The Wall Street Journal reported that at least one global brand now requires an agency to agree to pay more than $15m in fines for any violations relating to data privacy laws before it will be considered for an account.
In this case, the primary aim of the tactic appears to be not so much about mitigating the financial impact of a data breach as about avoiding any potential reputational damage by forcing agencies to take the matter seriously.
Five years ago, only a few big global brands were making such requests, but now, according to Simon Francis, chief executive at Flock Associates, which helps advertisers run agency reviews, nine out of ten clients are asking for indemnification against data privacy breaches.
And sometimes a take-it-or-leave-it approach by clients is guaranteed to put additional stresses on the relationship between the two parties.
“I struggle with the concept of pushing a potential partner, a service provider, into a corner where you say, ‘Take over this multi-multi-million-[dollar] risk within the next 24 hours or you might be out of that process’,” said Florian Adamski, chief executive of OMD Worldwide.
He also noted that even if agencies and clients reached agreement between themselves there was still a “grey area” relating to breaches by third parties such as the publishers used to reach consumers.
The legal view is that advertisers and agencies are “new to this dance”, in the words of privacy lawyer Tanya Forsheit, of Frankfurt Kurnit Klein & Selz, who pointed out that large digital publishers and technology companies have for years deployed indemnification clauses to pass on data privacy liability to business customers.
Sourced from Wall Street Journal; additional content by WARC staff