Google delay on ads standard for EU privacy law creates compliance mess
Google´s delayed entry into a consortium of advertising technology companies has spoiled the members´ push to comply with a new European privacy law, six people involved in the program leaving some firms exposed to fines.
Most at risk are unwitting owners of ad-funded websites and apps, which Google has said have the responsibility of getting consent to serve targeted ads to European consumers.
The experience shows how Google policy decisions cascade through the $200 billion global online advertising industry, which is dominated in most facets by the Alphabet Inc unit.
Data about a website visitor´s identity can pass through a dozen ad tech firms before an ad is loaded, and each one must have user consent or another legal basis to access it under Europe´s General Data Protection Regulation (GDPR).
Hundreds of ad tech firms launched software together a month before GDPR kicked in on May 25 to verify consent before displaying ads.
Google announced on May 22 that it would not join the industry program until August.
Google devised a temporary solution that the people said has been imperfect.
As a result, some of Google´s advertising clients are targeting ads to users who have not given consent to personalized marketing.
Google declined to comment on possible policy violations, instead reiterating that GDPR “is a big change for everyone” and that it is working with partners on compliance.
GDPR fines can reach as high as 4 percent of the firm´s annual revenue.
Four ad tech executives said they are counting on deference from regulators until Google supports the consortium technology.
“Once Google adopts the consent framework, much of the confusion will start to settle down a bit,” said Walter Knapp, chief executive of ad software company Sovrn Holdings Inc.
Authorities in France and Germany said they have yet to investigate consent issues related to online ads. Financial and legal analysts said it is a matter of time.