CANNES — From May 2018, strict new regulations governing how companies can handle European citizens’ data will pose a challenge to everyone who handles customer or audience data.

Amongst other stipulations, the European Commission’s General Data Protection Regulation (GDPR) measures include:

  • tighter consent conditions for the collection of citizens’ data.
  • consumers can instruct companies to stop processing their data.
  • automated decision-making and profiling decisions must be made clear.
  • consumers can request decisioning by automated processes be stopped and handled by a human instead.
  • they have the right to request an explanation of automated decision-making.
  • they can request free access, rectification and deletion of data.

The measures apply to any global company processing EU citizens’ data, with penalties of up to 4% of global turnover. Steps data handling and data processing companies should take include conducting risk assessments, appointing data protection officers and overhauling policies and systems.

So, with less than a year ticking on the compliance clock, how are advertisers and their agencies responding to the new regimen?

At a panel debate convened with Beet.TV, four agency data executives said GDPR compliance was a big deal, but they framed privacy regulation in the context of consumer aversion to “creepy” ad tactics generally…

IPG Mediabrands chief data and marketing technology officer Arun Kumar:

“There are a couple of things (clients) probably miss on… an understanding that there is a true impact of what many of these regulations are, and how the EU and the US are not necessarily going to be in sync.

“(Clients) are not at the point where they’re willing to have a conversation around, ‘If someone’s giving me data, what am I giving in exchange?’ It’s going to get harder to justify bombarding consumers with impressions that they don’t need, just because you know who they are. Less is more. That is a far more fundamental shift that has the come – privacy is one part of it.”

GroupM North America CEO Brian Lesser

“We have more conversations about how advertising can be relevant engaging without being creepy… there very rarely is (a breach of privacy). Part of our job as agencies is to ensure clients don’t find themselves getting sued for breaching privacy laws.

“Privacy is not an issue for our clients so much as following the law; that’s never been an issue – it’s more about … using data for good to make the consumer experience better.”

Dentsu Aegis Network product and innovation president Doug Ray

“If we use some insight about an audience to personalise a communication … the trust is there because you’re using the data in a way that there’s a value exchange.

“As we start to use data across more parts of the agency and client, there’s an education that has to happen, so that people that haven’t necessarily been handling data previously and are now having data conversations know the implications and are trained on how to handle that data or send an email without being in breach.”

Hearts & Science CEO Scott Hagedorn:

“I think clients should own all their own ad-tech contracts, agencies should operate them, and they should be fully transparent.”

This video is from The Mastercard Automated Advertising Panel at Cannes Lions 2017. For more from the series, please visit this page.