Just under a month until the European Union’s General Data Protection Regulations (GDPR) come into force, trade bodies representing publishers on either side of the Atlantic have co-signed an open letter to Google which questions “the legality or fairness” of its proposed compliance policies for use of its DoubleClick tools.
DoubleClick announced a policy change that will classify itself as a “data controller”, thus limiting its ability to share data generated through the use its suite of adtech tools – namely DoubleClick for Publishers (DFP), Ad Exchange, AdMob and AdSense – effectively passing liability to obtain user consent on to its publisher customers.
“You are not required to seek consent for a user’s activity on Google’s sites (we obtain that ourselves when users visit our sites). We are asking only that you seek consent for your uses of our ads products on your properties,” reads the policy.
However, in an open letter dated April 30, publishers have raised concerns over the fairness and legality of the timing of this, citing concerns over the timing of the announcement, as well as other changes it will impose upon those using the adtech stack.
“Your proposal severely falls short on many levels and seems to lay out a framework more concerned with protecting your existing business model in a manner that would undermine the fundamental purposes of the GDPR and the efforts of publishers to comply with the letter and spirit of the law,” it reads.
“You decide how and when that data may be made available to others and do not provide any details about how the data will be used by Google."
Addressed directly to Google chief Sundhar Pichai, the letter is co-signed by the leaders of trade bodies: Digital Content Next, European Publishers Council, News Media Alliance and News Media Association. The five-page letter further asks several questions on behalf of its members, which can be read in full here, but below is a brief summary of the questions trade bodies are asking of Google.
1. What specific activities does Google undertake that would make it a “controller” under the GDPR?
2. Given that you announced just recently a solution for serving “non-personalized” ads, we would appreciate further clarification.
3. With regard to any of Google’s services used by publishers, will you be explicit about the purposes for which Google requires consent from end-users?
4. Your proposal notes that Google will not serve ads on sites with consent mechanisms that do not meet your criteria. Do you envision a one-size-fits-all approach? Will you implement a warning system for publishers you deem out of compliance?
6. How would a publisher use your services to serve advertising without triggering the need for obtaining consumer consent?
7. If publishers decide to utilize an industry-wide consent management platform, how could Google’s services be integrated?
The flare-up comes just days after AdExchanger reported that Google likewise had cited GDPR as a reason for imposing new restrictions on how media buyers can pull data from DoubleClick that will affect their ability to measure campaign performance across platforms.