As the deadline for compliance with the EU’s General Data Protection Regulations (GDPR) draws ever closer, publishers and adtech players are urged to ensure their supply chain partners meet requirements, with both PageFair and AppNexus recently launching offerings that look to enable this.
Earlier this week PageFair announced the launch of Perimeter, a self-styled “regulatory firewall” that will enable publishers to monetise their websites without the use of personal data by blocking all non-compliant third parties from entering the adtech chain, circumventing the need for individual adtech players to gain consent.
For instance, when publishers install PageFair Perimeter on their properties it will block adtech that uses unique identifiers without the consent of the consumer. Meanwhile, adtech vendors that use “ethical data” – non-personal data – will be whitelisted.
This GDPR-friendly tool enables: frequency capping; attribution; impression counting, click counting; view-through counting; conversion counting; and fraud mitigation, all without personal data.
Perimeter has been in development for two years and also works to fix the challenges associated with third party data leakage which will become illegal under GDPR, according to Pagefair.
To do this, it blocks all third parties from accessing personal data unless both publisher and consumer have given their consent, in theory protecting both the publisher and advertiser from legal risk.
Additionally, the tool provides publishers with a ‘consent system’ which will allow them to collect consent on behalf of their adtech partners, and interoperate that consent with other compliant consent management platforms.
Blanchfield said: “We built Perimeter to enable all media owners to operate within a clean and ethical data/media industry that prevents brands from being exposed to risk under the GDPR, and enables relevant advertising to sustain the online media industry”.
The initiative comes just weeks after AppNexus, an adtech outfit that has offerings catered to the buy- and sell-side of the market, introduced a new role dedicated to helping its partners shift their business models around upcoming regulatory requirements.
The role, as vice-president of strategic and regulatory affairs, was filled by Uli Hegge, formerly vice-president of strategic market development for AppNexus in Germany, Austria and Switzerland.
It will see Hegge both support the company’s efforts to be compliant in new regulations – chiefly the European Union’s GDPR and the ePrivacy Directive – while also helping its partners create compliant business models, in recognition of the “lack of clarity” from regulators over how the rules affect individual players, Hegge told The Drum.
While legal and technical teams within businesses are already "advanced" on GDPR compliance, how the new rule book will affect their sales and business process is as yet unclear, Hegge said. As such, his role will be focused on helping develop business models for AppNexus’ partners that are compliant with new regulation.
However, regulators and legislators across Europe have failed to provide the industry with a full set of requirements on how GDPR will be interpreted, according to Hegge.
"You can read quite a few interpretations into the law as it is out there today, we don't have many common notes on it coming from regulators and legislators," Hegge bemoaned – a common theme among the industry.
There are two key areas of GDPR, consent and "legitimate interest", that directly affect adtech players, but guidance on these topics remains "unclear", Hegge said.
The UK's regulator, the Information Commissioner's Office (ICO), has delayed the publication of its final guidance – originally pledged to be published in June – until 'early 2018' as it waits for the Article 29 Working Party of European Data Protection Authorities (WP29) to agree on its Europe-wide consent guidelines. The regulator published further guidance on legitimate interest this month, however final guidance has also been pushed back to 2018.
This means an adtech company with an existing consent solution – or one that is currently in progress – has to work in an “environment of uncertainty”, since whatever it implements now may be contradicted by the final guidance, IAB UK's head of policy and regulatory affairs, Yves Schwarzbart told The Drum.
This air of uncertainty is a "pan-European question mark", Hegge asserted.
AppNexus' approach is to err on the side of caution. Hegge believes there is an argument to be made by publishers that they have 'legitimate interest' to support their business with advertising, therefore the adtech shop is taking a "conservative approach" to its GDPR preparations in the possibility that broad consent is required.
"Whatever kind of consent is needed, if you are prepared for the most extensive one, that's fine, then you can scale back. On the other hand, if you would be caught out without any proper learning and the tech isn’t in place – this shouldn’t happen," he said.
To support its partners and the wider industry with GDPR, the company will provide an open source tool to help players achieve compliance, conceptualise what the user experience will look like, plus how the rules will influence the way advertising is traded.
"We want to put that into the hands of our partners to learn and be prepared for any scenario that comes up," Hegge said.