88% of digital advertisers “unknowingly sharing data before user has given consent”

A murky supply chain means advertisers are vulnerable to huge regulatory fines and reputational costs, even if they have strong internal data privacy measures.

Many companies are in breach of European, US and international data protection laws without knowing it, according to new research released today.

The study comes from Compliant, a new compliance technology company for digital marketing, which helps brands and publishers monitor, measure, and benchmark privacy compliance across their digital media supply chain.

The study reveals:

  • While 92% of European publishers now operate a CMP, 81% are still passing data before user consent has been received.
  • The average European publisher site contains 27 piggybacked tags. These are third-party tags that are making data calls but are often not authorised or placed within the site by the domain owner.
  • The average number of data resellers within a European publisher’s site has dropped considerably since GDPR was enacted, however some brand sites still contain up to 18 different data resellers.
  • While 91% of European advertisers now employ CMPs on their owned and operated sites, 88% of them are installed incorrectly, so data is passing before consent is received and exposing brands to even greater regulator risk.

A shift in regulatory enforcement means that compliance failures are being met with aggressive fines. More than €1.7bn in GDPR fines have been levied since its launch in 2017, with fines rising 40% in 2020/21.

The focus has shifted from large platforms onto advertisers and publishers. Beyond fines, data breaches have additional costs such as forensic investigations, external legal fees, improved security measures, lost data, and reputational damage.

“Companies have limited visibility of the intermediaries operating on or through their websites”

On launch, Compliant has published its first report – Data Privacy: The Compliance Illusion – summarising the results from the Compliant 2022 audit of the world’s top websites.

The company uses a proprietary Data Safety Index and automated monitoring of digital media supply chains to audit advertiser and publisher sites,

The Compliant senior leadership team includes Elliot Bell (ex-Facebook), Magid Souhami (ex-P&G), and Jamie Barnard, who recently left his role as General Counsel for Global Marketing and Media at Unilever to join Compliant as CEO.

Commenting on the launch, Jamie Barnard, CEO Compliant stated: “The lack of transparency in the digital media supply chain means that companies have limited visibility of the intermediaries operating on or through their websites, making the ongoing detection and management of unlawful and unethical data practises a significant challenge.

“Our 2022 audit report, Data Privacy: The Compliance Illusion, is the largest evaluation of digital marketing compliance ever undertaken, covering over 86% of all European web traffic. The results are a wake-up call for the industry, with brands and publishers exposing themselves to regulatory and reputational risk. Current market solutions are not fit for purpose. Automating privacy compliance with an always on platform is the only viable option.”