"It Is Better To Be The Hammer Than The Anvil"
August 19, 2019Emily Dickinson’s observation is increasingly relevant to the advertising community these days, as various governments enforce highly restrictive new privacy laws and put forward a broad array of privacy proposals. These sweeping new data privacy laws and regulations are in effect here and overseas, and they are significantly impacting the marketplace. Let’s begin with a look at the EU.
Europe’s General Data Protection Regulation (GDPR)
European Union members have aggressively enforced the GDPR since it took effect in May 2018. They have imposed substantial fines on various entities, as shown by this sampling of targets – large and small – that governments already have gone after:
- Austria: small, local business (€4,800)
- Germany: social media / chat platform (€20,000)
- Portugal: hospital near Lisbon (€400,000)
- France: Google (€50,000,000)
- Denmark: taxi company (1.2M DKK)
- Poland: data processor (€220,000)
- Lithuania: MisterTango UAB (€61,500)
- Spain: soccer league (€250,000)
- United Kingdom: British Airways (£183,000,000)
- United Kingdom: Marriott (£99,200,396)
Obviously, these fines cut across a broad array of business sectors – transportation, hospitality, health care, even sports. Enterprises of all sizes and kinds have faced penalties.
If anyone believes that restrictive privacy rules don’t substantially affect the marketplace, think again. In the last 15 months since the GDPR went into force, the volume of programmatic advertising in the EU dropped between 25 and 40 percent across exchanges. The publisher’s side of the industry also was hit hard, with more than 1,000 U.S.-based publishers blocking access to their content, in part because of the inability to profitably run advertising in the EU. In addition, many small businesses and startups chose to leave the European market to avoid high compliance costs and potential fines.
Here in the United States
Legislators and regulators are also very busy fostering privacy proposals in the United States, too. I’ve written recently about the California Consumer Privacy Act (CCPA) and its potentially harmful effects on consumers and businesses.
The Federal Trade Commission (FTC) also has gone after a number of companies charging them with serious privacy violations. Just a couple of weeks ago, for example, the FTC fined Facebook $5 billion for violating a prior consent agreement with the Commission. The FTC found that Facebook repeatedly misrepresented the extent to which users could control the privacy of their data. This is by far the largest penalty ever imposed on any company for violating consumers’ privacy, and it is one of the largest penalties ever assessed by the U.S. government for any violation. The Facebook fine is almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide. The FTC’s action also imposed unprecedented new restrictions on Facebook’s business operations and created multiple new compliance obligations.
It’s Hammer Time!
Though some critics, citing Facebook’s market value, decried the FTC penalty as a “slap on the wrist,” and others have said that the EU isn’t doing enough to enforce the GDPR, it’s clear that it’s a whole new day in the privacy arena. The hammers are coming down! Marketers must take notice of the rapidly changing regulatory environment and comply with a host of rules that are already, or will soon be, in effect.
While Emily Dickinson is right that it is better to be a hammer than an anvil, it is even better to be the blacksmith. This is why ANA is working hard through the Privacy for America coalition to hammer out a comprehensive national privacy proposal that will create uniform strong enforceable privacy rights throughout the U.S. Through this blog, we will continue to keep you up to date on all these privacy developments.
In the meantime, as advertisers move forward with compliance activities, they should take some reassurance from another quote from Dickinson: “One step at a time is all it takes to get you there.”