The Legal Connection: How Ops Avoids Regulatory Pitfalls

Regulation--it’s the bane of ops’ existence. Keeping abreast of various regulations impacting the digital advertising environment is not easy: COPPA, HIPPA, VPPA, cookie laws, and so on. Do you even know what those letters represent let alone mean?

Maybe the bigger question is: Where does regulation come from, and how does it affect the day-to-day role of ops?

Ops teams are in a unique position, as their day-to-day tasks provide a birds-eve view of what’s really happening on a publisher's website. And this knowledge, when shared, can be powerful and have a tangible impact on the broader business.

There are plenty of laws and regulations that can cause roadblocks for digital publishers. It’s not ops’ job to know the intricacies of the law--that’s for the legal team. However, ops professionals need to have a good sense of when to flag and escalate potential legal issues.

Specialist Required? Know How to Choose a Legal Liaison

Someone needs to represent ops at the executive level. The answer can be found in the composition of your ops team: everyone has some knowledge (generalist) or one individual person has a lot of knowledge (specialist).

We spoke with several designated liaisons about the factors a publisher business needs to consider when evaluating the specialist or the generalist routes.

One who said she feels strongly about the specialist role, said it’s important to understand issues around user privacy and the publisher’s liability limitations. She spends significant time looking at contract terms and conditions, processes, makegoods, and relationships between ops and sales (in addition to relationships between both groups and legal).

Another said that while it’s wise to hire a specialist it’s not critical; the challenge in liaising with legal has more to do with the scale of a business than with the individual tasks of the job. To streamline communication, he assembled a checklist of 18 basic legal red flags ops should look for, and adds to it as new issues arise.

Some regulations are so wide-reaching that publishers should require ops staff to have some general knowledge of them. The Video Privacy Protection Act (VPPA), for example, is a concern for publishers that monetize video. Publishers with children up to 13 years old in their audience need to be familiar with COPPA, and publishers that sit on data related to users’ personal health need to know their way around HIPAA.

Budgets and human resources often play a huge part in how a publisher makes that decision. For large media companies—especially those with a wide roster of advertisers buying on a guaranteed basis—a specialist liaison between ops and/or sales and legal is practically a requirement. In fact, some publisher businesses would be advised to have more than one person in that role. Smaller companies might not require so much time spent liaising between ops and legal, and beyond that, they might not have the budget to hire someone with the right skills to fulfill the needs of that role.

Looking for Trouble: Steps to Mitigate Violations

So, you’re looking over contracts, and you don’t speak lawyerese. The advertiser wants to close the deal and launch the campaign. The publisher needs to generate revenues. But what if there’s something in the T&Cs that puts your business at risk--not just from a revenue standpoint, but from a legal perspective? A lawsuit might prove calamitous to your company, and if the buck gets passed to ops, it could cost you your job.

The legal team is a valuable ally when you’re sweating over contracts; however, legal team is also fielding similar questions from all over the organization. Before ops escalates contracts to legal, both teams need to develop a good working sense of how to differentiate a purely business issue from a legal issue.

For example, publishers ought to have an approval or certification regimen for partners before third-party code can be deployed on the site itself. This universal partner screening process should be formal and consistent, and certainly mandatory. Every publisher should document key information about each third party and the functionality of their code. Oftentimes publishers will handle this with a form, and legal should have a hand in developing it. This is one way of pre-empting problems--the kind of problems that can lead to lawsuits--before they develop and/or emerge on the site.

Review contracts on a case-by-case basis. Even with long-standing clients, you’ll need to keep an eye on subtle changes to terms that can put your business at a higher liability.

Clients have a tendency to slip language into documents at the last minute. Publishers shouldn’t promise immediate action as soon as the I/O comes in from the agency. That’s where a lot of publishers—especially smaller publishers that can’t cushion the blow as well—end up getting slammed. It’s entirely possible for an existing client to change the terms of an agreement in a new I/O, and these changes can have disastrous consequences.

According to one publisher, these last-minute changes are how flagrant client demands for publisher data make their way into deals. Suddenly, the publisher finds itself getting dinged on the business end (providing makegoods) and the privacy end (giving away user data, in a possible violation of stated privacy policies).

Another publisher pointed out that ops should keep an eye out for specific terms added to RFPs—a relatively new thing to some publisher/advertiser relationships. While those terms are often aimed at things like makegoods or viewability, they should be closely inspected for any legal ramifications, then, added to the I/O if approved.

Separating Business From Compliance

It can be a real challenge to look at a contract and differentiate pure business issues from legal issues, but it’s important to do so. To a certain degree, once a business term is in a binding contract, it inherently becomes a legal issue. Terms around indemnification, non-disclosure, data privacy—those are legal issues, easy for ops to recognize off the bat. But in order to effectively differentiate between general business issues and a legal matter, ops needs a strong dialog with the legal team.

Ops knows the minimum business requirements for a deal, and this knowledge can help legal review a contract and present certain scenarios that could expose legal issues.

One publisher outlined a scenario where ops and legal really need to have a conversation: vendor requests to append tags to an ad. The legal team might assume: “That’s a tag—that’s a business issue.” But ops knows that the tag is a tracker. If the tag is asking for personal information, it quickly becomes a legal issue.

An ops team that understands the legal point of view will pick up on seemingly innocuous contract language. In one prime example, a publisher noticed a new transparency clause in an advertiser contract. For a publisher whose business is built on transparency, that might not seem like a strange thing to ask. In this case, the ops team recognized the clause was something end clients want from publishers and vendors in the aftermath of a recent industry survey about arbitrage, kickbacks, etc. and understood the client was asking for something specific.

Wary that legal would make a hasty assumption about transparency, he sent the agreement to legal, explained the context and also underlined language that he suspected might increase the publisher’s liability. Legal agreed, and redlined the additional points that put the publisher at risk.

The moral of the story is, it’s not enough to send a questionable contract to legal. You need to explain the ops perspective and clarify what advice you seek.

Be a Valued, Go-To Resource

The dream of digital marketing has long been to get past using cookie-based intent and behavioral data as a proxy, and to bring person-to-person marketing into existence. That’s finally happening, but it’s happening by taking advantage of device profiles—particularly from mobile—and other cross-channel tracking developments.

Does this increasingly individualized targeting methodology open the door to new privacy concerns? You bet it does. It’s reasonable to expect there will be more pushback from users and consumer advocacy groups from this device-level stuff than there ever was over cookie targeting.

This places anyone who straddles the fence between legal and business deals into an invaluable position. If you can communicate between these two worlds, you can become a resource for multiple teams. Issues that sit on the business/legal divide can reverberate throughout the publisher organization. Eventually, some might reach to high-level people like the CISO or Chief Privacy Officer.

When that happens, the person who acts as connective tissue between legal and ops and/or sales can have a seat at the table to help figure out the best course of action for the whole business.



Brian LaRue has been AdMonsters' Staff Writer since the summer of 2015. He arrived at AdMonsters with several years' worth of knowledge of media and advertising tech, having written and edited on behalf of publications and tech vendors alike. Brian has been publishing steadily since high school and cut his teeth professionally at regional alt-weeklies in New England. Being involved in print in the 21st century certainly helped inspire his vocal advocacy of digital media. These days, he lives in Brooklyn, NY, where he pursues several threads of an art-damaged semi-secret life.

Rocket Fuel