Privacy: The Investment We Should All Be Making Today

Most will recall the enforcement of the GDPR back in May 2018 and admit that, as an industry, we were scrambling until the final days to align on the minimum requirements to avoid fines. A handful of vendors even left it to the day before the deadline to confirm whether they’d be on the IAB’s TCF, reflecting how reactive we all were to such a transformative change.

More than a necessary evil

I think this is indicative of much of the industry’s approach to privacy at nearly every turn. An inconvenience, a headache, a necessary evil that comes with digital monetisation. It is, unfortunately in advertising, often an afterthought. It’s part of the reason why we’ve seen suboptimal consent collection practices, rampant data leakage, and action taken from European regulators more recently. Frustratingly, it’s also partly why big technologies can so easily weaponise privacy and frame the open web and the average publisher as nefarious operators. We don't do ourselves a great degree of favours.

But despite the comprehensive challenges, it does present new opportunities for innovation, and I think we are starting to see this already.

For example, when you’re required to make it as easy for a customer to not provide consent as it is for them to provide it (which is a challenge many publishers are currently required to address), some have realised that this offers an opportunity to rethink the relationship between their content, the customer, and technology. Small but meaningful design changes and alterations to the user journey can have disproportionately positive impacts on customers’ openness to sharing data. And most of these changes are likely only scratching the surface of how we could transform things long-term.

I think that comparing traditional publishers with big tech is often unhelpful as they are fundamentally different businesses, but one thing we could all learn from them is the effective story they tell around privacy and what it means to them. Whether we agree with their view or indeed believe its authenticity is irrelevant. Privacy is placed front and center of Apple’s marketing efforts, and it is a thread that is tirelessly woven through every new product release. The core message of privacy is even espoused by their most senior leaders.

"Privacy is a fundamental human right. It’s also one of our core values" - Apple

But why hasn't the industry cared?

So why haven’t most of us given privacy the scrutiny and rigor it deserves?

One simple word: incentive. Even following the birth of GDPR, the vast majority of publisher inventory has been consented and fully monetizable. Additionally, at a time when we are being bombarded with industry shifts and changes, strategic planning around privacy has had few people’s headspace to occupy. This is understandable, but I would make two important points. Firstly, this will change.

There is a growing number of advertisers, albeit a modest number so far, assessing the publishers they work with based on their data collection and processing practices. It's not totally unreasonable to suggest that there is a future world in which things like limiting how many technologies process your users’ data and vetting when and how they interact with your site will become table stakes. Advertisers could conceivably come to expect a certain degree of standards on this before trading with a media owner.

I believe the narrative around privacy and regulatory action suggests that data provenance with respect to publishers will become an area of increased importance and scrutiny for the brands who need to care about who they are associated with.

Secondly, think of privacy as a point of potential differentiation. While others are caught up in the details of only today’s problems (which are substantial), you as a publisher can gain strategic advantage by giving privacy at least some of your thought too. This should go beyond short focus on what needs to be done right now to stay on the right side of the law.

There is a lot of talk currently about the premium web and what quality even means. Among things like ad density, supply chain transparency, and quality of content, I think it must include a media owner’s approach to user privacy. Regardless of how wonderful our content and ad experience is, if we’re not building foundations around data usage that will genuinely meet the requirements of the law and the changing guidance, then the word “premium” will become hollow.

Your website is a shop window for your data privacy practices. If you’re doing bad stuff, then people will see it. And if advertisers really start paying attention to this, they'll separate the good from the bad incredibly easily. I think there are few, if any, who are vastly ahead of the pack here. This is empowering and motivating for us all.

Things we can do today

So what can we do today that means we’re in better shape for tomorrow? I’ll start with five suggestions:

1. Create a privacy roadmap. We all do this for products, so why not approach privacy in the same way? What are the things you’d like to test from small to big? What are your metrics? Is it something your ad ops team can do themselves, or will it require some dev work? A roadmap gives you direction so you can be sure of not only what you’re doing but the direction that it’s taking you. This leads to point number two.
2. Identify a Privacy North Star. This is linked to the first point, but thinking about what a “best in class publisher” would look like when it comes to data usage is a useful way to reflect on what you could set out to achieve. Sure, where there is data, there is risk, but if you can identify how things look two years from now, then much of the roadmap naturally falls into place. Be ambitious and embrace the blue sky thinking. It doesn't matter if you never fully reach that utopian destination. If we’re saying that privacy in ad tech is fundamentally broken, then your North Star should be a step change from what you do today. Advertisers will be very receptive to thought leadership here.
3. Make it somebody’s business to be your go-to privacy guru. Someone who can connect the dots between the broad themes around privacy and regulation with the commercial nuances of your business. They can be an advocate and thought leader, driving your business to a better place.
4. Ensure your marketing and advertising teams are working towards the same goal. I mentioned this in last week’s post, but a disjointed consent journey is bad for your customers and bad for your business, not least of all because you won’t be positioned to move with the growth in “authenticated” or “addressable” advertising solutions. If you don’t get clear as an organisation on what the holistic consent strategy is and how this manifests for the customer, then at best you won’t be agile to leverage emerging data technologies, and at worst, you could expose yourself to legal action and very unsatisfied customers.
5. Lean on your tech partners. Leverage the resources and capabilities that your best partners have. If privacy is a problem for you, then it’s an opportunity for them, and bringing together your publisher expertise with their technical and buy side knowledge could lead to some great things.

I'd love to hear your thoughts on how your organisation is handling privacy whether your publisher, advertiser or tech side? What strategies have been successful for you? And how important really is privacy to your organisation right now? (Maybe just DM me on that one if its damming)