires a chain of accountability
  • 25. All potentially liable! The Courts Multiple controllers and processors “involved in the same processing” can each be held liable for damages awarded in a case. A person can complain to the regulator, and at the same time go to court, and can take the regulator to court for inaction. Supervisory Authority /// /// Visitor Site SSP Ad Exchange DSP DMP Brand $
  • 26. We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Purpose of processing, and notification of profiling. Article 13, para 1, c, and para 2, f. Duration Article 13, para 2, a. Text links to tool for withdrawing consent. 
 Article 7, paragraph 3. Text links to tool to complain to supervisory authority, and to access, correct, and transfer data, etc. 
 Article 13, para 2, b, c, and d. Can say no Recital 42. Details of recipients and categories of recipients. Text links to contact details of the controller and their data protection officer. 
 Article 13, para 1, a, b, and e. A (probably non-compliant) GDPR CONSENT REQUEST Scenario: a website requests consent to share data with a brand for product offers
  • 27. We would like to share your browsing habits on our site with Brand Name and their analytics partners, to understand what offers may be of interest to you. These data will be deleted after 6 months. You can withdraw permission at any time in My Data. Learn more? Pop-up Dialog OKNo Thinking of yourself as a visitor to websites, what would you select if shown this message? 79% 21%
  • 28. Please allow your browsing habits on our sites to be shared with We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months Might GDPR consent requests actually look like this? [Consortium] and its participants duration “Ad choices”
  • 29. Please allow your browsing habits on our sites to be shared with Open ID participants We will then be able to identify offers that are more interesting to you, and process business transactions with our partners. (Alternatively, we will use generic ads, which might be less interesting to you.) You can cancel at any time by clicking the icon on any ad. Learn more about your data. Help us keep Example.com profitable OKNo OK 6 months 12 months [Ad exchange] [Ad exchange] [DMP] [DMP] [DSP] [DSP] [Verification vendor] i i i i i i i [Consortium] and its participants Each controller. and categories of processors. Might GDPR consent requests actually look like this?
  • 30. 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200%
  • 31. 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No YesYes, if denied access to the site otherwise 1st party tracking on a website 23% 0% 100% 200% Can not deny access Article 7(2) prohibits conditionality.
  • 32. 3%46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? 1st party tracking on a website 3rd party tracking on a website 23% 0% 100% 200% No YesYes, if denied access to the site otherwise
  • 33. 3% 3%32%65% 46% 51% 64%13% Do you believe that users will opt-in to tracking for the purposes of advertising? No Yes, if denied access to the site otherwise Yes 1st party tracking on a website 3rd party tracking on a website Tracking by any party, anywhere on the web 23% 0% 100% 200%
  • 34. Needs “opt-in” consent, but user has little incentive to agree 4 Needs “opt-in” consent, and may get it 3 Can show an “opt-out” before using data 2 Out of scope of Regulation if business is modified 1 Already out of scope of the Regulation 0 GDPR scale (digital advertising) 5 Needs “opt-in” consent, but is unable to communicate with users
  • 35. 5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Facebook Audience Network • WhatsApp advertising (see assumption 1) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • NewsFeed ads (based only on personal data with no “special” personal data (e.g. ethnicity, political opinion, religious or philosophical beliefs, sexual orientation), unless marked “public” or visible to “friends of friends” (see assumptions 1 and 2) • Instagram ads (see assumption 1) 1 Out of scope of the regulation, if business is modified. 0 Already out of scope of the regulation. Assumption 2. GDPR Article 6, paragraph 4, c, indicates a higher bar for “special categories of personal data” that reveal race, ethnicity, political opinion, religious or philosophical beliefs, trade union membership, or related to a data subject’s sex life or sexual orientation. However, this does not apply if the data have been “manifestly made public by the data subject” (GDPR, Article 9, paragraph 2, (e)). This may mean that the publicity settings that a user places on their post will prevent or enable those posts to be mined for advertising. GDPR scale: FACEBOOK Assumption 1. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
  • 36. 5 Needs “opt-in” consent, but is unable to communicate with users 4 Needs “opt-in” consent, but user has little incentive to agree • Most personalized AdWords ads on Google properties including Search, Youtube, Maps, and the Google Network (including “remarketing”,“affinity audiences” , “in-market audiences”, “demographic targeting”, "similar audiences”, “Floodlight” cross-device tracking), “customer match”, “remarketing” (see assumption 1) • Gmail ads • Programmatic services (DoubleClick) 3 Needs “opt-in” consent, and may get it 2 Can show an “opt-out” before using data • Location targeting in Maps (see assumption 2) 1 Out of scope of the regulation, if business is modified. • AdWords (if all personalized features are removed) on Google properties including Search, Youtube, Maps 0 Already out of scope of the regulation. • “Placement-targeted” ads on Google properties. Assumption 1. That the average user does not “sign in” to Google Search or Chrome. If, however, users did sign in then Google may be able to further process their data for other purposes. GDPR scale: GOOGLE Assumption 2. That the use of personal data to target advertising will be accepted as a “compatible” purpose with the original purpose for which personal data were shared by users, under GDPR Article 6, paragraph 4. GDPR Recital 61 says that if the further processing is compatible then the company must alert the data subject that it is using their data for this further purpose before it starts processing. GDPR Article 21, paragraph 2 and 3 say that the data subject must be alerted about their right to object to their data being used for direct marketing, and can do so at any time. GDPR Recital 70 says this alert should be presented clearly and separately from any other information. However, the Article 29 Working Party’s opinion on purpose limitation notes that among the various things that the compatibility assessment must consider are “the impact of the further processing on the data subjects”.
  • 37. How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% 32% 32% 21% 12% 4% Not at all To a small degree Moderately Highly Very highly
  • 38. Not at all How confident are you that the average user will click ‘OK’ to share data with other companies? 0% 100% 200% To a small degree Moderately Highly Very highly How concerned are you about your online behaviour being tracked? 5% 7% 21% 35% 32% 32% 32% 21% 12% 4%
  • 39. Consent is meaningless, unless it is enforceable NEED TO PREVENT RISK OF DATA LEAKAGE //
  • 40. 2. DIGITAL ETHICS 1. ENFORCEMENT The Answer? +
  • 41. Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY Ads (Ethical Data)Ads (Conventional Data) Personal Data Non-personal Data
  • 42. Ads (Ethical Data)Ads (Conventional Data) Fossil Fuel Renewable Energy Personal Data Non-personal Data N20 C02 Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY
  • 43. Ads (Ethical Data)Ads (Conventional Data) Fossil Fuel Fossil Fuel powered Classic Cars Renewable Energy Personal Data Ads (Conventional Data) Personal Data with Consent and Enforceable Protection Non-personal Data N20 C02 HYPER PREMIUM NICHE // Regulatory disincentive OLD INDUSTRY Regulatory incentive NEW CLEAN INDUSTRY
  • 44. Need to pressure ad tech partners. URGENCY FACTOR: PageFair has solved this - but few adtech or agency colleagues seem to care.
  • 45. 1. With or without consent, personal data are leaked and at risk in online ad system. 2. Brands are exposed. 3. Need to pressure ad tech to neutralise risk by leveraging non-personal data. johnny@pagefair.com Summary See PageFair.com/GDPR