The Rundown: Inside GroupM’s GDPR power play

The view from the publisher side is, to put it mildly, different. Many publishers are saying the agreement is far too vague and sweeping. Here’s what one publishing industry executive said about what’s really happening with this data-protection contract:

GDPR puts significant liability on the “controller” who has to have specific, informed consent for narrow purposes. These moves appear to be last-minute attempts to push liability on the publishers (controllers) in this instance, while at the same time allowing them to operate with status quo where they can capture data from each instance, and use it elsewhere on the web and with other clients to maximize their own profit and welfare. This is where advertisers should actually care, too. Ultimately, any intermediary between the advertisers and publisher is for the most part going to need to adjust to being a processor contractually liable to the data terms between the consumer and the controller.

A less technical take from a U.K. publisher: “It’s unreasonable, but it shows I think they have to try to use their scale to be unreasonable because they are hugely exposed. Publishers suddenly have a powerful position, but are not at WPP skill levels of when to be a gorilla!”

Most U.S. publishers have blown off the GDPR. It’s too bureaucratic, too European; they’ve got a quarter’s numbers to make. Google and Facebook have not blown off the GDPR. In the EU, regulators, legislators and government officials have long viewed the duopoly with skepticism. The obvious way for platforms and agencies to protect themselves is to try to pass liability to publishers. Whether this flies or not is an open question. More from a publishing source:

“[The GroupM data-protection contract] doesn’t spell out any restrictions on GroupM and its many divisions, or even whether they’ll function as a processor. No doubt they see nearly as much data as the publisher for any page containing one of their tags. I’m not sure where they plan to get consent for interest-based advertising, but that’s likely a legal gymnastics game for them with less risk if the publisher is liable.”

One interesting point that a couple publishers made: GroupM is sending these notices to fairly junior people in ad ops. That’s probably not a coincidence. “You can see how vague the language was, and it also revealed a pretty limited understanding of the issues presented by GDPR and future regulations,” said one publisher. “We are happy to pursue a two-way [agreement] with them and their clients, but it wouldn’t look like this. Finally, this was delivered to us in such an informal way that I have to think they were hoping some junior person would just sign the agreement.”

This publisher isn’t signing.