By David Tyler, President, Global Sales and Partnerships, Paragon Digital a Dentsu Company
Recently, Juniper Research reported that ad fraud will cost marketers $84 billion in 2023 — about 22% of the $382 billion spent on online advertising. Worse, that waste isn’t expected to subside anytime soon. These losses are staggering, and if it were any other sector of the economy, every law enforcement agency would be on the case, working to stop such grand-scale thefts.
What’s more frustrating is that studies, such as the annual TAG Fraud Benchmark reports, prove time and again that certification works. True, certifications are costly, but they’re nothing close to $84 billion! And yes, they take time, but it’s a lot less time than advertisers spend conceiving of products and services, testing and manufacturing them, and rolling them out to the market.
For this reason, I predict that 2024 will be the year that advertisers will throw up their hands and demand that everyone in the digital ad tech ecosystem commits to quality, data security and privacy. Below are three areas where every brand and advertiser should ask their partners difficult questions, including whether or not they’re willing to gain the certification necessary to ensure campaign quality, as well as protection of the customers’ data and privacy.
Earlier this year, BMO Canada launched a campaign to build its pool of credit card consumers. Like many large-scale advertisers, the bank included YouTube in its media plan. The problem? Some of those ads were targeted channels, such as the Kids Diana Show, that are popular with the under eight-year-old crowd. Worse, because users who clicked through to the BMO site were tracked, the bank inadvertently collected data on underaged children, a clear violation of the Children’s Online Privacy and Protection Act (COPPA). That’s on top of the media waste of targeting youngsters for credit cards. According to Adalytics, data from children percolated throughout the industry, with “dozens” of major ad tech and data brokers receiving it.
When we talk about quality in ad campaigns, we talk about taking every possible step to ensure a message is seen by the right audience. This requires more than instructing a DSP to target a cohort. It requires the ad operations team to develop and adhere to a quality management system (QMS) system that is ISO 9001:2015 certified.
At a minimum, brands should ask their partners:
- Does your QMS require internal and external audits, what is the frequency?
- For how many years has the provider used their existing QMS?
- What percent of the work is delivered on time and without error in the last 12 months?
As I write this, a colleague is frantically changing all of her passwords. Her mortgage company, Mr. Cooper, has been hacked, and although the company says it’s unsure if customer data has been compromised, she’s getting emails from her security alert providers that her credentials are for sale on the dark web. In 2022, the Irish Council for Civil Liberties issued a report calling the entire RTB industry the “biggest data breach ever recorded.”
When consumers go online, it’s with the expectation that any data that’s generated about them is secured. The regulators have sided with them and have demanded data security as a precursor for doing business within their jurisdictions. Every major piece of privacy regulation also addresses data security in fundamental ways. If any entity collects consumer data of any kind, that entity must ensure that the consumer won’t be harmed as a result of a data breach or some other issue.
And yet, we can’t say that every player in the industry has a robust Information Security Management System (ISMS) in place. An ISMS is a set of policies, procedures, and controls for managing sensitive data and information security systematically.
Once again, we can turn to the ISO for guidance. ISO/IEC 27001 “promotes a holistic approach to information security: vetting people, policies and technology.” Again, it’s costly and a bit of a pain for an ad ops partner to achieve certification, but not as painful as telling all of your customers that their data has been compromised and if they don’t take immediate steps they can be seriously harmed.
Key questions brands should ask their ad ops partners include:
- Do you have proven ISMS to protect sensitive data? How long has it been in place?
- Does your ISMS contain a Business Continuity and a Disaster Recovery Plan?
- Does the ISMS contain a Cyber Security Assessment and Security Response Plan in place to protect your client data and their client data?
- What security challenges are covered in the Cyber Security Assessment (e.g. criminal gangs, malware, emerging threats, geopolitical analysis, etc.)?
One would think given the focus that GDPR and other privacy regulations have received over the past seven years, the industry would have its act together on that front, but this year has seen some of the biggest fines to date. Topping the list is Meta, which was fined a staggering €1.2 billion for transferring EU WhatsApp and Instagram user data to the U.S.
Here’s what’s scary about these fines: as a brand, you may have a strong commitment to complying with every privacy regulation, but if your ad ops partner is out of compliance, you’re the one who is held responsible and must pay the fine. For this reason, it’s vital to work with ad tech partners that are ISO 27001:2022 certified.
Ask your partner a few questions on this front, such as:
- Does your Privacy Information Management System (PIMS) include government-required personal data protection in each market (country and state)?
- Is the PIMS mature and are all client-facing employees taught how to Trust, Store and Protect data?
- Can we obtain a copy of your Data Privacy Plan with dates and certifications?
We Can Solve These Problems
We can solve the challenges of campaign quality, data breaches and violations of privacy through rigorous processes and certification. Yes, it’s expensive, but it’s worth the protection against the risk of a billion-dollar problem that can affect tens of millions of people worldwide.
About the Author
President of Growth and Partnerships for global ad operations talent agency Paragon Digital Services. David Tyler ensures clients’ ad operations departments are supported with expert talent focused on delivering on their client’s digital media KPIs. Tyler also oversees Paragon Digital Services’ marketing efforts globally.