The Future of US Privacy Compliance: A Q&A With Jamie Barnard, CEO of Compliant

While the US can learn much from the EU’s privacy compliance regulations, Compliant CEO Jamie Barnard says the US is not far behind our friends across the pond

At the beginning of the year, we covered Compliant’s US Publisher Compliance Index which revealed that 90% of US Publishers share consumer data without consent. 

Privacy compliance is becoming increasingly critical. A successful business must understand the dynamics of data regulation, privacy laws, and brand integrity. 

To follow up on the coverage of this study, I chatted with Compliant CEO Jamie Barnard to delve into the intricacies of compliance within the digital media industry. We talked about the rugged privacy compliance terrain in the US, the challenges faced by advertisers and publishers, and the innovative solutions shaping the future of data privacy and brand protection.

Andrew Byrd: In the study, you emphasize the importance of consistently measuring compliance in media. How do you see this happening overall in the industry? Where is it working, and where does it need improvement?

Jamie Barnard: When we examine the open web specifically, it serves as a valuable baseline for understanding. Approximately $90 billion is allocated annually towards the open web and digital media. Major global brands typically engage with 100 to 150,000 publisher sites worldwide. On average, a campaign targets around 44,000 publishers. 

Our research has assessed the data compliance of about 90% of the open web outside of China based on media spend. The remaining 10% yields diminishing returns because many sites generate only a fraction of ad impressions. For instance, in a 44,000 Publisher campaign, 86% of ad impressions concentrate on just 3,000 sites, leaving the other 41,000 publishers with less than 15% combined impressions. 

Shockingly, 85% of impressions land on sites failing to meet baseline compliance standards, highlighting the internet’s original design prioritizing functionality over privacy. Retrofitting emerging privacy regulations onto this framework proves challenging. We’ve realized we’re in an unsustainable environment requiring change, but we must implement solutions without stalling progress. 

We’re at a critical juncture as we face the cookieless future, characterized by impending privacy regulations. Effective media strategies must align with a new privacy, consent, and identity era. While we still need to prepare for this transition, it parallels the period before GDPR’s enforcement, where readiness evolved gradually. The industry is awakening to the necessity of adapting to this new reality.

AB: What legal obligations do publishers have concerning third-party vendors and tools that collect and share data from their sites? Do we have enough robust laws in the U.S. specifically to address these concerns?

JB: Regardless of location, site owners are responsible for ensuring that third-party tools or vendors collecting and sharing data comply with relevant regulations. Given the volume of work involved, achieving this due diligence is daunting. However, transparency tools can provide insight into the ecosystem and facilitate the establishment of a well-structured vendor network.  

For publishers, Data compliance has become integral to responsible media frameworks, as it ensures brand safety and mitigates privacy risks within the digital supply chain. Blindly placing ads without assessing publishers’ compliance poses significant risks, ranging from benign neglect to severe privacy breaches orchestrated by unscrupulous data brokers. 

Additionally, regulators are contemplating incorporating more technology to keep pace with industry changes. Despite the US being somewhat behind, this situation is transient. Comparing the level of fines in Europe provides a clear indication of the direction the US might take. GDPR fines in Europe surged from 300,000 euros in June 2021 to 4.2 billion euros in June 2023, a remarkable 14,000-fold increase in just 24 months. This trajectory suggests that US state regulators may intensify enforcement efforts, imposing substantial fines for compliance failures.

AB: The study highlights the Publisher Compliance Index (PCI) as contributing to a new brand integrity standard in digital media. Could you explain how the PCI achieves this and its significance for advertisers and publishers?

JB: Earlier, I mentioned that we’ve extensively assessed the data compliance of publishers worldwide. Regardless of your brand’s market, if you’re running an ad campaign, we can provide insights into its compliance at various levels: campaign, publisher, and individual impression. Our PCI serves as a compliance score. We conduct thorough web interrogations using machine learning to scrutinize each publisher’s URL, gaining transparency into vendors, tools, beacons, pixels, and cookies. 

This process allows us to discern consent management solutions, analytic tools, data brokers, and more. We then overlaid over 30 privacy-related data points to gauge compliance with legal and regulatory requirements. The initial score is perfect, but identifying compliance risks gradually diminishes it. 

Currently, scores range from zero to five, reflecting the severity and frequency of identified risks. This score empowers you to analyze past, present, and future media buys, enabling adjustments for improved compliance alongside metrics like viewability, brand safety, and sustainability. Enhancing compliance without compromising brand performance is essential for industry progress.

AB: The U.S. Publisher Compliance Index 2023 Report highlights a significant gap in PCI scores between North American and European publishers. Can you provide insights into the average PCI scores and what they reveal about compliance with privacy laws in these regions?

JB: After examining Europe and the US, I was surprised that the privacy regulation gap isn’t as wide as expected. In Europe, opting in is the norm, meaning data is only shared if explicitly allowed. In contrast, the US operates on an opt-out basis, assuming consent unless denied. 

While Europe offers various lawful bases for data processing, consent remains vital, especially in advertising and marketing. Conversely, the US generally allows data sharing unless refused. There’s a growing recognition, especially led by California, that a consent-based approach is the future. The shift won’t be immediate, but all will likely adopt a consent model over time, though it requires significant restructuring.

AB: Your study said that 90% of US publishers share data without securing consent. What advice would you give to US publishers about privacy compliance? 

JB: Compliance isn’t about constraints anymore; it’s crucial for the future of media and effectiveness. Companies with high compliance standards make quicker decisions, better leverage data, and buy media more effectively, avoiding wasted resources on non-compliant sites. Recognizing compliance as a value driver rather than a limitation is key. Progressive brands and media agencies leading in compliance are outperforming competitors thanks to the quality and clarity of their data, enabling swift decision-making.