Google delay on ads standard for EU privacy law creates compliance mess
Google's delayed entry into a consortium of advertising technology companies has spoiled the members' push to comply with a new European privacy law, six people involved in the program told Reuters, leaving some firms exposed to fines.
Most at risk are unwitting owners of ad-funded websites and apps, which Google has said have the responsibility of getting consent to serve targeted ads to European consumers.
The experience shows how Google policy decisions cascade through the $200 billion global online advertising industry, which is dominated in most facets by the Alphabet Inc unit.
Data about a website visitor's identity can pass through a dozen ad tech firms before an ad is loaded, and each one must have user consent or another legal basis to access it under Europe's General Data Protection Regulation (GDPR).
Hundreds of ad tech firms launched software together a month before GDPR kicked in on May 25 to verify consent before displaying ads. Google announced on May 22 that it would not join the industry program until August.
Google devised a temporary solution that the people said has been imperfect. As a result, some of Google's advertising clients are targeting ads to users who have not given consent to personalized marketing.
Google declined to comment on possible policy violations, instead reiterating that GDPR “is a big change for everyone” and that it is working with partners on compliance. GDPR fines can reach as high as 4 percent of a firm's annual revenue.
Four ad tech executives said they are counting on deference from regulators until Google supports the consortium technology.
“Once Google adopts the consent framework, much of the confusion will start to settle down a bit,” said Walter Knapp, chief executive of ad software company Sovrn Holdings Inc.
Authorities in France and Germany said they have yet to investigate consent issues related to online ads. Financial and legal analysts said it is a matter of time. A crucial issue has involved Google's DoubleClick Bid Manager (DBM), which large advertisers use to purchase ad space from ad exchanges.
Many websites now present European visitors with pop-ups asking for consent to send identity data to exchanges and DBM as ad space with user information is far more valuable. The issue is that DBM cannot yet accept users' selections because it does not support the consortium standard.
Big exchanges such as AppNexus Inc and Rubicon Project Inc have worked around by guaranteeing that they will only offer ad space on DBM when users have consented.
Comments