CIO Influence
CIO Influence Interviews Regulation and Compliance Managment

ITechnology Interview with Fiona Campbell-Webster, Chief Privacy Officer at MediaMath

ITechnology Interview with Fiona Campbell-Webster, Chief Privacy Officer at MediaMath

“At the third anniversary of GDPR, it is evident that consumers now have greater awareness around data privacy and the use of their data.”

Hi Fiona. Please tell us about your role and the team / technology you handle at MediaMath. How did you arrive at MediaMath?

As of April, I am the Chief Privacy Officer at MediaMath. I sit on MediaMath’s Legal/Data Policy & Governance team as the legal lead for Privacy, Identity & Data Use. In this role, I am responsible for defining the privacy program and strategic policies and processes around privacy, data use, identity and compliance to ensure data is used in ethical, privacy-friendly ways that support MediaMath’s growth while honoring global data protection laws and self-regulatory obligations. I have advised various adtech companies and provided legal advice in privacy and digital marketing for many years. I also serve on the Network Advertising Initiative’s Board of Directors. Prior to joining MediaMath, I was Head Legal Counsel and DPO at Beeswax (DSP) and, prior to that, the first and sole legal counsel and DPO at TripleLift (SSP).

Tell us more about your role and how it evolved during the pandemic months? What technology / applications did you leverage to boost your remote workplace?

The last year brought many new challenges that we couldn’t have anticipated one year ago – from a global pandemic, to the proliferation of misinformation, the impending demise of third-party cookies, and the rapid emergence of CTV as consumers’ preferred channel. While I only joined the MediaMath team a few months ago, the team has been acutely aware of the challenges facing the industry, and has been working to prepare the industry for a brighter future. Most notably, in December 2020, we announced the global availability of the SOURCE digital media ecosystem, delivering upon the promise we made one year prior to develop a 100 percent accountable, addressable and aligned digital media supply chain by the end of 2020.

Read More: ITechnology Interview with Sanjay Lakhani, Principle Consultant at NTT

GDPR’s third anniversary – how have data privacy benchmarks evolved in the last 2-3 years? What lessons have organizations learned from the mistakes of others?

At the third anniversary of GDPR, it is evident that consumers now have greater awareness around data privacy and the use of their data. The European Union championing GDPR led to enhanced transparency, with a wide variety of laws globally meeting the privacy and data challenges of a digital services society, which is ultimately a positive outcome. Consumer’s voices are being heard and companies are addressing their demands, providing insight into how their data is being used.

In 2018, California was the first state to pass new general privacy legislation with the California Consumer Privacy Act (CCPA). Virginia followed suit earlier this year with the Virginia Consumer Data Protection Act (VCDPA) and Colorado became the third state on July 7, 2021 with the Colorado Privacy Act (ColoPA) which has adopted some GDPR-like requirements such as data protection assessments, data processing agreements, restrictions on processing personal data. The main roadblock to moving data privacy initiatives forward has been that some new proposed state bills have not been passed.

How do GDPR and CCPA strengthen marketing efforts? How do you manage these at MediaMath?

Privacy will be fundamental to a positive user experience. At a high level, this means letting people know in clear language what is being offered in exchange for the use of their data. Privacy legislation applies to first-party authenticated data as well as to third-party non-authenticated data. At the point of data collection, consumers must be provided with appropriate privacy law compliant disclosures about the use of the consumer’s data and the ability to opt-out, object or opt-in depending on the privacy laws regime, the type of data and the purpose of its use (primary or secondary) by the party collecting, processing, selling and sharing such data. As such, there will be a closer connection and dialogue between publishers, marketers and advertisers in their shared obligations around data use education to consumers. This requires transparency, by providing clear information about the value exchange of data for quality content that is supported by ads based on the user’s interests, and accountability by each ecosystem participant providing clear commitments to the ethical use of the consumer’s data.

Read More: ITechnology Interview with Mark Maass, EVP Strategy and M&A at Majorel

Do you think we need “One Nation-One Law” for data privacy?

This is needed for consistency so that businesses can streamline their compliance efforts. The challenge will be that states could still create complexities on a state-by-state basis. This is similar to Europe and GDPR which is meant to be harmonized but has faced challenges due to member state derogations. However, it is imperative that a federal law also focuses on balancing consumer privacy rights along with maintaining a competitive digital services business environment to ensure continued access for users to quality content and an open internet, as we are seeing play out recently in Europe and the UK with the latest combined privacy and competition interplay by the UK’s ICO (privacy) and the CMA (competition).

What role do AI and Blockchain play in influencing data privacy frameworks? Have we slowed down on GDPR adoption / compliance due to the pandemic?

AI: The concerns around algorithmic bias are already embedded within GDPR Article 22, which originally addressed the concept of high risk processing for automated individual decision making, including profiling producing significant legal or similar effects. This is fundamentally machine learning and AI, which are now being more specifically addressed by the EU’s proposal for AI Regulation published in April 2021, as part of its approach for “a resilient Europe fit for the Digital Decade”. The EU’s goal is to ensure “the benefits of improvements in industry and day-to-day life generated by artificial intelligence (AI)” are “based on rules that safeguard the functioning of markets and the public sector, and people’s safety and fundamental rights.”

Blockchain: Projects that were aimed at redefining privacy and identity through the use of blockchain in 2018 seem to have lost primetime focus in the last couple of years. However, there seems to be a re-emergence of Single Sign-on (SSO) and secure signature processes within parts of privacy preserving the technical solutions being considered by the industry for responsible, addressable media post third-party cookies.

GDPR Adoption: The GDPR adoption/compliance has not changed or slowed down due to the pandemic. During this time companies processing personal data have continued to deploy signifcant privacy compliance resources. For instance, following the EU-US Privacy Shield being declared invalid, companies have been faced with the operational challenges of international data transfers by implementing contractual safeguards and existing Standard Contractual Clauses (SSCs) with partners and clients on the supply chain. More recently, companies must now analyze and start the process of implementing new SSCs. GDPR compliance is and will continue to be an ongoing process.

Read More: ITechnology Interview with Anthony Pillitiere, Co-Founder and CTO at Horizon3.AI

Your opinion on the idea of reskilling needed within data management industry for high-growth industries such as healthcare, marketing and advertising:

Global Privacy compliance is becoming increasingly challenging as, following on from GDPR and CCPA, more countries and states are implementing their own privacy laws each with its own nuanced approach to compliance requirements. One size does not fit all, so tailoring a global privacy compliance program to the highest standards of GDPR compliance is not practical for companies doing business in local jurisdictions. As automated compliance processes will only cover so much, complexities for nuanced global privacy compliance presents further operational challenges leading to an increased need for privacy legal professionals, privacy technologists, data ethicists and privacy UX designers. As societies continue to globally communicate, transact and innovate digitally, these experts will be essential to building products, systems and processes based on the fair information principles and privacy by design, by providing transparency and choice for consumers along with transparency and accountability of companies and governments.

Tag a person in the industry whose answers you would like to see here:

Ashok Chandra, Senior Privacy Counsel, Criteo

Thank you, Fiona! That was fun and we hope to see you back on itechnologyseries.com soon.

[To participate in our interview series, please write to us at sghosh@martechseries.com]

Fiona Campbell-Webster, Esq, CIPP-E, is a privacy leader with over 20 years of experience advising media and digital companies.

Fiona joines MediaMath as the Chief Privacy Officer and sits on MediaMath’s Legal/Data Policy & Governance team as the legal lead for Privacy, Identity & Data Use. In her role, she is responsible for defining the privacy program and strategic policies and processes around privacy, data use, identity and compliance to ensure data is used in ethical, privacy-friendly ways that support MediaMath’s growth while honoring global data protection laws and self-regulatory obligations.

Before MediaMath, Fiona was Head Legal Counsel and DPO at Beeswax (DSP), and prior to that she was the first and sole legal counsel and DPO at TripleLift (SSP).

Fiona was born in England, grew up in Brisbane Australia and she has worked and lived in London, New York and Melbourne Australia. As a result, Fiona has local experience and a global perspective to contribute to industry efforts for solving global challenges facing both consumer privacy and identity, and healthy competitive digital markets, in an internet connected ad-supported world.

MediaMath Logo

MediaMath helps the world’s top brands deliver personalized digital advertising across all connected touchpoints. Over 9,500 marketers in 42 countries use our enterprise software every day to launch, analyze, and optimize their digital advertising campaigns across display, native, mobile, video, audio, digital out of home, and advanced TV formats. Founded in 2007 as a pioneer in “programmatic” advertising, MediaMath is recognized as a Leader in the Gartner 2020 Magic Quadrant for Ad Tech and has won Best Account Support by a Technology Company for two years in a row in the AdExchanger Awards.

MediaMath initiated an industry-wide effort to create a 100% accountable, addressable and aligned supply chain through SOURCE ecosystem. SOURCE by MediaMath is a technical and commercial framework for agencies, brands, tech companies, and content owners designed to provide long-term sustainable solutions for a clean digital media supply chain with brand-safe, viewable inventory. MediaMath has offices in 15 cities worldwide and is headquartered in New York City.

Related posts

CIO Influence Interview with Brian Conroy, Executive Vice President and Director at IDA Ireland

Sudipto Ghosh

ITechnology Interview with Neal Gottsacker, Chief Product Officer at Nintex

Sudipto Ghosh

CIO Influence Interview with Brendan Peter, Vice President of Global Government Affairs for SecurityScorecard

Sudipto Ghosh

Leave a Comment