Major publishing groups air concerns about Google’s proposed GDPR strategy.
Four major publisher trade groups have said that Google’s GDPR compliance plan will force media companies to shoulder an unfair burden in terms of ensuring the regulation is adhered to from 25 May.
Publishers address Pichai
In an open letter to CEO Sundar Pichai published on 30 April, the four trade associations criticised the scale of work they would need to do in order to continue using Google’s advertising services in the EU, as well as the effect the plans would have on adtech vendors themselves.
The groups behind the letter are Digital Content Next, the European Publishers Council, News Media Alliance and the News Media Association. Members of the group read as a ‘who’s who’ of digital media outlets – The New York Times, Bloomberg, Reuters and AP are just a handful of titles, publishers and agencies represented by the groups.
Google accused of last-minute announcements
The groups criticised the timing of Google’s announcement of its GDPR plans in March. They wrote: “As the major provider of digital advertising services to publishers, we find it especially troubling that you would wait until the last minute before the GDPR comes into force to announce these terms, as publishers have now little time to assess the legality or fairness of your proposal and how best to consider its impact on their own GDPR compliance plans, which have been underway for a long time.”
Google outlined its plans on its AdWords blog on 22 March and it is this same proposal that publishers believe burdens the media with the bulk of compliance responsibilities.
In essence, Google says publishers themselves are responsible for obtaining consent from EU visitors if Google ads are served on their sites. The publishers will also have to share that data with the tech giant, which will apparently use it to test algorithms, improve UX and ensure ad forecasting accuracy. Liability for GDPR violations will also reside with the publishers.
Many people believe that Google’s dominance in the online ecosystem allows them to dictate the terms of GDPR to suit its existing business model, but only intervention from GDPR regulators themselves is likely to enforce any change from the company itself.
Google views itself as a data controller, which determines the means and purposes for processing the personal data, while media firms want it to identify as a data processor in certain situations.
Working on a range of tools
Google told MarTechToday: “Guidance about the GDPR is that consent is required for personalised advertising. We have always asked publishers to get consent for the use of our adtech on their sites, and now we’re simply updating that requirement in line with the GDPR.
“Because we make decisions on data processing to help publishers optimise ad revenue, we will operate as a controller across our publisher products in line with GDPR requirements, but this designation does not give us any additional rights to their data. We’re working closely with our publisher partners and are committed to providing a range of tools to help them gather user consent.”
A rock and a hard place?
Fatemeh Khatibloo, an analyst at Forrester, told Ad Age: “The way they [Google] are handling it is on point, but that also puts pubs between a rock and a hard place. Publishers are on the hook to get consent, but they don’t have a ton of control over what Google does with their data after a user leaves their site. And that’s the problem.”
While publishers that are unhappy with the proposals from Google could move to other services, the latter’s network is unmatched in terms of size and scope, with more revenue opportunities.
This confusion points to a general trend around GDPR in terms of the differences in how the principles-based regulation is being interpreted by different organisations, enterprises and industries.
Google logo on its office in Mountain View, California. Image: JHVEPhoto/Shutterstock