Alphabet Inc.’s Google has agreed to meet with a group of publishers next week at four of its global offices to discuss their concerns about its preparations for Europe’s forthcoming General Data Protection Regulation, according to people familiar with the matter.
Some publishers have been critical of Google’s stance on the sweeping new data-protection law and worry the tech giant’s moves might further consolidate its position as the dominant digital advertising player.
Google has told publishers using its advertising-technology tools they will need to obtain user consent on its behalf to gather personal information on European users to target ads at them. Elsewhere, the company hasn’t yet signed up to an industry-wide framework many publishers will be using to ask for user permission on behalf of their various ad-tech partners—further complicating an already confusing situation.
And some publishers are concerned that Google’s optional alternative to that service, a free consent management platform called Funding Choices, requires that they limit the number of ad-tech vendors they work with.
Last month, four trade bodies—the News Media Association, News Media Alliance, European Publishers Council and Digital Content Next—which together represent thousands of publishers in the U.S. and Europe, sent a letter to Google Chief Executive Sundar Pichai, lambasting the company for “waiting to the last minute” to announce its GDPR proposals, which the trade groups say “undermine the fundamental purposes” of the regulation.
Earlier this week, Google invited the four trade bodies’ leadership, plus two board members from each, to attend meetings with its executives hosted at its offices in New York, Washington DC, San Francisco and London on May 24.
A Google spokeswoman said the company had spoken over the past year with more than 10,000 of its publisher, advertiser and agency partners through events, workshops and other conversations about the changes it is making to be compliant with GDPR.
“We will continue to open our doors to our publisher partners to engage in these discussions on GDPR compliance,” the spokeswoman said.
The new regulation, which comes into effect on May 25, in many cases requires companies to obtain affirmative consent to use European residents’ personal information. Companies found in violation of the sweeping regulation will face fines of up to 4% of their annual global revenue, or €20 million, whichever is larger.
Google has been trickling out updates to its policies on its GDPR plans to publishers since around March.
The vast majority of publishers rely on Google’s advertising technology to monetize their websites. Publishers had already spent months investing in their own GDPR approaches and Google’s eleventh-hour announcements have caused angst as publishers scramble to make changes.
One concern for some publishers is that Google is seeking publishers using its ad-tech to let it be a “co-controller” of their users’ data.
Under GDPR rules, a “controller” is the company that determines the purposes and means for processing of personal data. A “processor” is a third-party vendor that digests data on behalf of the controller and keeps records of personal data and processing activities. The controller must ensure its processors’ contracts are in compliance.
In the letter sent in April, the publisher bodies expressed concerns Google would be relying on publishers to obtain consent for the processing of personal data on its behalf, yet ultimately, they said, Google would decide how and when that data would be made available to others.
“By imposing your own standard for regulatory compliance Google effectively prevents publishers from being able to choose which partners to work with,” the letter read.
Google has said the “controller” designation does not give it any additional rights to publisher data than before.
Earlier this month, Google also created an optional free tool for publishers to help them obtain consumer consent for data to be processed by the various ad-tech vendors they use to monetize their websites.
But Google is currently stipulating publishers using the Funding Choices consent tool can only list a maximum of 12 vendors, including Google, having found in user testing that was the optimal number that balanced user experience and regulatory guidance.
Most large publishers don’t just work with a dozen vendors, they work with dozens. To use the tool, some publishers would need to dramatically pare down the number of vendors they partner with—which might ultimately benefit Google at the expense of its competitors. They can also use alternative consent-management platforms and continue to use Google’s advertising products.
One option is to use a framework developed by digital-advertising trade body IAB Europe where ad-tech vendors can place listings about what they do with user data that publishers can display in their consent requests. Google has yet to sign up to the framework and it’s still not clear how the two consent systems will be able to work together.
Google has said it will continue to engage with IAB Europe on the framework and work to ensure industry solutions are interoperable with its publisher ad-serving products.
Ahead of the meeting next week, publishing trade bodies are still seeking written responses from Google to the seven questions they set out in their April letter. Those include questions on whether Google will be explicit about the purposes for which it requires consent from end users and how the company will seek publisher input if it makes further changes to its GDPR policies.
Write to Lara O’Reilly at lara.oreilly@wsj.com