The shifting winds of what can and cannot be done with online data are swirling about us. Nowhere does it appear like there is more of a tornado coming than at Facebook. In many respects, the company’s recent problems — from Facebook’s history-making single biggest day loss in market value, to data privacy concerns, to regulators from the EU and the United States railing against Facebook — are harbingers of what is to come.
And those aren’t the only signs. The company was also sued by the National Fair Housing Association for discriminatory housing ads; more recently, a complaint was filed by the U.S Housing and Urban Development. Then, the ACLU filed a complaint with the Equal Employment Opportunity Commission against Facebook and other employers for ads allegedly discriminating against job seekers.
What happens to Facebook is a true bellwether for regulatory and legal actions that will impact the tech companies collecting that data and the marketing and advertising companies that use it.
This new focus by regulators, and demand by consumers for data privacy, has already prompted many companies to begin reforming their ways. While many believe that this is good for the consumer, this can also present serious problems for companies that have based validating advertising campaigns and assets on hiding location and demographic collection in apps and/or buying wireless location data from third parties.
Unfortunately, for the vast majority of those in the advertising industry that are using these two validation techniques, the corporate wave of change is already negatively impacting them and will continue to negatively impact them by requiring them to find new ways to validate the efficacy of and target their advertisements. For example, Verizon and AT&T already stated that they are making changes to how (and whether) they sell their consumers’ location data to third-party companies, and Apple is now removing apps that share users’ location data with third parties without their consent from the app store.
What does this mean for other companies? If your advertising solution relies on companies that are themselves completely out of step with the consumer data privacy times, you might get blown over. Make sure that the companies you deal with take consumer privacy seriously (and are GDPR compliant) by having them answer all of your questions. Specifically, I recommend you ask:
• Does the company have a specific person named as its Data Privacy Officer? While the title might vary, GDPR requires a specific person to be responsible for GDPR compliance.
• Is the company using cameras to track people? While there’s no regulation on this in the U.S. yet, the High Court of the Netherlands recently ruled that permission is required for cameras in advertising like billboards.
• From where is the company pulling its data? Many companies have relied upon software development kits to get consumer information without consumers realizing what is happening.
• How does the company transmit data and to whom? Aggregated and anonymous data is GDPR’s gold standard.
• Who has certified the company’s data privacy policies? I recommend (and had our data privacy policies certified by) the Privacy Shield Framework, a joint certification between the United States, European Union and Swiss governments.
The data collection, advertising and marketing technology industries are all on the cusp of serious and wide-ranging changes. It is important that all of us who work in these industries pay attention to what is happening, develop new methods to validate the efficacy of and target advertisements, and realize that consumer data approaches we have been taking for the past decades need to change.