AiThority Interview with Fiona Campbell-Webster, Chief Privacy Officer at MediaMath

Hi Fiona. Please tell us about your role and the team / technology you handle at MediaMath. How did you arrive at MediaMath?

As of April, I am the Chief Privacy Officer at MediaMath. I sit on MediaMath’s Legal/Data Policy & Governance team as the legal lead for Privacy, Identity & Data Use. In this role, I am responsible for defining the privacy program and strategic policies and processes around privacy, data use, identity and compliance to ensure data is used in ethical, privacy-friendly ways that support MediaMath’s growth while honoring global data protection laws and self-regulatory obligations. I have advised various adtech companies and provided legal advice in privacy and digital marketing for many years. I also serve on the Network Advertising Initiative’s Board of Directors. Prior to joining MediaMath, I was Head Legal Counsel and DPO at Beeswax (DSP) and, prior to that, the first and sole legal counsel and DPO at TripleLift (SSP).

Tell us more about your role and how it evolved during the pandemic months? What technology / applications did you leverage to boost your remote workplace?

The last year brought many new challenges that we couldn’t have anticipated one year ago – from a global pandemic, to the proliferation of misinformation, the impending demise of third-party cookies, and the rapid emergence of CTV as consumers’ preferred channel. While I only joined the MediaMath team a few months ago, the team has been acutely aware of the challenges facing the industry, and has been working to prepare the industry for a brighter future. Most notably, in December 2020, we announced the global availability of the SOURCE digital media ecosystem, delivering upon the promise we made one year prior to develop a 100 percent accountable, addressable and aligned digital media supply chain by the end of 2020.

Read More: AiThority Interview with Will Hayes, CEO at Lucidworks

GDPR’s third anniversary – how have data privacy benchmarks evolved in the last 2-3 years? What lessons have organizations learned from the mistakes of others?

At the third anniversary of GDPR, it is evident that consumers now have greater awareness around data privacy and the use of their data. The European Union championing GDPR led to enhanced transparency, with a wide variety of laws globally meeting the privacy and data challenges of a digital services society, which is ultimately a positive outcome. Consumer’s voices are being heard and companies are addressing their demands, providing insight into how their data is being used.

In 2018, California was the first state to pass new general privacy legislation with the California Consumer Privacy Act (CCPA). Virginia followed suit earlier this year with the Virginia Consumer Data Protection Act (VCDPA) and Colorado became the third state on July 7, 2021 with the Colorado Privacy Act (ColoPA) which has adopted some GDPR-like requirements such as data protection assessments, data processing agreements, restrictions on processing personal data. The main roadblock to moving data privacy initiatives forward has been that some new proposed state bills have not been passed.

How do GDPR and CCPA strengthen marketing efforts? How do you manage these at MediaMath?

Privacy will be fundamental to a positive user experience. At a high level, this means letting people know in clear language what is being offered in exchange for the use of their data. Privacy legislation applies to first-party authenticated data as well as to third-party non-authenticated data. At the point of data collection, consumers must be provided with appropriate privacy law compliant disclosures about the use of the consumer’s data and the ability to opt-out, object or opt-in depending on the privacy laws regime, the type of data and the purpose of its use (primary or secondary) by the party collecting, processing, selling and sharing such data. As such, there will be a closer connection and dialogue between publishers, marketers and advertisers in their shared obligations around data use education to consumers. This requires transparency, by providing clear information about the value exchange of data for quality content that is supported by ads based on the user’s interests, and accountability by each ecosystem participant providing clear commitments to the ethical use of the consumer’s data.

Read More: AiThority Interview with Lauren Vaccarello, Chief Marketing Officer at Talend

Do you think we need “One Nation-One Law” for data privacy?

This is needed for consistency so that businesses can streamline their compliance efforts. The challenge will be that states could still create complexities on a state-by-state basis. This is similar to Europe and GDPR which is meant to be harmonized but has faced challenges due to member state derogations. However, it is imperative that a federal law also focuses on balancing consumer privacy rights along with maintaining a competitive digital services business environment to ensure continued access for users to quality content and an open internet, as we are seeing play out recently in Europe and the UK with the latest combined privacy and competition interplay by the UK’s ICO (privacy) and the CMA (competition).

What role do AI and Blockchain play in influencing data privacy frameworks? Have we slowed down on GDPR adoption / compliance due to the pandemic?

AI: The concerns around algorithmic bias are already embedded within GDPR Article 22, which originally addressed the concept of high-risk processing for automated individual decision making, including profiling producing significant legal or similar effects. This is fundamentally machine learning and AI, which are now being more specifically addressed by the EU’s proposal for AI Regulation published in April 2021, as part of its approach for “a resilient Europe fit for the Digital Decade”. The EU’s goal is to ensure “the benefits of improvements in industry and day-to-day life generated by artificial intelligence (AI)” are “based on rules that safeguard the functioning of markets and the public sector, and people’s safety and fundamental rights.”

Blockchain: Projects that were aimed at redefining privacy and identity through the use of blockchain in 2018 seem to have lost primetime focus in the last couple of years. However, there seems to be a re-emergence of Single Sign-on (SSO) and secure signature processes within parts of privacy, preserving the technical solutions being considered by the industry for responsible, addressable media post-third-party cookies.

GDPR Adoption: The GDPR adoption/compliance has not changed or slowed down due to the pandemic. During this time companies processing personal data have continued to deploy significant privacy compliance resources.

For instance, following the EU-US Privacy Shield being declared invalid, companies have been faced with the operational challenges of international data transfers by implementing contractual safeguards and existing Standard Contractual Clauses (SSCs) with partners and clients on the supply chain. More recently, companies must now analyze and start the process of implementing new SSCs. GDPR compliance is and will continue to be an ongoing process.

Read More: AiThority Interview with John Stamer, Vice President & GM of Americas Services at Lenovo

Your opinion on the idea of reskilling needed within data management industry for high-growth industries such as healthcare, marketing and advertising:

Global Privacy compliance is becoming increasingly challenging as, following on from GDPR and CCPA, more countries and states are implementing their own privacy laws each with its own nuanced approach to compliance requirements. One size does not fit all, so tailoring a global privacy compliance program to the highest standards of GDPR compliance is not practical for companies doing business in local jurisdictions. As automated compliance processes will only cover so much, complexities for nuanced global privacy compliance presents further operational challenges leading to an increased need for privacy legal professionals, privacy technologists, data ethicists and privacy UX designers. As societies continue to globally communicate, transact and innovate digitally, these experts will be essential to building products, systems and processes based on the fair information principles and privacy by design, by providing transparency and choice for consumers along with transparency and accountability of companies and governments.

Tag a person in the industry whose answers you would like to see here:

Ashok Chandra, Senior Privacy Counsel, Criteo

Thank you, Fiona! That was fun and we hope to see you back on AiThority.com soon.