News

Data privacy compliance: Value lies in earned trust and consent

2021-09-14. As countries ramp up privacy regulations, developing data privacy-compliant platforms will help publishers avoid hefty fines while rewarding them with users who trust them and will consent to letting their information be used for advertising and other purposes.

by WAN-IFRA External Contributor info@wan-ifra.org | September 14, 2021

By Josephine Tay 

During WAN-IFRA’s recent Digital Media Asia conference, Ian Hocking of the South China Morning Post and Raju Chellam, Chief Editor, AI Ethics & Governance Body of Knowledge, together with moderator Gabey Goh, discussed how privacy regulations are challenging digital advertising across Asia and what publishers can do to build audience trust.

“You are providing them with an environment and a platform in which they do trust and they want to give their consent and they see real value in,” said Hocking, VP for Digital at SCMP. “It’s an opportunity to put the user first in the way that you approach your platform. And it reminds you that you are in that service space, and you are trying to to build something that goes beyond simply a transaction into something that really has value for both of you.”

He added that when the European Union enforced the General Data Protection Regulation in 2018, “most people moved to legitimate interest, which enabled publishers to utilise user data as long as they opted in.” 

The regulation did not affect publishers as much as it did third-party intermediaries who were unable to get users to opt in, particularly those in the mobile space, he said.

Since then, users have become more aware of privacy issues as “we were actively educating users about how that data was being used,” Hocking said. “That meant that it put pressure on platforms and publishers to really shape up and deliver something that was much more privacy compliant.”

In the Asia Pacific region, 21 countries have endorsed the APEC Cross Border Privacy Regulations, which promotes responsible transfers of personally identifiable information and is “a powerful means of demonstrating dedication to protecting subscribers data,” said Raju Chellam, Chief Editor of the AI Ethics & Governance Body of Knowledge in Singapore.

The Body of Knowledge is a reference document developed with the expertise of industry professionals on the ethical aspects related to the development and deployment of AI technologies.

Guidelines for sharing sensitive data

Singapore’s Infocomm Media Development Authority has also established a Trusted Data Sharing Framework, which provides guidelines on the sharing of sensitive data.

Following the framework would act as “a mitigating factor in case there is a data breach because you have taken due diligence,” Chellam pointed out. “This is what we call a signature document, which a lot of countries are now considering to implement in their own economies.”

Breaching data privacy often means stiff fines and a loss of reputation, said Chellam.

In 2020, British Airways was fined £20 million for a data breach that affected more than 400,000 customers.

Since 2016, Singapore has also levied over S$2 million to companies including Singtel and SPH Magazines for data breaches.

Regulation over data privacy will increase as customer awareness increases, so publishers need to treat their customer data “as carefully as they treat their own personal data,” said Chellam.

Ethics under scrutiny

“Trust in your platform can only be so much if you don’t handle your customer data properly and social media can multiply all of your mistakes. Before you know it, you will become the laughing stock of the world and then advertisers will drop off, your circulation drops, your credibility drops, all because you didn’t handle somebody’s private data,” he said

Chellam added that ethics are particularly under scrutiny with artificial intelligence becoming ubiquitous. Many applications have AI embedded, which is not apparent to users, he said. 

As a Hong Kong-based news publication that reaches millions of worldwide audiences across the US, Europe and Asia, SCMP has to make its platform compliant with regulations across these regions.

The most difficult part, said Hocking, was “just getting going, giving everyone aligned to the standards you need to adhere to and starting that process.”

But once you actually get going, you find the process gets much easier, he said, although there will be obstacles.

He referred to Google’s recent announcement to extend the phase-out of third-party cookies in Chrome till the end of 2023.  

“We’ve spent so much time and effort to get ready, only to be disappointed that that effort is now not going to be rewarded by this great change for privacy for users,” said Hocking.

Managing third-party cookies phase-out

Nevertheless, organisations must still figure out how to move forward without third-party cookies as more platforms such as Apple’s Safari and Mozilla’s Firefox begin banning them.

As cookies will be unavailable in two years, it is not viable to build new solutions depending on cookies, Hocking said. 

SCMP and other publishers favour first-party cookies as they are persistent and not blocked by browsers, although cross-platform activation is hard to achieve, he said.

The majority of respondents are working on first-party cookie data to make the transition. “It does suggest that publishers are taking identity into their own hands and trying to come up with something independently that works better for them,” Hocking said. 

This could, however, cause more fragmentation, hindering scaled activation across the open web, he said.

“If we persist on this route of having first-party identifiers that people have invested in and hold strong value in, it is likely that we will see an age of walled gardens through more large-scale media owners like Yahoo!, New York Times and maybe even the South China Morning Post,” Hocking added. 

Time to start testing different solutions

Hocking said an ideal solution will be a universal ID that works in a similar way to the third-party cookie, but has improved security and improved user-defined controls for users to easily opt in and opt out. 

He urged media owners to look into three areas.

  • The first is customer data platforms that allow multiple data sources to unify an ID and use sophisticated machine learning to seed data into targetable audiences.
  • The second is consent-management platforms that allow the automation of consent management across different platforms, ensuring compliance with regulations in each country.
  • Finally, if there is plenty of data that can be matched with third parties, a data clean room would help to do so while adhering to privacy compliance. 

“If you want to reach out and talk to people in the open web or outside of your environment, then you need to be thinking about not one, but probably multiple other ID solutions,” Hocking said. “I really think that whatever happens over the next couple of years, it is really important for marketers to start to test different solutions, to figure out the relative qualities of them. I think be prepared to utilise multiple in the future.”

About the writer: Josephine Tay is a Singapore-based editor and producer with a passion for storytelling. Occasionally, she deviates from broadcast to dabble in publishing. She has been a media professional for 20 years.

WAN-IFRA External Contributor

info@wan-ifra.org

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap