tag:econsultancy.com,2008:/topics/legal-and-regulations Latest Legal content from Econsultancy 2016-08-29T03:00:00+01:00 tag:econsultancy.com,2008:BlogPost/68232 2016-08-29T03:00:00+01:00 2016-08-29T03:00:00+01:00 China introduces far-reaching new internet ad law: Why it matters Jeff Rajeck <p><img src="https://assets.econsultancy.com/images/0007/8461/Us_ads.png" alt="" width="480" height="328"></p> <p>China, by comparison spends a far greater percentage (66%) of its advertising on internet and mobile and a much smaller percentage (24%) on traditional media.</p> <p><img src="https://assets.econsultancy.com/images/0007/8460/China_ad.png" alt="" width="481" height="323"></p> <p>So, even though the overall dollar amount spent in China is less than in the US, the<strong> internet is a much more significant part of advertising in China</strong>.</p> <p>Because of this, China is likely to be a trend-setter for other parts of the world.</p> <p>To learn a bit more about what might be coming to internet advertising in the rest of the world, here is the background and some detail of the new law in China.</p> <h3>Background</h3> <p>In July, 2015 China's State Administration for Industry and Commerce (“SAIC”) amended the Chinese Advertising Law to cover internet advertising.  </p> <p>New regulations were supposed to go in effect last September (2015) but were largely unenforced.</p> <p>Recently, however, there has been renewed interest in regulating online advertising, which may have something to do with the tragic story of Wei Zexi.</p> <h4>The death of Wei Zexi</h4> <p>On April 12, 2016, Chinese student Wei Zexi died after receiving experimental treatment for cancer which he found out about through an ad on China's main search engine, Baidu.</p> <p>The hospital had, apparently, claimed a high success rate for the treatment in the ad.  </p> <p>The ads were also regularly featured prominently in search results as the hospital group was reportedly responsible for nearly half of Baidu's multi-billion dollar ad revenues.</p> <p>Wei Zexi's death drew renewed attention to the Advertising Law from Chinese media, including 250,000 comments on an online editorial on the matter.</p> <p>In apparent response, the regulators not only censured Baidu and issued specific regulations for it, but also followed up with new laws.</p> <h4>Response</h4> <p>On July 4, 2016 the SAIC issued new regulations, the Interim Measures for the Administration of Internet Advertising, which take effect on September 1, 2016.</p> <p>The Advertising Law and the Interim Measures are the first step China's SAIC has taken toward defining and regulating advertising.</p> <h3>The new laws</h3> <h4>Internet advertising defined</h4> <p>There is a lot of detail in the definition of internet advertising in the new law (which you can read about <a href="http://www.lexology.com/library/detail.aspx?g=296c00a7-f562-4012-a6d3-c8ec58463c2f">here</a>), but in brief, <strong>internet advertising is defined as any commercial marketing anywhere on the internet for anything</strong>.</p> <p>The definition is broad and even includes out-of-home displays with web addresses and recommendation engines on ecommerce platforms.</p> <h4>Internet publishers defined</h4> <p>More interesting is how the regulators define a 'publisher.' According to the law <strong>a publisher refers to those who push OR display the advertising.</strong></p> <p>This can include websites, ad tech platforms, influencers, and even internet service providers.  </p> <p>In short, anyone who has the ability to review and prevent an illegal ad from showing can be held responsible.</p> <p>This definition is, again, quite broad and will give the government a lot of flexibility to enforce the law as it likes in the future.</p> <h4>Publishers obligations</h4> <p>The real meat of the regulation, however, are the <strong>publisher's obligations.</strong></p> <p>According to the new law, publishers will need to: </p> <ul> <li>know who their customers are,</li> <li>verify any credentials they give, and</li> <li>verify the ad content.</li> </ul> <p>To handle this, publishers and ecommerce sites will be expected to hire specialists to record customer details, review all ads and block those which do not comply. </p> <p>While there are other things in the law, such as anti-spam clauses and a ban on ad-blockers (<a href="http://adage.com/article/digital/china-ban-ad-blocking/305077/">maybe</a>), the fact that publishers, broadly defined, will be responsible for the claims made by advertisers is among the biggest changes.</p> <p>This means that China has gone from one of the least regulated advertising markets to one of the most, almost overnight.</p> <h3>Example: Baidu</h3> <p>These regulations sound somewhat far-reaching and difficult for companies to comply with.</p> <p>But have a look at Baidu's search results for cosmetics (化妆品).  The top three results are ads and are, as one might expect, marked as promotional posts on the right in blue (商业推广).</p> <p><img src="https://assets.econsultancy.com/images/0007/8465/baidu_2.png" alt="" width="438" height="442"></p> <p>But interestingly there is also a grey link after the domain name (评价) which sends the browser to another page, offering details about the advertiser and fielding comments.  </p> <p>Here it is for one vendor, translated into English by Google.</p> <p><img src="https://assets.econsultancy.com/images/0007/8463/baidu_vendor.png" alt="" width="452" height="267"></p> <p>It seems, therefore, that <strong>Baidu is already taking the regulations quite seriously.</strong></p> <h3>Why everyone should be interested in China's new laws</h3> <h4>1. The new laws raise interesting questions for other countries</h4> <p>Most Western countries have carried over existing advertising legislation to online platforms.  </p> <p>This works well when the advertising model has two players, the advertiser and the publisher, but breaks down when there are multiple parties involved.</p> <p>Unresolved questions include:</p> <ul> <li>Who is responsible for ad content in <a href="https://econsultancy.com/blog/65677-a-super-accessible-beginner-s-guide-to-programmatic-buying-and-rtb/">programmatic advertising</a>?</li> <li>Is checking native ads the reponsibility of the publisher or the agency?</li> <li>What about influencers who appear on a social media site via an agency?</li> </ul> <p>China's legislators have a simple answer, <strong>everyone in the ad chain is potentially responsible</strong>.  </p> <p>While this may seem heavy-handed it will likely encourage the various players to be much more careful with ads than if they felt they could always blame the originator or the delivery platform.</p> <h4>2. The regulation might set a trend</h4> <p>Because the law does address these issues left somewhat unclear in the West, China's approach may attract the attention of Western regulators.</p> <p>As of yet, there have been very few cases of regulators cracking down on behavioural, programmatic, or even <a href="https://econsultancy.com/reports/the-rise-of-influencers/">influencer marketing</a>.</p> <p>One recent example is from the US. The  Federal Trade Commission <a href="http://www.adweek.com/news/advertising-branding/ftc-slams-lord-taylor-deceiving-customers-not-disclosing-its-native-ads-170229">filed a complaint against fashion retailer Lord &amp; Taylor in the US</a> for unregulated influencer marketing.</p> <p><img src="https://assets.econsultancy.com/images/0007/8464/lord_taylor.jpg" alt="" width="486" height="243"></p> <p>There are, however, very few other cases of such action and, in fact, <a href="http://www.prweek.com/article/1390325/brands-agencies-admit-flouting-uks-rules-influencer-marketing">many marketers freely admit overstepping guidelines</a> set by their regulators.</p> <p>If China's approach works without seeming heavy-handed, therefore, <strong>other countries may end up with similar laws governing internet advertising.</strong></p> <h4>3. The new laws could spark innovation</h4> <p>One interesting angle in all of this is because each layer of the ad tech stack is held responsible for content, it is likely that technical monitoring solutions will arise.</p> <p>It will not be easy for publishers, agencies, buy and sell-side platforms, and even brands to ensure that all ads published are compliant.</p> <p>Because of this, new ad tech with compliance features may spring up to help all involved with the process.</p> <h3>So...</h3> <p>Brands that are advertising in China<strong> should become familiar with the legislation as soon as possible.</strong>  </p> <p>As of September 1, 2016 the State Administration for Industry and Commerce will be monitoring for ads which violate the policies set out in the Advertising Law and the Interim Measures for the Administration of Internet Advertising.</p> <p>Those who do not currently advertise in China should, however, take note as well.  </p> <p>Most other countries currently enjoy little or no regulation, but should China's attempts to regulate be effective it would not be a surprise to see such laws appear elsewhere.</p> <p><em>For related information, read Econsultancy's <a href="https://econsultancy.com/reports/the-china-digital-report/">China Digital Report</a>.</em></p> tag:econsultancy.com,2008:BlogPost/68215 2016-08-25T14:24:00+01:00 2016-08-25T14:24:00+01:00 Are regulations impeding financial services innovation? Patricio Robles <p>As <a href="http://www.ft.com/cms/s/0/66c75f74-6790-11e6-ae5b-a7cc5dd5a28c.html">detailed by</a> The Financial Times, BBVA is asking the European Commission to make changes to the bonus cap rules, which apply to employees who are "material risk takers" or earn more than €500,000 per annum.</p> <p>BBVA says that the bonus cap rules are making it difficult to compete and innovate, and that they should be amended.</p> <p>Specifically, BBVA would like to see that they're not applied to technology specialists, which the bank notes have seen their compensation increase but who don't expose the bank to the type of risks traders do.</p> <p>"In some cases we compete against US banks or tech companies on acquisitions. Their bonuses are not capped, so we may lose out," BBVA's digital M&amp;A chief, Juan López Carretero, told the FT.</p> <blockquote> <p>If you can design an app so a payment is done in two clicks instead of eight clicks that is valuable but it isn’t putting the bank at risk.</p> </blockquote> <p>BBVA is considered one of the more tech-friendly large banks.</p> <p>It <a href="https://www.bbva.com/en/news/economy/corporate/finance/bbva-acquires-simple-to-accelerate-digital-banking-expansion/">acquired Simple</a>, a US banking startup, for $117m in 2014, <a href="https://www.bbva.com/en/news/general/bbva-acquires-finnish-banking-start-holvi/">and Finnish business banking startup Holvi</a> in March. </p> <p>BBVA has invested in a number of financial services startups, including <a href="http://www.ft.com/cms/s/0/b71ad596-91f3-11e5-94e6-c5413829caa5.html">UK mobile bank Atom</a>, and earlier this year it <a href="http://www.americanbanker.com/news/bank-technology/whats-behind-restructuring-of-bbvas-fintech-venture-fund-1079319-1.html">created an independent venture firm</a>, Propel Venture Partners, to "invest in technology-driven companies that are Rethinking and Rebuilding financial services."</p> <p>With more and more <a href="https://econsultancy.com/blog/67919-five-fintech-start-ups-aiming-to-replace-traditional-banking">startups looking to disrupt traditional banking</a>, rules that make it more difficult for banks like BBVA to recruit top tech talent or acquire promising young companies would indeed appear to be a legitimate concern.</p> <p>But big banks shouldn't fall into the trap of believing that the ability to open their wallets more freely is the key to thwarting would-be disruptors and spurring innovation.</p> <p><strong>First,</strong> in the battle for talent, <a href="https://techcrunch.com/2015/06/25/a-closer-look-at-the-silicon-valley-vs-wall-street-talent-war/">it's not all about money</a>.</p> <p>Many of those who are choosing Silicon Valley over Wall Street and The City aren't doing so just because they see the opportunity to make more money.</p> <p>Big banks are seen by many as stodgy and bureaucratic, making them less attractive for job seekers looking for opportunities that will give them the ability to do interesting work and make an impact.</p> <p>Additionally, the financial services industry's reputation hit post-2008 hasn't helped matters.  </p> <p><strong>Second,</strong> as far as acquisitions and partnerships are concerned, banks will need to prove that they can integrate with the upstarts they acquire and partner with.</p> <p>BBVA appears to be on the right track in this regard <a href="https://www.finextra.com/newsarticle/28693/simple-to-move-customer-accounts-to-bbva-compass-platform">thanks to investment in APIs</a>, but it's still very early in the game and it's not clear that large financial institutions will be able to acquire or partner their way to success.</p> <h3>Regulation to the rescue?</h3> <p>Ironically, regulation might soon provide some relief for banks under attack from fintechs.</p> <p>Their rapid rise has not gone unnoticed by regulators and it's possible that fintech upstarts will soon find themselves subject to much greater scrutiny.</p> <p>For example, in the US, state and federal regulators, including the FDIC, <a href="http://www.wsj.com/articles/greater-scrutiny-looms-for-bank-online-lender-rent-a-charter-deals-1471824803">are eyeing new guidelines</a> that would allow greater oversight of online lenders.</p> <p>If they become subject to more regulation, these upstart non-bank lenders could see many of the advantages they've used to gain market share slip away, making it easier for banks to compete for loan business once again.</p> <p>That could be good news for banks, at least in the short-term, but even if fintechs are saddled with new regulatory burdens, the reality is that <a href="http://www.americanbanker.com/news/bank-technology/what-do-millennials-want-from-banks-everything-nothing-whatever-1079945-1.html">consumer behavior and expectations have changed and continue to change</a>.</p> <p>Banks that want to thrive will need to address this and they can't do that with money alone.</p> tag:econsultancy.com,2008:BlogPost/68108 2016-08-02T12:30:00+01:00 2016-08-02T12:30:00+01:00 Brexit and the Digital Single Market: Three ways forward Todd Ruback <h3>Brexit, data protection and the Digital Single Market</h3> <p>The people have collectively spoken and now policy makers need to forge a path forward that honours the will of the people, while also ensuring the UK’s access to the all important EU economic market – especially the digital market and this is no easy task.</p> <p>The UK’s decision to leave the European Union comes just on the heels of the passage of the EU’s General Data Protection Regulation (GDPR), a massive piece of legislation that aims to give control over personal data back to the individual through a series of new codified rights.</p> <p>The GDPR is a pan-European law that will add certainty for companies selling their wares to EU citizens.</p> <p>More importantly, it is the foundation of the <a href="http://ec.europa.eu/priorities/digital-single-market_en">Digital Single Market</a>, a strategic European initiative that aims to create fertile conditions for European-based innovation that will add billions of Euros to the overall economy, the UK included, while creating countless jobs.</p> <p><iframe src="https://www.youtube.com/embed/mTeqrJJPkfg?wmode=transparent" width="560" height="315"></iframe></p> <p><em>As well as increasing access to goods and services, the Digital Single Market will also improve networks and drive economic growth</em></p> <p>The UK’s pending exit from the EU puts it at risk of not participating in the Digital Single Market unless another option can be implemented.</p> <p>Here are three possible paths forward, none of them straightforward, but paths nonetheless.</p> <h3>Three paths forward</h3> <p><strong>1. UK adopts GDPR</strong></p> <p>The UK can adopt the GDPR as its own national data protection legislation, but then would still be left with the dystopian act of applying – upon a politically bended knee – to the EU to be granted “adequacy” status, which is legal jargon recognising that your data protection law offers the equivalent level of protection that the GDPR provides.</p> <p>If you receive “adequacy”, as countries like Canada and Argentina have been granted, then data can flow between the two economies freely.</p> <p>At issue is whether political egos will get in the way of applying for “adequacy” designation, and that is impossible to predict.</p> <p><strong>2. Be Switzerland </strong></p> <p>A second path forward would be for the UK to follow the Swiss model and negotiate a series of critical trade agreements with the EU that will allow the UK access to the EU digital market.</p> <p>While a series of one-off trade agreements may require a lot of heavy lifting and must be done quickly, it is important to remember that reciprocal access by the EU to the UK economy, the second largest in the EU after Germany, is important to the EU.</p> <p><strong>3. EEA Membership</strong></p> <p>A third path forward may be the simplest and could represent a balanced approach that would both honour the collective will of UK citizens, while still providing access to the EU Digital Single Market.</p> <p>Namely, the UK could apply to become part of the European Economic Area (EEA), a 1994 agreement that opens the EU market to non-member states under certain situations.</p> <p>Norway is the prime example, but there are technical considerations that I am not qualified to comment on that still must be met before a country can join the EEA, and like the first option, could result in an unbalanced relationship since membership is contingent upon meeting EU mandated and monitored requirements.</p> <h3>Riveting but serious </h3> <p>The UK political theatre playing out in front of us is riveting, especially for an American privacy wonk such as myself.</p> <p>But its entertainment value is far outweighed by the economic seriousness that portent if cool heads don’t negotiate a way forward.</p> <p>I know some of these cool heads, both in London and Brussels, and am confident that they will find that path forward that honours the democratic will of the referendum, while also fostering conditions for joint economic prosperity.</p> <p>It’s in everyone’s best interest.</p> <p><em>More on Brexit and the UK's digital economy:</em></p> <ul> <li> <a href="https://econsultancy.com/blog/68003-ecommerce-in-the-uk-post-brexit-positives-negatives-opportunities/">Ecommerce in the UK post-Brexit: Positives, negatives &amp; opportunities</a> </li> <li> <a href="https://econsultancy.com/blog/68001-how-will-brexit-impact-digital-businesses-and-marketers/">How will Brexit impact digital businesses and marketers?</a> </li> <li> <a href="https://econsultancy.com/blog/68099-three-ways-uk-retailers-can-utilise-the-post-brexit-gbp-drop-to-target-international-customers/">Three ways UK retailers can utilise the post-Brexit GBP drop to target international customers</a> </li> </ul> tag:econsultancy.com,2008:BlogPost/68067 2016-07-15T14:27:00+01:00 2016-07-15T14:27:00+01:00 Is ad fraud the 21st century drug trade? Patricio Robles <p>The Senators are concerned that ad fraud, which is estimated to be costing advertisers billions annually, could eventually lead companies to pass the costs of fraud on to consumers in the form of higher prices.</p> <p>They are also concerned that as fraudsters flood the online ad market, consumers will be at greater risk of having personal information stolen and abused.  </p> <blockquote class="twitter-tweet"> <p lang="en" dir="ltr">Here's an amazing fact: by 2025, the digital ad market could be 2nd only to drug trafficking as largest revenue source for organized crime</p> — Mark Warner (@MarkWarner) <a href="https://twitter.com/MarkWarner/status/752512068562063360">11 de julio de 2016</a> </blockquote> <h3>The role of programmatic</h3> <p>While digital ad fraud has been around in some form or another since digital ads first appeared, it appears to be becoming more lucrative and complex.</p> <p>There's more digital ad inventory than ever, and many advertisers are pouring more and more money into digital spend. At the same time, publishers and advertisers have embraced <a href="https://econsultancy.com/reports/the-cmo-s-guide-to-programmatic">programmatic</a> ad buying.</p> <p>According to Senator Mark Warner of Virginia, this makes for a dangerous combination. <a href="http://www.wsj.com/articles/senators-urge-ftc-to-examine-ad-fraud-1468231200">He told</a> the Wall Street Journal... </p> <blockquote> <p>This is a $60 billion industry, and some of the fraud numbers suggest that 10% of that is being wasted. And you’re seeing some of the same tools [we saw] in stock manipulation. This needs to be looked at.</p> </blockquote> <p>Warner likens the ad fraud problem to the 2008 financial crisis, and suggests that "some of the tech community has swept this under the rug," though he admits that he and other lawmakers have a lot to learn about the subject before the possibility of legislation should be put on the table.</p> <p><strong>But is ad fraud really a problem that can legitimately be compared to drug trafficking? That isn't so clear.</strong></p> <p>The industry is <a href="https://econsultancy.com/blog/67660-what-can-prevent-ad-fraud-we-ask-an-ad-tech-ceo">well aware of the issue</a>, and many parties are working to mitigate it.</p> <p>The good news is that digital advertising is one of the most accountable forms of advertising, so prudent advertisers have many opportunities to ensure that they're not being taken for a ride.</p> <p>So what explains the fact that advertisers are estimated to be spending billions on fraudulent ads that aren't being seen by real people? It's simple: in most cases, ad prices reflect advertisers' knowledge that fraud and <a href="https://econsultancy.com/blog/67076-the-rise-and-rise-of-ad-blockers-stats">ad blockers</a> will prevent 100% viewability.</p> <p>As former brand marketer Rick Webb <a href="https://econsultancy.com/blog/66712-former-brand-marketer-banner-ads-suck-but-they-re-great">explained last year</a>...</p> <blockquote> <p>We’ll spend a million bucks on a literal f**k ton of banners (I mean, just billions of the things, it’s crazy). And then we’ll do targeted brand sentiment and purchase-intent surveys using our internal peeps, online along with companies like Nielsen and Foresee, and offline with a bunch of (really quite awesome) companies you’ve never heard of. Then we’ll see whether the banners moved the needle, and if they did (and they often do), we’re happy.</p> </blockquote> <p>In other words, <a href="https://econsultancy.com/blog/67632-why-chasing-after-100-viewability-makes-no-sense-for-advertisers">100% viewability isn't required</a> to run profitable campaigns, and sophisticated advertisers are more than capable of factoring viewability into their considerations when determining how much they should pay for ads.</p> <h3>The bigger problem?</h3> <p>Obviously, this doesn't mean that ad fraud isn't a problem worth addressing, but the idea that ad fraud, and programmatic ad fraud in particular, is going to create a Wall Street-like crisis that threatens the digital advertising ecosystem seems far-fetched.</p> <p>If anything, lawmakers and regulators should be more concerned about how fraudsters <a href="https://econsultancy.com/blog/67924-is-facebook-doing-enough-to-prevent-fraudulent-ads">are using digital ads to target consumers</a>. Long-term, that is perhaps the biggest threat to digital advertising that publishers and advertisers should be most concerned about.</p> <p><em>Want to know more, why not attend <a href="http://conferences.marketingweek.com/mc/programmatic/getwiththeprogrammatic">Get With the Programmatic</a>, Marketing Week and Econsultancy's one-day conference on 21st September in London, to hear from brand and agency experts.</em></p> tag:econsultancy.com,2008:BlogPost/67923 2016-06-09T14:43:00+01:00 2016-06-09T14:43:00+01:00 Influencer marketing is becoming a joke: What can brands do about it? Patricio Robles <p>That dark side was on display for all to see recently when Scott Disick, a television personality best known for his relationship with reality TV star and socialite Kourtney Kardashian, was caught posting an ostensibly paid promotion for Bootea protein shakes.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5705/oops-blog-flyer.jpg" alt="" width="415" height="738"></p> <p>As the screenshot above demonstrates, Disick's Bootea Instagram post was about as far from authentic as is possible and not surprisingly, Disick was subsequently teased and lambasted for his embarrassing faux pas.</p> <p>Brands should take note and heed the following advice to ensure their influencer marketing campaigns don't become a joke.</p> <h3>1. Align your brand with the right influencers</h3> <p>With 16.4m Instagram followers, Scott Disick's ability to reach a large number of people is hard to dispute.</p> <p>But why would Bootea, a health and wellness brand, align itself with a celebrity who is known for his hard-partying ways and who has made headlines for his struggles with drug and alcohol abuse?</p> <p>While Disick shouldn't be shamed for those struggles, it's hard not to think that Bootea would have been better off aligning itself with influencers whose lifestyles are more consistent with its values.</p> <p>Long-term, that is a much safer bet.</p> <h3>2. Think bigger than paid posts</h3> <p>For obvious reasons, paid posts are not going away.</p> <p>But any good influencer campaign should be more thoughtful and comprehensive than paid posts that are the social web equivalent of product placement.</p> <p>The reason for this is that paid posts alone are probably not going to move the needle, especially if those paid posts are not compelling and not clearly aligned with the influencer's persona. </p> <h3>3. Trust your influencers</h3> <p>If a brand can't trust an influencer to write his or her own 140-character tweet or caption for an Instgram post, the influencer relationship needs to be reassessed.</p> <p>Influencer content, even when paid for, should at least <em>appear</em> to be somewhat authentic.</p> <p>Here, an influencer was directed to publish a post referencing a morning protein shake in the afternoon. #fail</p> <h3>4. Co-create, and demand more</h3> <p>Naturally, brands are going to want to have some say in what influencers post.</p> <p>But a brand shouldn't have to direct an influencer to write something as simple as "Keeping up with the summer workout routine..."</p> <p>Instead, they should <a href="https://econsultancy.com/reports/influencing-the-influencers-the-magic-of-co-created-content">co-create content</a> with their influencers to ensure that they stay on message without compromising the influencer's authenticity and creativity.</p> <p><img src="https://assets.econsultancy.com/images/0007/5752/disick.jpg" alt="" width="578" height="370"></p> <p>And they should demand the latter to ensure that they don't get lazy, uninspired content like the above, which is another paid post Disick published for Bootea several weeks ago.</p> <p>Note the similarity to the botched paid post, and the fact that neither post even suggests that Disick is actually using the product. There isn't a glass in sight in either photo.</p> <h3>5. Don't ignore the rules</h3> <p>Although Disick fixed his Instagram faux pas and included the hashtag #ad to identify his post as a paid advertisement, brands looking to ensure their influencer marketing campaigns don't fail should remember not to ignore <a href="https://econsultancy.com/blog/67368-what-advertisers-need-to-know-about-the-ftc-s-new-guidance-on-native-ads/">the guidances provided by the Federal Trade Commission</a> vis-à-vis advertising disclosures.</p> <p>While the FTC obviously can't take action against every violator, <a href="https://www.ftc.gov/news-events/press-releases/2016/03/lord-taylor-settles-ftc-charges-it-deceived-consumers-through">the agency recently settled</a> with Lord &amp; Taylor after alleging that the retailer, among other things, paid Instagram fashion influencers to post pictures of themselves wearing a dress it sold.</p> tag:econsultancy.com,2008:BlogPost/67924 2016-06-07T14:22:00+01:00 2016-06-07T14:22:00+01:00 Is Facebook doing enough to prevent fraudulent ads? Patricio Robles <p>As <a href="https://medium.com/@hunchly/bait-and-switch-the-failure-of-facebook-advertising-an-osint-investigation-37d693b2a858">detailed on his blog</a>, Seitz stumbled onto this subject after noticing a provactive ad related to professional hockey player Sidney Crosby. </p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5753/fbad-blog-flyer.png" alt="" width="347" height="347"></p> <p>Seitz observed that the URL associated with the ad, ctvnews.ca, belongs to a reputable Canadian news outlet, so he clicked on the ad.</p> <p>He found himself on a website that resembled ESPN.com, not ctvnews.ca, but the domain, espn.l1dh.com, was dubious.</p> <p>Scrolling down, Seitz found a number of ads for supplements:</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5754/fbspoof-blog-flyer.png" alt="" width="358" height="344"></p> <p>At the bottom of the page were apparent testimonials, presented in the format of an embedded Facebook Comments Plugin, but it wasn't genuine.</p> <p>Instead, Seitz discovered that the creator of the page had taken photos of real people and attributed fake comments to them.</p> <p>Seitz concluded:</p> <blockquote> <p>Clearly someone has figured out how to game the Facebook system in order to run ads that look like they lead one place (ctvnews.ca) and ultimately lead to somewhere vastly different.</p> <p>Not only that but they are repeatedly using trademarked names, terms, and false information to sell product. This violates a number of Facebook advertising policies.</p> <p>My guess is that you sign up for the “Free Trial” and you are going to get dinged once a month for life. Or worse.</p> </blockquote> <p>Using Hunchly, Seitz decided to see if he could figure out how common this was.</p> <p>He quickly identified another Facebook ad on a page he had viewed months ago, this one also appearing suspicious and being associated with the URL of a legitimate Canadian news organization. </p> <p>This ad, which also eventually led to a landing page hosted on a suspicious domain, used Google's URL shortening service, so Seitz was able to determine that in a very short period of time, the shortened URL saw 26,812 clicks, at least nearly half of which originated on Facebook.</p> <p>The worrisome implication...</p> <blockquote> <p>...fraudsters can create ads that appear to point to legitimate sites, and then drive tens of thousands of clicks through to their landing pages.</p> <p>Facebook apparently is asleep at the wheel, and sadly, I feel that the general Facebook user and consumers as a whole are being victimized because of it.</p> </blockquote> <p>In an attempt to verify this, Seitz himself set up a Facebook ad campaign for Hunchly and specified that CNN.com be the display URL.</p> <p>"Surely they must catch the fact that the destination URL is not even close to the displayed URL. Surely they must see how bad this would be for the average consumer or Facebook user."</p> <p>But that wasn't the case. To Seitz's amazement, the ad was approved.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/5756/fbad2-blog-flyer.png" alt="" width="405" height="378"></p> <h3>What gives, Facebook?</h3> <p>While Seitz's proposed solution for this problem, checking to ensure that the landing page domain matches the display domain, is probably too simplistic to be viable, his investigation does raise serious questions about how well Facebook is policing ads.</p> <p>Certainly, the apparent ease with which advertisers can use display URLs referencing popular news sites is hard to understand.</p> <p>As Seitz noted,<strong> "If you tried this in Google AdWords, you would be laughed right out of your account."</strong></p> <p>One commenter suggested that the apparent fraud Seitz discovered only scratches the surface.</p> <p>"I'm afraid you have no idea how black (hint: think Archer) the black hat advertising on Facebook can go, this is not even the tip of the iceberg," he wrote.</p> <p>Others on Hacker News <a href="https://news.ycombinator.com/item?id=11839603">suggested</a> much the same thing, with one person even <a href="https://news.ycombinator.com/item?id=11841815">claiming</a> that "an affiliate acquaintance I met once bribed a Facebook employee, who set his account to autoapprove any ad he wanted.</p> <blockquote> <p>He used this to advertise Google Is Hiring: Work from Home credit card rebill offers. He told me he made $80,000 in the four days it took Facebook to discover it.</p> </blockquote> <p>Obviously, in its defense, Facebook, as one of the largest players in online advertising, has a tough job.</p> <p>Keeping up with scammers and advertisers looking to bend the rules to exploit its massive audience will realistically be an ongoing process, and Facebook isn't going to catch every black or gray hat tactic before it gets employed successfully.</p> <p>But as with any ad company, Facebook faces an inherent conflict: even though it has good reason not to let bad ads overtake its network, it still profits from them.</p> <p>The company's revenue grew a whopping 57%, from $3.3bn to $5.2bn, in the first quarter of the year, so the stakes are high. </p> <p>And with Facebook <a href="https://www.facebook.com/business/news/facebook-powered-ads-for-more-people">extending its Audience Network to show ads to non-Facebook users</a>, the stakes will soon be even higher for Facebook, legitimate advertisers and consumers alike.</p> tag:econsultancy.com,2008:BlogPost/67784 2016-04-27T11:06:15+01:00 2016-04-27T11:06:15+01:00 EU data laws: An update on GDPR & Privacy Shield Todd Ruback <p>The controversial Apple and FBI matter – where the FBI sought to compel Apple to unlock an old iPhone model as part of a domestic terrorism investigation – has already become old news.</p> <p>In the EU, terrorism in Brussels and Paris is forcing uncomfortable and morally difficult conversations about security, privacy, and fundamental human rights. </p> <p>While I am optimistic that we will arrive at a good place, the EU is enacting a flurry of powerful new privacy laws that will impact us all.</p> <h3>General Data Protection Regulation (GDPR)</h3> <p>On the 14<sup>th</sup> April 2016, the EU Parliament <a href="https://econsultancy.com/blog/67540-what-is-the-eu-general-data-protection-regulation-gdpr-why-should-you-care/">formally adopted the GDPR</a>; another legislative step in the multi-year process to overhaul the EU’s disparate data protection laws. </p> <p>The next step will be for the GDPR to be officially published, translated, and put to print in the Official Journal of the European Union, hopefully by June.</p> <p> Just 20 days following that, the two-year countdown to the GDPR taking effect will commence. </p> <p>As the GDPR winds its way through the end of this legislative process, it’s important to note how much work organisations will have to complete during this small two-year window. </p> <p>It will strengthen the individual’s control over their personal data by new rights that will be bestowed upon EU citizens, such as the right to data portability and the right to be forgotten (erasure).</p> <p><img src="https://assets.econsultancy.com/images/0007/4342/The_EU.jpg" alt="" width="800" height="600"></p> <p>On the flip side, organisations will have new codified obligations to honour the individual’s rights, and these obligations will force companies to create new privacy-centric business processes – no easy task in the best of times. </p> <p>For example, the quaint notion of “bundled” consent – those dense, unreadable Terms and Conditions buried in the footer of a site that say use of the website constitutes consent to the company’s data practices – is non-existent. </p> <p>In it’s place, companies are going to have to give prominent notice and obtain a user’s consent when a person visits their website.</p> <p>Other changes include more transparent privacy policies and the requirement to have processes for a person to access, review, and correct their personal data, as well as request that data can be easily transferred or taken from one service provider to another.</p> <p>All of this, and more, needs to be considered, created, tested, and put in place by the time the GDPR takes effect. That means you need to start now.</p> <p><strong>Why is this important?</strong> </p> <p>Namely because the EU’s data protection authorities have enhanced new enforcement powers that include the ability to penalise an organisation up to €20m or 4% of it’s annual global turnover, whichever is greater.</p> <h3>Privacy Shield </h3> <p>While the GDPR’s impact will be huge, at the same time, the evolution of the digital world continues to sprint forward. </p> <p>Similar to the Berlin Wall, digital borders have come crashing down; allowing for the natural flow of data between Member States but also between the EU and US, its largest trading partner. </p> <p>Both economies are in fact dependent upon this fundamental notion. </p> <p>However, the fledgling Privacy Shield – a heavily negotiated replacement to <a href="https://econsultancy.com/blog/67144-safe-harbor-2-0-an-update-on-eu-privacy-law/">the invalidated US Safe Harbor Program</a> – recently received a tepid review by the Article 29 Working Party (WP29).</p> <p><img src="https://assets.econsultancy.com/images/0007/4343/safe_harbor.png" alt="" width="351" height="144"></p> <p>The Privacy Shield at the highest level is a mechanism that allows organisations to transfer personal data about EU citizens to companies in the US. </p> <p>It’s needed because the EU, for a host of reasons, has not recognised the US as a country that has “adequate” data protection laws, although the US does in fact heavily regulate data protection through a variety of laws and robust enforcement. </p> <p>But because of this political fact, a negotiated agreement that created a mechanism needed to be put in place, thus the Safe Harbor Program (which became obsolete), and now the Privacy Shield.</p> <p>Although many thought-leaders have concluded that the Privacy Shield provides essentially equivalent levels of data protection as EU law, the WP29 has chosen a more cautious route, one that whilst not rejecting it, also doesn’t endorse it. </p> <p>I anticipate the Privacy Shield will be heavily challenged in the EU courts, but that it will ultimately prevail. </p> <p>Any other result would have a tremendous negative impact on both economies, which no reasonable person could want.</p> <h3>ePrivacy Directive </h3> <p>On the 12<sup>th</sup> April 2016, the European Commission began its comprehensive review of <a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">the ePrivacy Directive</a>. </p> <p>Some call it the cookie law, which requires companies to give notice and get consent before they use any sort of tracking technologies or analytics tools when you visit their sites. </p> <p>The Directive also restricts how telecom providers can treat or move electronic communications. The review aims to close any potential gaps between the ePrivacy Directive and the GDPR.</p> <p>As a stakeholder in the process, I am aware how important it is to get it right. </p> <p>Of concern to me is the separate notice and consent requirement the ePrivacy Directive has from the GDPR. </p> <p>But I am also confident that the distinct transparency requirements between the two laws can be merged so the consumer can be well informed and make meaningful decisions that are best for themselves.</p> tag:econsultancy.com,2008:BlogPost/67743 2016-04-15T14:14:27+01:00 2016-04-15T14:14:27+01:00 The five announcements from Facebook's F8 conference that you need to know about Patricio Robles <h3>Messenger Platform</h3> <p><a href="https://econsultancy.com/blog/67551-private-messaging-is-social-s-next-big-ad-frontier">Private messaging is social's next big ad frontier</a> and talk of <a href="https://econsultancy.com/blog/66234-is-facebook-about-to-open-messenger-to-content-producers-brands">Facebook opening its Messenger app to brands</a> has been circling for more than a year.</p> <p>One of the biggest announcements at the F8 conference was <a href="http://newsroom.fb.com/news/2016/04/messenger-platform-at-f8/">the beta launch of Messenger Platform</a>, which allows third parties to develop <a href="https://econsultancy.com/blog/67697-does-the-rise-of-messaging-apps-mean-brands-need-a-bot-strategy">bots</a> that interact with Messenger's 900m users. </p> <p><img src="https://assets.econsultancy.com/images/0007/3950/how-to-search-for-bots-on-messenger.jpeg" alt="" width="249" height="483"></p> <p>According to David Marcus, Facebook's VP of Messaging Products...</p> <blockquote> <p>Bots can provide anything from automated subscription content like weather and traffic updates, to customized communications like receipts, shipping notifications, and live automated messages all by interacting directly with the people who want to get them.</p> </blockquote> <p>Facebook has created a number of discovery tools to help users find bots that may be of interest to them, and users will have the ability to block communications that are unwanted.</p> <p>Facebook says it has established strict review and oversight policies to ensure that brands don't abuse its <a href="https://messengerplatform.fb.com/">Messenger Platform</a>.</p> <h3>Facebook Live API</h3> <p><a href="https://econsultancy.com/blog/67712-seven-helpful-tips-for-livestreaming-success">Livestreaming</a> is the subject of a lot of buzz today, and Facebook believes that it's a meaningful trend.</p> <p>The social network <a href="https://econsultancy.com/blog/67603-what-marketers-need-to-know-about-facebook-s-livestreaming-push">is pushing to be a livestreaming leader</a>, so it's no surprise that Facebook has built a Live API, which <a href="https://media.fb.com/2016/04/12/introducing-the-facebook-live-api/">it unveiled at F8</a>.</p> <p>Thanks to the Live API, publishers wanting to broadcast directly to Facebook can work with Facebook's Media Solutions partners, and access advanced capabilities, such as the ability to mix multiple video and audio sources and to combine the Live API with Facebook's Graph API to access live video comments, reactions, and mentions in real-time.</p> <p>According to Facebook, "You can use this information to reflect viewer engagement in real time and create on-screen graphics that show live poll results, analyze comments, and enable comment moderation."</p> <p>The Live API will also allow hardware manufacturers to integrate with Facebook Live.</p> <p>Already, a number of camera manufacturers have taken advantage of this, and drone manufacturer DJI has integrated its GO app with Facebook's Live API so that drone pilots can stream their flights.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3955/facebooklivedrone-blog-flyer.jpg" alt="" width="470" height="264"></p> <h3>Account Kit</h3> <p>Use of <a href="https://econsultancy.com/blog/66711-social-login-adoption-grows-despite-privacy-concerns">social login</a> has grown significantly in recent years and Facebook is aiming to make it even easier for consumers to access third-party apps with <a href="https://developers.facebook.com/blog/post/2016/04/12/grow-your-app-with-account-kit/">Account Kit</a>, a new tool that allows individuals to sign in with just a phone number or email address, even if they don't have a Facebook account.</p> <p><img src="https://assets.econsultancy.com/images/resized/0007/3956/12995596_1709301726022225_16641357_n-blog-flyer.png" alt="" width="470" height="299"></p> <p>Account Kit gives app owners the ability to customize UI and access analytics.</p> <p>Facebook also offers a backup notification option for users of its social network, which it says can help conversions...</p> <blockquote> <p>If a person chooses to sign into your app using their phone number, but doesn't receive an SMS, but does have a Facebook account, they can choose to receive a Facebook notification to complete the login process.</p> <p>We built this backup option to help increase your conversion rate by making sure people have more ways to log in if needed.</p> </blockquote> <p><a href="https://developers.facebook.com/docs/case-studies/saavn">According to</a> Facebook, music streaming app Saavn saw its daily signups grow by 33% within two months of adopting Account Kit. </p> <h3>New Sharing Tools</h3> <p><img src="https://assets.econsultancy.com/images/0007/3957/facebooksave.jpg" alt="" width="236" height="452"></p> <p><a href="https://econsultancy.com/blog/67733-the-facebook-context-collapse-how-decline-in-personal-sharing-might-affect-brands">Facebook is fighting "context collapse"</a> and to encourage more sharing, the company released a number of new sharing tools at F8.</p> <p>These include:</p> <ul> <li> <strong>Quote Sharing</strong>, which allows Facebook users to more easily share quotes they like from websites and apps.</li> <li> <strong>Hashtag Sharing</strong>, which gives users the ability to add a hashtag to content they share from apps.</li> <li>A <strong>Save Button</strong> that extends Facebook's Save functionality to third-party sites that integrate it.</li> </ul> <p>Additionally, Facebook has released <a href="https://developers.facebook.com/docs/sharing/insights">Sharing Insights</a> and an improved Sharing Debugger to help publishers better track sharing activity and manage their sharing integrations.</p> <h3>Rights Manager</h3> <p>Facebook's rise as an online video powerhouse is a double-edged sword for content owners which are increasingly grappling with copyright infringment issues on the world's largest social network.</p> <p>In an effort to address this, Facebook created <a href="https://rightsmanager.fb.com/">Rights Manager</a>, an online tool that gives content owners the ability to upload a reference library of their content, along with associated rules, so that possible violations can be identified and reported more efficiently.</p> <p>Content owners can apply for access to Rights Manager. Currently, Facebook says it is providing access based on need.</p> tag:econsultancy.com,2008:BlogPost/67540 2016-02-18T10:50:58+00:00 2016-02-18T10:50:58+00:00 What is the EU General Data Protection Regulation (GDPR) & why should you care? Nick Stringer <p>However, the next few years will see a ‘sea-change’ in privacy and data protection law: organisations face a new privacy challenge.</p> <h3><strong>Enter the EU General Data Protection Regulation (GDPR)</strong></h3> <p>Having just got used to the changes brought in by the <a href="http://www.iabuk.net/policy/briefings/updated-iab-factsheet-july-2015-the-revised-eprivacy-directive" target="_blank">revised ePrivacy Directive</a> (the so-called ‘<a href="https://econsultancy.com/reports/the-eu-cookie-law-a-guide-to-compliance/">cookie law</a>’) - replacing the ‘notice and opt out’ provisions for the use of cookies and other technologies to one based upon ‘consent’ - European policy-makers have agreed an update to the existing data protection legal framework dating back to 1995 (in the UK, the 1998 Data Protection Act).</p> <p>Known as the <a href="http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm" target="_blank">EU General Data Protection Regulation (GDPR)</a>, it is expected to be formally agreed in the coming months although won’t actually come into force until mid-2018.</p> <p>However, after nearly four years of debate and discussion in Brussels, it introduces new aspects that will require a different approach.</p> <p>It won’t overhaul existing data protection law completely but organisations need to sit up and take note now.</p> <h3><strong>So what’s new? </strong></h3> <p>There has been a wide range of debate about the new regulation: Will it place too many restrictions on the use of data? How will the ‘open’ internet fare? Is it a ‘milestone’ for the digital world?</p> <p>The devil is in the 200+ pages of text, but there are four specific changes to be aware of now:</p> <p><strong>1. It aims to deliver 'one law across one continent’.</strong></p> <p>In updating the existing framework, the policy-makers in Brussels wanted to take into account the world we live in today where vast amounts of digital information are collected, exchanged and used every second.</p> <p>They also sought to recognise that this world is global. To this extent, the new law is what is known as a ‘Regulation’.</p> <p>So, unlike the ‘cookie law', it will apply consistently across EU markets. However, in reality, many aspects are devolved to national jurisdictions.</p> <p><strong>2. It’s scope is broad. </strong></p> <p>The drafters will argue otherwise. But, with a few exceptions, all data is now ‘personal’ whether it directly identifies an individual or not.</p> <p>Therefore, in practice, a lot more data is swept up in the regulatory net.</p> <p><strong>3. The new law’s influence stretches beyond European shores in an attempt to recognise the global nature of data. </strong></p> <p>If an organisation is processing personal data about a person who is in the EU then the rules will apply regardless of where the organisation is located. </p> <p><strong>4. The penalties for a breach have been ramped up. </strong></p> <p>For serious violations the fine is €20m or 4% of annual global turnover, whichever is higher.</p> <h3><strong>A need for consistent &amp; practical EU-wide guidance</strong></h3> <p>The political necessity to find an agreement in Brussels before Christmas contributed to many aspects of ambiguity in the final text.</p> <p>But we should be used to this from policy-makers by now and, while organisations seek legal clarity, this may not be such a bad thing given what was on the table six months ago.</p> <p>While the Regulation will be done and dusted by the middle of this year, there will be a need for consistent and practical guidance across Europe, particularly on areas such as ‘consent'.</p> <p><a href="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg"><img src="https://assets.econsultancy.com/images/resized/0007/2056/cookie_law-blog-flyer.jpg" alt="" width="470" height="353"></a></p> <p>Working with industry, Data Protection Authorities (DPAs), such as the UK Information Commissioner’s Office (ICO), need to produce consistent EU guidance to help deliver practical, realistic and creative ways of achieving compliance.</p> <p>The experience of the ‘cookie’ law illustrates only too well that we require something that actually works for users: improving their control without interrupting their experience.</p> <h3><strong>What about the Cookie Law? </strong></h3> <p>The revised ePrivacy Directive stays in force for now.</p> <p>However, it will need to eventually align (specifically Article 5.3 regarding cookies, etc.) with the new Regulation to ensure organisations do not face ‘double-regulation'.</p> <p>There are many different views on its future and work is already underway to review it in Brussels.</p> <h3><strong>Next steps</strong></h3> <p>It is clear is that, in the next few years, the data protection and privacy landscape is going to change.</p> <p>The ICO, the UK body that will enforce the new law, has already kicked off its implementation process and it will soon have a new section of its site dedicated to this.</p> <p>It is worth organisations following this and the ICO’s updates. Those businesses and organisations that get out in front are likely to gain the advantage.</p> tag:econsultancy.com,2008:BlogPost/67144 2015-11-05T10:28:50+00:00 2015-11-05T10:28:50+00:00 Safe Harbor 2.0? An update on EU Privacy Law Todd Ruback <p>This is an important development on a number of levels. While there are other legal mechanisms that allow for the transfer of personal data outside of the EU, the Safe Harbor Program, with over 4,000 companies participating, was clearly the most popular. </p> <p>The effect of the court’s ruling was to immediately make data transfers under this program illegal. </p> <p>While some interpret the court’s ruling as politically motivated, or as wreaking havoc on a negotiated bi-lateral agreement, I see this moment as an opportunity. </p> <p>After the Snowden revelations about the NSA’s surveillance programs, our European colleagues were kind enough to enumerate 13 specific areas for improvement of the program. </p> <p>To be fair, many of them were well reasoned and I was encouraged that the Department of Commerce was open to change. </p> <p>In fact, at the time of the court’s ruling in <a href="https://en.wikipedia.org/wiki/Max_Schrems">the Schrems case</a> it was reported that the negotiators were down to a final point or two, namely the right of EU citizens to have judicial redress against US companies, and indiscriminate governmental surveillance.</p> <p><img src="https://assets.econsultancy.com/images/0006/8703/harbor.jpg" alt="" width="500" height="375"></p> <p>The court’s ruling may be just the spur to motivate the negotiators to close the gap on these last points, and I’m confident that a new understanding will emerge.</p> <p>Lost in the noise surrounding the Schrems case is a nuanced and important point that it wasn’t the framework that was invalidated, just the program. </p> <p>That means that it is subject to change and once the negotiated points are agreed upon, then the program may back in a new and improved form. </p> <p>I am hopeful that this is exactly what will occur and if it took the European Court of Justice to help us over the finish line, then they deserve a big thank you.</p> <p>Of course no one knows if Safe Harbor 2.0, as it is already being called, will indeed be born, and even if it is it may have a completely different look and feel. </p> <p>My guess is that it will be and that we can anticipate more robust monitoring and enforcement, something the FTC has already begun, and something we can all get behind. </p> <p>Some are also speculating that the Safe Harbor seal program, where approved third party providers do annual audits, may be a thing of the past.</p> <p><img src="https://assets.econsultancy.com/images/0006/8705/safe_harbor_2.0.png" alt="" width="351" height="144"></p> <p>Also, look for EU citizens securing better access to their personal data and an easier path to obtain judicial relief, an important and valid issue. </p> <p>Finally, look for a mechanism that limits certain types of governmental surveillance. </p> <p>While nobody doubts the need for governments to access data to keep citizens safe, well-reasoned policy makers also recognise the imperative to balance access to that data with citizens’ fundamental rights to privacy.</p> <p>While I hope that Safe Harbor does indeed get revamped, it is wise to prepare a Plan B, just in case it doesn’t. </p> <p>The Working Party 29, in response to Schrems, quickly convened and issued a statement reiterating that the present program is no longer a valid way to transfer data out of the EU, while also leaving the door open for a new and improved Safe Harbor to emerge. </p> <p>However, hope is not a good strategy, so the WP29 also gave clear expectations that organisations have until January 31 2016 to put in place an alternative transfer mechanism, namely either Standard Contractual Clauses or Binding Corporate Rules, both which are already on the books as approved avenues to move data. </p> <p>Implementing a Plan B, especially as we enter the end of the year, will take significant work for any company, possibly utilising outside counsel with expertise in international data transfers. </p> <p>But it is an investment well worth it as it will force us all to review our data management practices to ensure that they are still world class and that we are in fact doing what we think and say we are doing. </p> <p>In the end, this is no bad thing. </p>