Home Data-Driven Thinking Most Ad Tech And Mar Tech Companies Should Stick To Data Processing

Most Ad Tech And Mar Tech Companies Should Stick To Data Processing

SHARE:

maciejzawadzinskiData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Maciej Zawadziński, CEO at Clearcode.

Control and security over customer data, especially personally identifiable information (PII), is a hot-button issue among advertising tech and marketing tech companies due to the wide array of regulations and stiff penalties for noncompliance.

Any company that touches customer data is labeled either as a data processor or data controller. On the surface, the distinction seems one of semantics, but in reality, the implications of being one or the other carries serious weight and potential consequences. For ad tech and mar tech companies, one is definitely more desirable than the other.

A data controller is a company that is responsible for adequate treatment of the data. It determines the purposes and processes for which any personal data are to be used or processed. A company that uses a marketing automation or ad retargeting tool, for example, could be considered a data controller.

A data processor serves as the intermediary between the data subject – the individual customer using the app or visiting the website – and the data controllers, which may also include tool or service providers, specialized analytics consultants or digital and media agencies that process data on behalf of the data controller.

Typically, marketing cloud vendors and providers of standalone ad tech and mar tech software-as-a-service (SaaS) solutions that store data, including PII, are considered data processors. This is because they don’t use the data for any purpose other than what is mandated by the data controller, their customer. They simply provide software for the data controller to use at its own discretion.

There are some situations where a B2B ad tech or mar tech company could be both a data controller and processor. For example, an email marketing software vendor used by brands to market to consumers is a data processor because it processes end-consumer data for its brand customers. If this email marketing software vendor were to also provide market research services to its brand customers using the same data, it would also be a data controller.

While data can be as valuable as physical currency for marketers and control over this data has many revenue-driving benefits, my take is that it’s more favorable and safe for ad tech and mar tech companies to hold as few data controller roles as possible and vigilantly not use collected data in any way that crosses into data controller territory. This is especially true for companies located in or have customers in the European Union, due to the recent EU data protection overhaul.

This is for a couple of reasons. First, data processors have fewer regulatory requirements than data controllers. These responsibilities concern the necessity to keep personal data secure from unauthorized access, disclosure, destruction or accidental loss.

Second, there are fewer legal liability risks attached to being categorized as a data processor versus a data controller. Under the new EU General Data Protection Regulation, “Data controllers could face more severe regulatory fines than data processors for failing to keep personal data appropriately secure.”

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Additionally, “If data processors are at fault for data breaches then it is the data controller who contracted with them who is on the hook for any noncompliance with data protection laws, although the data processor could be liable to the data controller under their contract.”

This isn’t to say that data processors are free of all responsibility. Ad tech and mar tech companies that are considered data processors should have a data processing agreement that they can sign with customers and should also assign a data protection officer to ensure they comply with all data processor obligations, regardless of what the letter of the law requires.

The regulatory framework along with definitions of data, PII, processing and controlling will likely continue to evolve. Most importantly, although there are often competing interests, risks and benefits, data processors and controllers should work together toward the same goal of ensuring all customer data is secure and used properly by all parties at all times.

Follow ClearCode (@clearcodehq) and AdExchanger (@adexchanger) on Twitter.

Must Read

Comic: Header Bidding Rapper (Wrapper!)

Prebid.org Is At A Crossroads, And Must Now Decide Whose Interests It Serves

Prebid’s future is up for grabs as the open-source project grows apart from the IAB Tech Lab, the industry’s self-appointed standards authority.

Rest In Privacy, Sandbox

Last week, after nearly six years of development and delays, Google officially retired its Privacy Sandbox.
Which means it’s time for a memorial service.

AWS Launches A Cloud Infrastructure Service For Ad Tech

AWS RTB Fabric offers ad tech platforms more streamlined integrations with ecosystem and infrastructure partners, allegedly lower latency compared to the public internet and discounts on data transfers.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Netflix Boasts Its Best Ad Sales Quarter Ever (Again)

In a livestreamed presentation to investors on Tuesday, co-CEO Greg Peters shared that Netflix had its “best ad sales quarter ever” in Q3, and more than doubled its upfront commitments for this year.

Comic: No One To Play With

Google Pulls The Plug On Topics, PAAPI And Other Major Privacy Sandbox APIs (As The CMA Says ‘Cheerio’)

Google’s aborted cookie crackdown ends with a quiet CMA sign-off and a sweeping phaseout of Privacy Sandbox technologies, from the Topics API to PAAPI.

The Trade Desk’s Auction Evolutions Bring High Drama To The Prebid Summit

TTD shared new details about OpenAds features that let publishers see for themselves whether it’s running a fair auction. But tension between TTD and Prebid hung over the event.