Compliant analysis a 'wake-up call' for travel on hidden data protection breaches

Compliant analysis a 'wake-up call' for travel on hidden data protection breaches

The compliance technology firm analysed more than 500 of the world's top advertisers and publishers for its first Data Privacy: The Compliance Illusion report

Travel brands have been warned they could be in breach of European data protection rules without knowing it.

The results of an analysis by recently launched digital marketing compliance firm Compliant on travel websites has been described as a 'wake-up call' for the industry after many contain unauthorised links to third party data resellers were uncovered.

Complaint conducted the research between August and September for its 2022 Data Privacy: The Compliance Illusion report on more than 500 of the world’s top advertiser and publisher websites using its automated Data Safety Index.

It found the average travel site contains 16 piggybacked third-party tags that are making data calls but are often not authorised or placed within the site by the domain owner.

Data security has become increasingly important since Europe brought in General Data Protection Regulation in 2018 under which firms face huge fines based on their global turnover if found to be in breach. 

Although European publishers have made efforts to reduce the number of data resellers within their sites since GDPR came in, on average, travel sites were found to contain multiple unauthorised data resellers.

Compliant said that while 91% of EU advertisers now employ Content Marketing Platforms on their owned and operated sites, 88% of them have consent irregularities.

This means data is being passed before consent is received and Compliant says “always-on CMP accuracy monitoring is critical for brands to mitigate regulatory risk”.

Jamie Barnard, Compliant chief executive, said: “The lack of transparency in the digital media supply chain means that travel companies have limited visibility of the intermediaries operating on or through their websites, making the ongoing detection and management of unlawful and unethical data practices a significant challenge. 

“Our 2022 audit report, ‘Data Privacy: The Compliance Illusion’ is the largest evaluation of digital marketing compliance ever undertaken, covering over 86% of all European web traffic. 

“The results are a wake-up call for the industry, with travel brands and publishers exposing themselves to regulatory and reputational risk. 

“For example, on one major hotel chain’s site we found a CMP passing data before consent was given. Upon closer inspection, the website has 39 vendor tags piggybacked into the site and five data sellers. These are some of the highest numbers we’ve seen across all industries.

“We’re here to give companies the tools they need to be compliant in a world of constantly evolving privacy expectations. Current market solutions are not fit for purpose. Automating privacy compliance with an always on platform is the only viable option.”

Compliant was established to help brands and publishers monitor, measure, and benchmark privacy compliance across digital media supply chains.

The firm said intensified regulatory scrutiny makes it essential that travel firms “balance the increasing demand for data with rising consumer expectations of transparency, choice and control”.  

GDPR fines increased by 40% in 2020/21 as authorities shifted their focus from the big tech firms to smaller businesses across multiple sectors, including travel, which is particularly vulnerable to data breaches due to the amount of personal customer information they have.

Compliant warned fines for breaches represent just a fraction of the real cost to business with forensic investigations, external legal fees, improved security measures, lost data, reputational damage, and loss of employee confidence all adding up.

“Manual compliance of the digital advertising ecosystem isn’t viable given the scores of intermediaries collecting and sharing data, the speed of transactions, and the intensity of the resource requirements to do so,” Compliant added.

“The industry needs an automated tool independent of the CMP that routinely monitors, measures, and benchmarks privacy compliance across the digital supply chain. The Compliant platform gives brands and publishers full transparency of their data supply chain – who has access to it, what they use it for, who they share it with and what they do with it – helping brands build a better, safer web.”