BRUSSELS: GDPR continues to be a friction point between publishers, agencies, digital platforms and advertisers, but the World Federation of Advertisers (WFA) is attempting to bring clarity to at least some of this.

Together with the Dutch Advertisers Association (BVA) and Digital Decisions it has created a Data Processing Agreement (DPA) template for use by advertisers.

The goal is to protect a brand from signing a DPA document – a mandatory contract addendum to an existing service agreement between data controllers (in this case the brand) and data processors (including media agencies, platforms and adtech platforms – that is one-sided and leaves the advertiser exposed to unfair risk.

It’s a live issue, as Digiday this week reported on how confusion over responsibilities in the ad supply chain has led to some publishers raising concerns over one agency giant’s approach to consumer data and consent which they believe may leave them liable if the agency uses data in a way users have not consented to.

Publicis Groupe said it has implemented “a robust data privacy governance structure”, which includes “a template DPA to cover several scenarios (client data being used, publisher data being used, etc.)” but added that the provisions would only apply “if that scenario exists”.

The WFA template sets out obligations from both parties, in addition to a well-defined scope of data processing activities, such as audience ingestion from an advertiser DMP to an agency owned/operated DSP, or the email-based custom audience features that Facebook offers.

The agreement is designed from a data controller perspective, the WFA stressed, and comes as a response to advertiser concerns that some DPAs are written more from the perspective of a data processor.

“With advertisers increasingly entering into direct contractual relationships with more and more partners to ensure they retain control of their data and direct relationship with consumers, the role of the Data Processing Agreement will become even more critical both strategically and to ensure they do not risk the reputational damage that could occur if they fail to comply with the requirements of GDPR,” said Stephan Loerke, CEO, WFA.

“This template will give brands guidance to ensure they have the right level of transparency and control in their relationship,” he added.

Sourced from WFA, Digiday; additional content by WARC staff