Take-outs from the Data Protection Congress 2019

The launch of the Privacy 2030 manifesto inspired by Giovanni Buttarelli

More than 2,200 privacy professionals descended on Brussels last week for the annual Data Protection Congress of the International Association of Privacy Professionals (IAPP). It’s an event that grows exponentially every year as privacy issues continue to rise in importance for companies across the globe.

Here are my 3 key take-outs:

1. Online advertising is firmly in the privacy spotlight

Advertising (or, more specifically, ad tech) was a running theme throughout the conference.

In the opening session, renowned academic Alessandro Acquisti laid out a fairly damning economic analysis, rebutting many of the claims made by the online advertising industry that targeted ads make a significant contribution to both the economy and consumers.

The conference also saw the launch of a new manifesto ‘Privacy 2030: A new vision for Europe’, a brilliant and thought-provoking tribute to the late European Data Protection Supervisor Giovanni Buttarelli, which acknowledges the “intense scrutiny” now being placed on “surveillance capitalism” and describes the industry as being “saturated with thousands of intermediaries, most of whom have no direct contact with publishers, advertisers or customers.”

In the wake of the GDPR fines handed out to Google for the way they collect data for personalised advertising, ongoing investigations into ad tech being led by the data protection authority in the UK and question marks over the future of tracking technologies such as cookies, this should come as no surprise to marketers.

The direction of travel is clear: the privacy practices of all parties in the digital advertising industry are and will continue to be under scrutiny in months and years to come.

“As with the financial system 10 years ago, a vacuum of accountability lies at the heart of the vast ad tech ecosystem” – Privacy 2030: A new vision for Europe, published by IAPP

 2. Cookies are a hot topic

There were several packed sessions on cookie compliance and IAPP attendees heard from everyone from the ICO to the European Commission about the different rules and approaches to ensuring privacy compliance for data collection based on cookies, pixels and other types of tracker.

WFA’s recent survey on how companies are adapting revealed that marketers and privacy professionals alike point to the immense complexity of the topic as the key challenge in developing compliance plans. This is in part caused by a confusing and evolving legal landscape, where data protection authorities across Europe are issuing guidance that differs on what ‘good’ compliance looks like, in some cases even contradicting each other.

In a world where digital marketing continues to be driven by data, advertisers can find themselves responsible for privacy compliance across a huge network of different agencies, suppliers, technology providers, vendors and other third parties – even if they don’t have a direct connection to all of them.

To find out more about how other companies are tackling this complex and challenging issue, download WFA’s member survey on privacy compliance for cookies, pixels and other types of tracker here.

Confused about cookie compliance? WFA’s recent member survey could help you benchmark your approach vs your peers – download a copy here.

3. The future is all about data ethics

Given the divergent views on the ‘correct’ way to implement GDPR, it’s clear that companies which take a purely legalistic approach to privacy will continue to face challenges as data protection authorities and courts seek to settle some of the complex questions surrounding GDPR implementation.

Responsible advertisers need to look beyond legal compliance and think about what is the ‘right thing to do’ when it comes to collecting and using people’s data. Looking at this question from an ethical perspective will be a crucial part of developing responsible data strategies in the future.

Members of WFA’s Data Ethics Board explored this in a panel at this year’s IAPP congress entitled ‘Data Ethics & Advertising’, using case studies where the use of data could be questioned as ‘unethical’.

The panel also talked about the importance of raising discussions about data ethics to the C-suite to ensure that messages are integrated ‘top down’ in organisations, and individual employees are empowered to call out practices which they feel don’t fit with the organisation’s ethical principles or values. The WFA Data Ethics Board will continue to work on these issues and will be developing practical guidance for companies in the coming months – watch this space!

Members of WFA’s Data Ethics Board discussed case studies on ethical and unethical uses of data for advertising at IAPP’s data protection congress in Brussels. Pictured left to right: Catherine Armitage, Director of Digital Policy, WFA; Jamie Barnard, Chair of WFA’s Data Ethics Board and General Counsel – Global Media, Marketing & eCommerce, Unilever; Teodora Pimpereva, Senior Privacy Counsel, Mastercard; Rob French, General Manager Data Privacy, Shell.