Privacy Questions Brands and Advertisers Need to Ask Adtech Partners

There's a continuous wave of news showcasing how top brands struggle to meet evolving consumer privacy laws. On October 24,  we saw this from Meta as the New York State Attorney General (AG), alongside a bipartisan coalition of 32 AGs, filed a federal lawsuit against the company for designing and deploying harmful features to addict children and teenagers, as well as collecting personal data of children under the age of 13 without previously informing and obtaining parental consent. And just a few weeks ahead of that was a newscycle around X Corp. failing to manage data privacy requirements.

These recent, but not limited, examples represent a glaring reality: brands and advertisers need to be reassured that the data and platforms they use uphold the strictest privacy and security regulations. Our industry is writing a critical chapter, where consumer security and defense are top-of-mind. Entities that fail to meet evolving requirements will be fined heavily (just look at Meta's  wild $1.3 billion dollar fine), or will crumble and go extinct.

These examples show what can happen to large platforms - but the onus doesn't fall solely on the shoulders of those companies. Agencies, brands and marketers also have a responsibility to ensure their campaigns use strategies and technologies that are in-line with regulations. With the landscape changing all the time, here's a look at the top things brands and marketers need to ask their platform partners.

It's more important than ever for platform partners to ‘show the receipts’, and be able to make clear the actionable steps they've taken to assure data compliance. Right off the bat, brands and advertisers should ask if their vendor partners collect, use, and share personal data - and if so, what safeguards are in place to protect that data from unauthorized access. Additionally, find out if they give consumers control over their personal data, including the ability to opt out of data collection and targeting.

Another nuanced approach to identifying data and privacy compliance is found in how the company prioritizes staff. In reality, keeping up-to-date with all regulation changes and managing the rollout of new procedures is a full time job. If we look at the recent X Corp. news, some of the compliance issues came about simply because layoffs and other "cost-cutting" measures effectively eliminated that job function at the company. The key takeaway here is, companies in our space need to dedicate proper resources to maintain compliance. If your partners willingly choose to not monitor this area and bolster their workforce's ability to maintain compliance, it's worth asking them why.

The responses to these questions are critical, and will clearly note if that's a vendor partner you should continue working with. We recommend going a step further, and asking:

• How do you comply with the GDPR's consent requirements?
• How do you help marketers comply with the CCPA's right to know, right to delete, and right to opt-out requests?
• How do you monitor and track other states' specific data privacy regulations
• What steps do you take to minimize the collection of sensitive data?
• How do you protect personal data from being transferred to countries with inadequate privacy laws?
• What procedures do you have in place to detect and respond to data breaches?

By asking questions like these, brands and advertisers will have a better understanding of what their partners are committed to. The responses represent how they're navigating constant regulation changes, and it will reveal the level of commitment they have for protecting consumer's privacy.

Another key ‘metric’ for understanding your adtech partners' commitment to data compliance is around industry privacy organizations. There are several entities and protocols designed to help the advertising industry quickly adapt to changing regulatory expectations around the globe. For example, the Global Privacy Platform (GPP) is a protocol developed by IAB Tech Lab that streamlines the transmission of privacy, consent, and consumer choice signals from sites and apps to ad tech providers.

Additionally, IAB's Transparency and Consent Framework (TCF) is a standardized means for online advertisers and marketers of communicating the state of user consent between first parties, third parties and the consent management system in use on the first party's website. Essentially, publishers can select vendors from a list that have enrolled in the Framework. The consent state of the user is stored in a first-party cookie in the user's browser, and shared down the advertisement chain of information in the IAB Framework.

While there are many organizations focused on data compliance regulations, it's safe to say that if your current partners aren't part of GPP or TCF, they are already falling behind.

While the largest ad platforms (including Google, Meta, Amazon) are  forecasted to own 65% of net digital ad revenue in the United States - it might be more impactful to diversify where ad spend goes, at least until these recurring data compliance issues are addressed.

We're not saying the largest platforms won't deliver against specific campaign goals, but it's worth considering where your budgets go and if your partners hold a strong compliance track record that aligns with your own. Another thing to consider is regulation bodies mainly focus on larger companies; therefore the ads running on them are more heavily scrutinized. It's also common, and well known, that large platforms struggle to make quick adjustments when they have issues.

Regardless of the constantly changing regulations, brands and advertisers need to ensure their partners are committed to industry standards and protocols, and are well-equipped to monitor and incorporate all updates. By asking the right questions, and being willing to diversify where ad spend goes, brands and advertisers will be positioned to meet campaign goals all while working with partners who are committed to protecting consumer privacy.