Does Your Agency Need a Chief Privacy Officer?

When the CEO of the second-largest owner of ad agencies talks, people listen. So when John Wren, at an industry conference this past March, declared that agencies should think about hiring chief privacy officers, he signaled an important moment in the evolution of the agency business. In the broader business community, the chief privacy officer is hardly a new concept. Companies such as Microsoft and IBM that play in large amounts of consumer data installed such roles years ago, as have less-famous direct-marketing companies. But thus far, the role hasn't been necessary at ad agencies for a lot of reasons, top of the list being that data wasn't always so crucial to the business. And when it was, it could be outsourced to a third party. But as advertising becomes more intertwined with consumer data, especially in behavioral-targeting campaigns, and agencies become more deeply entrenched in the regulatory thicket of digital privacy, that could very well change. So should agencies be taking Mr. Wren's observations seriously and hiring a chief privacy officer? Probably not right now. That was the consensus after I spoke to a number of players close to the issue. Still, it's quite clear that every agency needs to figure out how consumer-privacy issues affects it and fast. What I was told is this: All agencies need to understand whether and how consumer privacy issues touch their business. For digital shops and media buyers, for instance, it will be more of a priority than at purely creative shops working more in the crafting of ads than in their distribution. There does need to be oversight at the agency, everyone seems to agree, but not necessarily in the form of a c-suite executive for whom it's the only duty. "Embrace privacy, have consistent privacy messaging, have privacy programs, and have someone responsible for compliance," advised Carla Michelotti, exec VP-chief legal, government and corporate affairs officer at Publicis Groupe's Leo Burnett. "If that person is a chief privacy officer, they need to know that they're going to be impacting marketing, IT, and finance. Knowing what I know about companies, that makes for an interesting dynamic." Ms. Michelotti says she's wary of agencies appointing a chief privacy officer as though that hire alone solves the problem. There are underlying organizational challenges and personal liability that comes with the role. She favors the notion of privacy-by-design supported by the FTC. It's been described as: "a roadmap to integrate privacy considerations into business models, product development cycle and new technologies." The distinction here is between just giving someone a title that may or may not have any clout vs. baking privacy awareness into key processes. Randall Rothenberg, president-CEO of the Internet Advertising Bureau, was warmer to the idea, with some key qualifications that recognize that hot-button political issue digital privacy has become. "In the ideal world, what you would want to have is a chief data officer, because the uses and misuses of data transcends the privacy cliché," he said. "But given the politically charged environment, because of the way anti-business opposition groups are looking at the issue, it may make perfect sense for agencies and media companies, and marketers to have chief privacy officers." Among agency executives, the person probably most involved in talks on the topic of privacy is John Montgomery, chief operating officer of Group M Interaction, part of the WPP-owned media-buying firm that manages more than $70 billion in client spending. WPP has been the most aggressive of the holding companies in investing in its own data-collection capabilities. As a result, WPP manages a sizable amount of consumer data for its clients, and the issue cuts close to home. When I visited Mr. Montgomery in his office, not far from New York's Penn Station, the South African native immediately burst into an excited story about his recent testimony before Congress. As it turns out, Mr. Montgomery might be the closest thing there is a to chief privacy officer in today's agency landscape. He spends, by his count, 40% to 50% of his time on privacy matters. He has an operations person who's spending even more time educating clients about the particulars of the issue, especially trying to ram home the importance of the industry's self-regulation program. That program revolves around an icon that brands can display in or near behaviorally-targeted ads. Clicking on it leads to disclosure and an opt-out mechanism. He's also recently been named chairman of an American Association of Advertising Agencies committee dedicated to addressing of internet privacy. Mr. Montgomery's thoughts on the need for a chief privacy officer are, as a result, a bit different than some of his peers'. "If it's a person who's well-integrated into the organization and can execute things ... I think it's a fantastic thing," he said. "If it's a legal person who's going to attend meetings and try and limit liability, it's not totally useless, but I don't think it's going to do what we really need to do, which is to communicate to our client base and get our consumer base educated about why behavioral advertising is really useful and vital to a free internet." It's no secret that online advertising has become more reliant on consumer data collected from any number of sources, including people's browsing behavior. Advertisers can tell a good deal about the likes and dislikes of anonymous web users and what products and services they might be in the market for. The development has spurred some powerful politicians and journalists to frame the practice as a rather stark question: Are corporations spying on your movements online? Just this month, U.S. Sens. John McCain and John Kerry introduced a Consumer Bill of Rights that touches on online privacy. But that legislation is far from the doomsday scenario that would see users en masse prevent advertisers from following their movements around the internet. Before long, do-not-track buttons will be placed on all major browsers except Google's Chrome, creating an easy way to opt out of behavioral targeting. "If they opt out in large numbers, say 60% or 70%, the threat then really is that our advertising becomes less effective, that the internet doesn't grow as fast as it's growing," Mr. Montgomery said. "And it will restrict the amount of new capital that flows into the startups, which will suit the big established players who already have a base." Agencies could lose, too. Framed as it has been recently by politicians and journalists, it's easy to think of data as risk, but it's not just that. Data is one of adland's greatest growth opportunities, probably even warfing social media. Consider the number of ad-tech startups, many of which were created to collect and then slice and dice consumer info. And data is no less crucial to the future growth of mature agencies that buy media or do direct marketing, the latter of which has for years used consumer information collected from a variety of sources to send direct mail and email to customers. The work of fending off regulation has typically fallen to publishers, search-engine companies, ad networks and those technology and data companies that facilitate targeting. Agencies, with some exceptions, have been less involved. Mr. Rothenberg calls that part of a history of "abdication" that stems from the in-between nature that's inherent to the definition of an agency: they act as agents for other companies. "Data stewardship" is one of the areas where responsibility has been passed along. "They have had a tendency over the decade to pass on a lot of responsibility, for example, to the media companies," he said. Nancy Hill, who's Mr. Rothenberg's counterpart at the American Association of Advertising Agencies, is trying to change that: "We think it's an important issue in the broader context of how our industry is viewed. Consumer confidence in how we're using our data is essential in keeping the new targeting tools available to us as marketers. We don't want those to go away." That's all well and good, but by this point it's clear that, while important, industry compliance will only get you so far. Ultimately it'll be up to consumers to choose whether to turn off behavioral targeting by pushing a button on their browsers or leave it on. Everyone in the industry, from media owners to agencies, talks about the importance of getting your average web users to understand the "value chain," in which targeted advertising is linked to free internet content. Put a different way, that means that consumers need to understand that unless they're willing to share some of their data, using the web will cost them more. And that entails talking to clients about the icon and also education, likely to manifest in the form of a new campaign currently being discussed by the trade organizations. You know, advertising -- something agencies know a little about.

Does Your Agency Need a Chief Privacy Officer?

Featured Stories