Under the General Data Protection Regulation (GDPR), the biggest overhaul of data privacy laws in over 20 years, organisations must have transparent justification for processing personal data, starting Friday.
The rules threaten fines of as much as 4 per cent of company revenues for violations, although attorneys and European Union officials have cautioned there will be a grace period.
Here's what Google launched at the annual developer conference
But that has not prevented an anxious scrambling this week as companies seek and interpret last-minute counsel from consultants, business partners, and regulators.
Google officials, speaking on Thursday to 70 media and advertising firms at its New York City office and on a private telecast, described compliance efforts as a work in progress and said the company would release additional tools to assist publishers in June and August, according to a person with direct knowledge of the discussion.
Internet companies that track users online, whether for shopping, banking or other reasons, are set to face significant scrutiny.
The new rules require that they have specific justification, such as consent, for using personal information.
The worst case for Google and advertisers would be users refusing to allow sharing of their personal data. Some ads they encounter would no longer be personalized to their interests, and if clicked on less, could cut industry spending.
British attorney Gabriel Voisin, whose firm Bird & Bird revised 500 online privacy policies over the last two years to check their GDPR compliance, said on Wednesday that his team was still working overtime with 50 websites in “a flurry of last-minute adjustments.”
Sovrn Inc, which has developed a permission-gathering tool that websites can use as part of GDPR compliance, said it had a flurry of clients for the service in the last week.
Though GDPR has been a decade in the works, many businesses began detailing their compliance efforts only in the last month. In the online advertising industry, which Google dominates through various services, the company’s interpretation has trickle-down effects for partners such as publishers and small advertising companies.
Google now requires that online publishers obtain consent and take on legal risk on its behalf to track users online, a move it made in response to the GDPR that has proved unpopular with publishers.
Some publisher associations, including the European Publishers Council, reiterated a demand this week that Google publicise its rationale. They are keen for regulators to pay attention.
Australia probes claim Google harvests data, consumers pay
Mobile app developers also expressed concern that Google software they will rely on to comply with its GDPR-linked consent policies was not released until this week, leaving them little time to work out kinks. Jonathan Hillebrand, who makes ad-supported travel and education apps, said by email that he had to develop his own tool for now because Google “came to the party late.”
Google has said its GDPR strategy is in line with guidance it has received from European authorities.
On Thursday, Google said it would potentially change some of its new GDPR-inspired policies if European authorities revise their instructions about what constitutes compliance, according to meeting documents seen by Reuters.
Dave Grimaldi, executive vice president at the Interactive Advertising Bureau trade body, said in a tweet that, though productive, the meeting “highlighted challenges of complying with a law when so little guidance is available.”
COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ