90% of U.S. Publishers Are Dropping the Ball on Data Compliance

Recent Compliant research reveals that plenty of U.S. publishers are complacent in consumer data leakage.  The data compliance technology company asserts that publishers follow the EU example, which provides more robust federal data privacy standards. 

As privacy ethics continue to take center stage, data compliance is crucial for every ad tech stakeholder to monitor risk and maintain brand integrity. With 71% of North American consumers citing data mishandling as a reason to stop interacting with businesses, publishers, and advertisers must align to meet data compliance standards. This will help to retain consumer trust and ensure ad spending flows toward privacy-enforced segments of the media supply chain. 

Data compliance is a legal necessity for publishers, so they must remain current on measuring compliance practices. The ‘U.S. Publisher Compliance Index – 2023 Report’ utilizes Compliant’s proprietary Publisher Compliance Index (PCI) to reveal insights into data compliance risks within U.S. publisher inventory. 

We are in a year of privacy testing and experimentation in 2024, but we can still try to get on our compliance p’s and q’s while we wait for federal regulations.

While America has a long way to go, we can still learn plenty from the privacy experts over in the E.U. Here, Compliance outlines what to look out for in the U.S. Publishers Compliance Index: 

Publishers Are Responsible for How Third-Parties Collect Consumer Data

Brands now bear responsibility beyond their own data processing, as recent decisions by U.S. and European regulators underscore that advertisers and publishers are answerable for third-party vendors and tools collecting and sharing data from their sites. Failure to demonstrate compliance with data protection requirements for all such data flows poses a legal risk. 

The FTC mandates that advertisers monitor data flows to third parties transmitted through web beacons, pixels, or other tracking technologies. Making privacy promises to consumers without ensuring alignment with third-party data practices is illegal. In essence, brands are warned not to make privacy commitments that their practices do not uphold. 

But how are the U.S. Publishers holding up?

In short, there’s a lot of room for improvement. To measure these standards, Compliance set up a PCI scoring and benchmarking methodology that assesses the regulatory risk profile of publisher websites. 

The Great American Compliance Gap

Developed in collaboration with industry experts, the PCI serves as a global metric for media data compliance, employing risk-calibrated sensitivity scores and comparative ratings to generate a compliance score for each URL on a scale of 0-5. Where the current score stands, a considerable compliance gap exists between the U.S. and the E.U. 

North American publishers have an average PCI score of just 0.7, significantly lower than the European average of 3.7 in 2022. The study cites that European publishers are more proactive in complying with privacy laws than their U.S. counterparts. This is understandable, though, because U.S. privacy law is very fragmented. There is still no federal data privacy law in the U.S. 

While only 20% of U.S. publishers have a Consent Management Platform (CMP), a concerning 91% of them are transmitting data before obtaining consent, leading to legal consequences, as seen with Sephora’s $1.2 million fine under CCPA. In Europe, GDPR mandates advertisers and publishers to secure consent before collecting and sharing personal data, resulting in higher compliance. Currently, only 20% of U.S. publisher websites have a CMP, in contrast to 92% of E.U. publishers. Experts suggest that the U.S. follow Europe’s lead in prioritizing data compliance as consumer concerns rise. 

The Dangers of Data Leakage

Digital advertising, especially real-time bidding, involves rapid data sharing among numerous companies using pixels, tags, and tracking tech.

Concerningly, many cookies and tags are introduced without website owners’ permission, leading to “piggybacking,” where one tag introduces others, causing data leakage and broken consent chains. Some US publisher sites have up to 475 piggybacked tags, with an average of 82.

Compliant’s reasearch shows that data flows through more than seven levels of tags on average within each publisher site, reaching up to 17 levels in extreme cases. The data compliance tech company emphasizes the urgency for all stakeholders in the media supply chain to assess their data compliance.

Publishers require transparency and measurement to ensure vendors and tools comply with data protection, avoiding risks to advertisers’ data and reputations. Just as there are viewability and brand safety standards, the industry should adopt a high-quality standard for data compliance.