UK marketers are uneasy with how third-parties, including media agencies and tech providers, treat their data, and are largely in the dark as to who is ultimately responsible for implementing data privacy rules, despite upcoming data protection reform across the EU, according to research.

Uniform data protection laws are due to be implemented across the EU member states within 12 months, but a research study of over 170 senior-level brand-side marketers, conducted by YouGov and commissioned by Adform, reveals widespread confusion over the responsibilities of all companies involved in the digital advertising industry.

The survey revealed that 74.6% of those surveyed agreed that it is important to protect their company’s marketing data against misuse, 11% said this is "not yet important, but gaining in importance", meanwhile 7.5% said this is "not important", and 6.9% had no opinion.

However, when asked to highlight which technology providers they consider threats to advertisers (in terms of selling on advertisers’ online marketing data), 60.1% respondents said they felt threatened by UK technology providers, 44.5% said US technology providers and 43.4% said European technology providers (32.4% said none of these).

Meanwhile, almost one third (33%) of respondents thought the advertiser (i.e. brand) should be held accountable for data privacy and protection, thus responsible for the handling of online marketing data, while 20.8% said it was the responsibility of technology vendors, and 16.8% said media agencies should be accountable. It is also worth noting that 29.5% of those surveyed said they "did not know".

Commenting on the research, Martin Stockfleth-Larsen, Adform, CMO, (pictured right) said: “It was surprising to find that 20% more respondents felt more threatened by UK technology vendors than they do US vendors. We constantly hear about US companies exploiting data, like when Verizon used zombie cookies, their clients included big US tech media platforms.

“When we conducted similar research in Germany, results showed respondents were more threatened by US tech vendors than EU vendors, interesting differences in perception.”

The research also revealed that 13.3% of respondents said that the current UK data protection and privacy legislation "makes it difficult for advertisers to realise the full potential of data-driven marketing", while 42.2% disagreed, and 44.5% said they "don’t know".

Stockfleth-Larsen added: “There are some slightly worrying stats  – 41% responded with ‘I don’t know’ to a question asking if current UK data protection and privacy legislation strikes a good balance between consumer rights and commercial interests. I find that quite disconcerting and it tells me that some senior marketing decision makers really need to educate themselves about data legislation."

Legislation pending

Existing EU data privacy guidelines date back to 1995 and are currently under review, with proposals outlined in the 2012 EU Data Protection document currently under review by individual government data protection bodies across the continent’s 28 member states.

These bodies are due to agree a pan-European set of laws – the current guidelines mean they differ slightly across EU member states – next year.

Under the existing directive, the 'data controller' (i.e. whoever owns the data) is solely responsible for the protection of data, but the EU promises to achieve: “a level-playing field”. Under the new proposals, any company or individual who processes this data will also be responsible for its protection, including third parties.

The EU document reads: “The Commission will look into the growing importance of online players that provide similar or equivalent services to traditional communication services.”

Earlier studies shared with ExchangeWire demonstrated that consumer concerns are at an all-time high when it comes to data privacy driven in the main by ‘hacking scandals’, such as those highlighted by Edward Snowden’s disclosures of widespread government snooping.

Consumer privacy groups have been buoyed by such disclosures, with many calling on major clampdowns on how online companies monetise such data, with many in government publicly agreeing with said calls.

Nick Stringer, IAB, head of regulatory affairs (pictured left), has looked into the EU proposals at length, and led the drive to educate the industry over compliance with data privacy rules, as well as initiatives to educate consumers as to the industry’s practices in a move to allay concerns over how their online behaviour is monetised.

Stringer told ExchangeWire that it is clearly the responsibility of every company in the digital media sector to adhere to any existing, or prospective, privacy rules but adds that he can understand the confusion that currently pervades the industry.

Commenting on the widespread confusion among marketers exposed in Adform’s study, he added: “The levels of uncertainty are to be expected as across Europe, given that policy is still being drafted at a European level. The conclusions of the draft documents, and proposals are not expected until next year. Come that time, it will be four years in the making, and in the meantime people have businesses to run.”

Speaking with ExchangeWire, he said: “We’re not against legislation per se, but there has to be a balance struck between privacy and enterprise, and the legislation needs to be proportionate,” added Stringer.