Chris Brinkworth, Liam Walsh, Jason Fonseca launch martech and data compliance advisory, warn brands, agencies failing basics
Former Facebook and eMitch execs Liam Walsh and Chris Brinkworth think Australian brands and agencies face serious fallout from incoming data privacy law changes – and lack the resource and wherewithal to solve them. Along with martech and data specialist Jason Fonseca, they have launched a new consultancy housed within Melbourne-based communications holdco Civic Group. They already look busy.
What you need to know:
- Privacy Act overhaul changes the definition of personal data and increase fines five fold.
- Few brands and agencies have visibility of their data supply chain and whether customers consented for their data to be used.
- Small agencies have insufficient data expertise and resource to manage challenge for brands, while agency holding groups cannot be tech agnostic, claims Brinkworth.
- Walsh says brands reliant on cloud providers, platforms, agencies and publishers to provide a mishmash of compliance is risky at best.
Generally, agencies are not ready for what's coming, because they don't understand the true technical depth to which GDPR and CCPA go to.
Former Facebook and eMitch execs Liam Walsh and Chris Brinkworth have broken cover with a new martech and data consultancy aiming to capitalise on looming changes to Australia’s data privacy laws. They warn the Privacy Act overhaul will change the way brands, agencies and publishers can do business – and pile shareholder and regulatory pressure on firms that bungle data compliance.
Jason Fonseca (martech consultancies, EY, CHE Proximity) and Jason Aldworth are also driving the new business, housed within Melbourne-based comms holding company The Civic Group. The new unit, Civic Data, will work with brands and agencies nationally.
While media and marketing is at the sharp end, given its key role in data collection and customer profiling, the ramifications of Australia’s privacy overhaul will cut across all aspects of business, ultimately landing with the CEO. If customer data is not fully traceable across the supply chain, Brinkworth said businesses will find they are only as strong as their weakest link, known or unknown.
Privacy Act impact
An outline of Australia’s new data privacy regime is due to land within days via draft changes to the Privacy Act, with companies facing beefed up fines and aggressive policing of more explicit definitions of what constitutes personal data, lawyers last week told Mi3.
The draft paper is expected to flag increased penalties for breaches of the Act from $2.1 million to $10m or 10 per cent of annual Australian turnover, plus legislation to create a code of conduct requiring transparent data use from social media platforms.
“The key things people need to understand are what their key datasets are, where they’re getting it, what they’re telling people at the moment, and whether they’ve got consent attached to that data,” said Sophie Dawson, a Technology Media and Telecommunications partner at law firm Bird & Bird.
“I think the change to the ‘personal information’ definition, combined with the increased enforcement risk and penalties are the most important changes from an ad tech perspective.”
Patchy compliance
Cursory interrogation of Australian brand websites suggests many are non-compliant, said Brinkworth. He suggested independent agencies are also at risk of being picked off by holding companies touting greater data compliance capability and attempting to lock clients into their tech stacks, though he thinks few groups are as advanced as they claim.
Liam Walsh, former Facebook, Microsoft Ads and Amobee lead and now non-executive chairman at Civic Data, said the same applies to platforms.
“Their compliance capability is high, but as it pertains to their core business, i.e. CRM or ad serving; it will be robust, but narrow. So the agency group can do the bit that they are good at, the marketing cloud provider or platform can do the bit that they are good at. But then you have multiple parties offering compliance advice on the piece that they handle – and the brand has to hope it all comes together without any gaps,” said Walsh. “But that is not a great way to live.”
Co-founder and executive director, Jason Fonseca, has worked across most of the big four banks as a martech and data consultant, alongside airlines, insurance and some of Australia's biggest media companies. He said the scale of the challenge should not be underestimated.
“Over the past ten years, I've experienced well-intentioned data architecture implemented in ways that have, unfortunately, made it near impossible for an organisation to maintain customer rights over data,” he said.
As such, Brinkworth thinks many firms are facing a “heart-stop moment”, running the risk of non-compliant data – for example, customer IDs without robust, traceable consent – contaminating broader business activity and undermining growth potential.
He believes Australia has insufficient resource to address non-compliance and urged brands to tread carefully when outsourcing responsibility.
“If the data you're using as a marketer is stored within a data management platform [DMP], the average account director at your vendor or your agency would think that's all they need to know. But they do not know that the DMPs themselves use several different cloud hosting platforms. And that data is also now located on those different cloud hosting platforms,” said Brinkworth. Which means the data linkages – and compliance risks – are exponential, and potentially unknown.
“Generally, agencies are not ready for what's coming, because they don't understand the true technical depth to which GDPR and CCPA [the Californian data protection regulation equivalent] go to,” added Brinkworth.
He, Fonseca, Walsh and the Civic Data partners are banking on the capability vacuum to drive significant demand imbalance.