2019, thus far, has been a tumultuous year within the European advertising ecosystem with wide-reaching copyright directives and the looming, yet turgid, prospect of Brexit. There are also uncertain times ahead within global data policy, with the upcoming EU ePrivacy Regulation coupled with remaining uncertainty within organisations as to who is responsible for data protection.

ExchangeWire speaks with Finn Raben (pictured below), director general of ESOMAR, for insight into how organisations can navigate through these turbulent waters.

ExchangeWire: As alluded to in the 2018 ESOMAR ‘Who Owns the Data’ report, there is still a broad confusion within organisations as to who is responsible for both ownership and protection of data. How significant is this problem?

Finn Raben: The two most significant challenges are: 1) that 68% of those interviewed for the ‘Who Owns the Data’ report believe that once data is collected, it is the property of the company, not the data subject (which is at odds with the numerous rights a data subject has, as enshrined in the GDPR), after all, collecting the data is only the first step; and 2) the role most frequently identified as being responsible for the data within a company is the IT function – a function which does not have the legacy of data ethics that a market research or insights team would.

These two points do need to be addressed within companies in order to ensure that their messaging around data responsibility (both internally and externally), is truly 'fit for purpose'.

What is ESOMAR’s position on the upcoming ePrivacy Regulation? How do you suspect advertisers and publishers will respond?

Finn Raben, Director General, ESOMAR

ESOMAR’s position on the ePrivacy regulation is essentially that there are two sorts of cookies: 1) cookies that make the internet function, but don’t necessarily contain personal information – for example bookmarks and contrast measures; and 2) cookies that do store personal information and potentially track you. The issue is essentially which of these two sorts of cookies should be allowed to operate without requiring consent. ESOMAR’s view is that the former should be allowed to work in that fashion, and that the latter category, when attached to bona fide research programmes in which no personal data is collected without consent, should also be allowed to work. An example of this would be online audience measurement, which is, for example, a key metric for public service broadcasters to secure funding from public bodies.

We suspect advertisers and publishers will want a much broader exemption for the latter category, as much of what they measure is cross-site traffic, in order for them to tailor their offering better. However, such mechanisms can also be used to micro-target often unwanted sales offers, which is the element that the EU are trying to reduce.

How rapidly do you predict that the EU will be able to track and monitor breaches to their new copyright legislation, as well as apply the appropriate penalties?

Honestly, we do not know. Notably, the GDPR has an 'enforcement arm', namely the local Data Protection Agencies present in European Community member states. These agencies are already struggling to implement the GDPR (in the first year of the regulation 95,000 queries and complaints have been registered by the EU Commission and EU DPAs) and they have been tasked with enforcing this law in order to ensure the Digital Single Market remains a priority for the EU. Compliance with the Copyright directive (we believe) will be the responsibility of the rights holders, or bodies representing the rights holders, which may result in a disparate patchwork of enforcement where certain industries are more efficient at monitoring than others.

How seriously should we take the threats that news aggregators, such as Google News, will pull out of the European market following implementation of the new copyright laws?

Google has certainly borne the brunt of the EU’s recent penalties, and it may feel that the new copyright laws are simply too onerous to live with. On the other hand, Google also recognises that the EU is a very large and very digitally mature market, and its exit from the market would potentially allow another competitor to grow in its place. Perhaps Google’s memory of its withdrawal from China in 2010 may equally remind it not to make a hasty exit decision this time.

It is also interesting to note that a few years ago Spain and Germany adopted similar laws, causing Google News to pull out of these markets. This resulted in such a significant drop in traffic for the news publishers’ websites, that those laws were quickly rescinded. However, the EU is a much bigger market than Germany or Spain alone, so it remains to be seen how this works out.

One other potentially dangerous possibility is that Google News may seek to become the de facto news filter. Those inevitably bigger news suppliers, with which it negotiates royalty deals, will then clearly benefit from Google referrals; whilst the long tail of smaller content suppliers will inevitably suffer a damaging drop in referrals.

Do you predict that there will be major differences in how EU member states interpret the new copyright laws? If so, what are these differences likely to be?

With specific reference to our data, research, and insights profession, I am delighted to say that with the support and help of our many coalition partners, including BSA | The Software Alliance, Center for Democracy & Technology (CDT), League of European Research Universities (LERU), and Association of European Research Libraries (LIBER), amongst many others, we have secured a mandatory exemption for text and data mining, ensuring that member states should have no freedom in implementing different approaches or interpretations.

More generally, I think the key question here is how we define 'major'. Clearly, the implementation of the GDPR has seen local variances based on prevailing local legislation, although some of these variances were not clearly predicted. It is therefore logical to assume that there may be local variances in the application of copyright law; and our only true guidance is to assume/predict nothing!

On the basis that this law is intended to compensate creators for their online work, then this is a good thing. However, on the basis that this will be achieved by some form of copyright filter, this may be perceived as too rigorous or too expensive for some entities to adopt, and may also be perceived as an impediment to the further development of startup hubs and cities.

How do you think Brexit will affect UK copyright law? What will this mean for both consumers and companies?

The basic copyright framework will still be governed by international treaties to which both the EU and the UK remain signatories. However, what it means for the recently adopted Copyright Directive is yet to be seen. If the UK leaves the EU without a deal, then they would not be obliged to implement it into their own laws. However, if a Brexit deal is found, this will most likely contain a transition period of at least a couple of years in which the UK would be required to continue to follow EU legislation, including the Copyright Directive. But as with everything else in relation to Brexit, much is unknown.

How do you think the uncertainty surrounding Brexit has affected the data management and advertising industries?

Everything ESOMAR has seen, or has had the privilege of being associated with, leads us to believe that Britain is doing its utmost to ensure Brexit does NOT adversely affect digital business in the UK. The ICO is clearly working very hard to establish levels of equivalency with EU legislation; and within our own sector, the UK Market Research Society is working equally hard to ensure that all guidance – both legal and professional – will continue to support and facilitate digital research and insight business between the UK and the EU.