WFA warns members to keep consumer data safe

Date: 27 Jul 2020

PETALING JAYA: The World Federation of Advertisers (WFA) has cautioned its members to take action so as to keep data collected by trackers on websites and apps safe.

To help them assess their performance, it has teamed up with privacy tech company Global Data Bank to create benchmarks.

The results, which currently cover uniform resource locators (URLs) owned by 312 advertisers across more than 20 sectors worldwide show that risk is medium to high across all industries but that geography, industry and brand all contribute to huge variations in scores.

A URL, generally termed as a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it.

Using the new Data Safety Index tool (, WFA members would now be able to check by country and by sector to assess their risk and benchmark their performance against the market average.

Globally, the average risk is ranked at 2.7, where 5 is good and 0 is extreme risk, with Europe performing better (average 3-5) compared to the US, Latin America, Africa and Asia, which tend to average 0-3.

This is likely the result of the stricter regulatory landscape in Europe, where laws such as the General Data Protection Regulation and ePrivacy Directive have put in strict controls in place related to how companies use trackers, such as the requirement to get prior user consent, WFA noted.

The sectors with the highest safety index include manufacturing, gaming, beverage, pharmaceutical, banking, and food, while the industries with the highest risk are retail, automotive, garment, insurance, and beauty.

According to the federation, marketers use cookies and other trackers to manage issues such as relevance and re-targeting, measurement, fraud prevention and brand safety.

Commenting on data safety, the Malaysian Advertisers Association (MAA) president Mohamed Kadri Mohamed Taib told StarBiz: “Poor planning and inadequate management of data collected by advertisers can devastate brand reputations.

“It is therefore imperative for brands to apply best practices in pace with the changing digital ad ecosystem to combat data leakage, which could lead to devastation of brand reputation.” MAA is a member of WFA.

Meanwhile, Kelvin Xiawei, head of protection and safety at AirAsia Group, added that the company echoed the importance of setting up a data governance team.

“We have a data security and privacy work group that meets regularly to discuss how we can uphold and improve the security of data.

“To cultivate information security awareness within the AirAsia Group, we require all employees to go through a mandatory training, ” he added.

However, WFA said the complexity of the digital ad ecosystem meant there are risks that such data could leak. As privacy laws tighten around the world, brands need to ensure that they are taking all possible precautions to minimise the likelihood of such events.

The latest report by the WFA highlighted five key areas where brands could be at risk of data leakage. These include the failure to have a consent management platform (CMP), putting the CMP too late in the registration process, Piggybacking, data leakage and data reselling or data bundling.

Just 64% of the URLs assessed by Global Data Bank actually had a CMP in place. Such systems are not only an essential tool in meeting local legal requirements but they also play an important role in providing consumers with transparency around how their data will be used.

In 68% of cases where a CMP was in place, trackers were already being placed before the brand had had a chance to obtain consent. Best practice and many local legal rules require consent first.

In the case of Piggybacking, the findings by WFA showed that in 52% of cases globally, first-party data was being inadvertently passed to a third party and processed without the necessary user permissions.

“Sometimes this was for technical reasons such as cookie-synching but sometimes it could be used by third parties for other purposes such as re-targeting on another website or app, ” the federation noted.

As for data leakage, too often an authorised data recipient shared information with other third parties (such as data resellers) without permission. In 45% of cases where there was unauthorised use of data, this was the cause. Such practices, it noted, could result in consumer data being shared widely across the online ad ecosystem.

Where brands use companies that focus purely on data reselling, consumer data could end up being collected and passed on for targeting advertising.

Such behaviours were noted in 31% of sites analysed and could result in data vendors gaining unauthorised access to consumer information, it added.

To help WFA members to tackle the most common issues and improve their data safety index score, Global Data Bank has recommended 10 actions or best practice.

Some of these are the need to check and update the CMP, position the CMP correctly, for brand owners to ensure that what has been contractually agreed is actually what is being implemented, stop “piggybacking” without consent, standardisation of data architecture, setting up of a data governance team and elevate data discussion.

Originally posted on The Star Online

Related Posts