“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Dan Frechtling, CEO of Boltive.
Considering how much data moves through third parties in advertising, analytics and measurement, data sharing creates more liability than data theft. Many brands and publishers employ consent management platforms (CMPs). However, true compliance requires more than that.
Just as you’d run brand safety checks on digital campaigns, you’ll want to run privacy compliance checks on your data flows. One-third of signals used to transmit consent signals cause errors. That makes brands vulnerable to reputational and legal risks, even if the mistakes are unintentional.
Potential CMP pitfalls
When an auditing or enforcement body examines your company’s digital properties, they look at the results. Do your practices comply with regulations? Adopting a CMP is a good start. But CMPs must be configured correctly, and downstream parties must receive consent signals.
To ensure your CMP operates as expected, consider these three hazards.
1. CMP signal errors – According to Boltive data, 20% of CMP signals lapse when being transmitted to third parties. These technical issues mean when a user opts out of cookies and third-party tracking, personal information may still be transmitted.
2. Ad network errors – Interest-based advertising, or IBA, is a form of targeted advertising that depends on accurate signals between vendors. If signals break while being transmitted to demand-side platforms (DSPs) or supply-side platforms (SSPs), visitors who have opted out might be shown retargeted ads. Advertisers and publishers are still held accountable even if these breakdowns are unintentional.
3. Lack of time and expertise – The hardest part about data compliance is understanding what risks exist within your current advertising and data sharing practices. Privacy compliance is also often pushed to the bottom of a to-do list or tacked onto an employee’s job description just to tick a box, creating liability.
Comply with regulations and protect your reputation
Preliminary rulemaking under the California Privacy Rights Act (CPRA) suggests brands, agencies and publishers will be expected to ensure consent signals flow properly through the ad delivery chain in 2023.
Are you ready? Here are five ways to ensure compliance:
1. Revisit your opt-out strategy
To verify consent, ensure your consent management platform is handling opt-out and opt-in requests properly. Take the time to thoroughly assess your opt-out strategy from your consumer’s point of view and ask yourself these questions:
- Is it easy to understand?
- Is it easy to opt out?
- Does it cover all the ways you collect and use data?
- Does it work with all relevant third parties? (Very important!)
2. Review your data partners
You may know you’re doing everything to safeguard your data in-house, but can you say the same thing about your data partners?
Audit your ad tech partners to understand how they approach data privacy and be sure their practices don’t violate consumer rights. If necessary, switch to partners that take compliance and security as seriously as you do.
3. Align on data collection
Get close to your privacy team/person. If you don’t have one, hire one. Then, establish an open line of communication and get on the same page about data collection. Inspect tags, pixels, and network requests to identify unconsented data collection on page and in ads.
4. Put everything in writing
If you haven’t already, document your privacy program. Review it to make sure data inventory and data flows are up to date. Share this document with staff, partners and stakeholders to confirm you haven’t missed any data journeys within your marketing campaigns and assets.
5. Audit regularly
You shouldn’t take a “one and done” approach to your data privacy program. With five new state privacy laws taking effect in 2023, and several more in process, the landscape is evolving. In some cases, you must audit yourself and vendors.
For example, you should perform regular tests to verify targeting and be certain that your IBA authentically acts on opt-in/opt-out signals to prevent noncompliant retargeting.
Why building better consumer relationships matters
According to the 2022 Adobe Trust Report, 68% of customers will stop buying from companies if their data preferences are disrespected. New privacy laws aren’t here to harm businesses; they’re a response to protect consumers.
Customer safety and satisfaction are already at the heart of decision-making for businesses throughout the US. As you optimize your marketing plans for reach, frequency and targeting, remember to optimize for privacy as well.
Follow Boltive on LinkedIn and AdExchanger (@adexchanger) on Twitter.