Sorry, we could not find the combination you entered »
Please enter your email and we will send you an email where you can pick a new password.
Reset password:


By Thomas Baekdal - April 2019

How Bounty's £400,000 privacy fine also impacts publishers. And More about machine learning and publishers

This is an archived version of a Baekdal Plus newsletter (it's free). It is sent out about once per week and features the latest articles as well as unique insights written specifically for the newsletter. If you want to get the next one, don't hesitate to add your email to the list.

In this edition:

Plus: Machine Learning is like black-magic for publishers

I recently wrote an article about the importance for publishers to measure time in a far more nuanced way, and as part of that article, I talked about how we could use machine learning to create more useful dashboards for it.

However, while machine learning is a powerful tool, we need to think about how can we turn what we learn into actions, and how we can use it to identify what to do next.

In my latest Plus article, I'm taking a much more in-depth look into this, to help you as an editor or a media executive to understand how it actually works.

Read more: Machine Learning is like black-magic for publishers

British parenting site Bounty was fined for sharing 34.4 million records with data brokers

You might remember how I, several months ago, talked about Bounty and GDPR. And the case has now been closed. Bounty has been fined £400,000 for sharing personal data with 3rd parties by UK's Information Commissioner's Office.

This is one of those cases that has a significant impact on publishers and the implications on the future of privacy legislation, because Bounty was doing the same as what most publishers do today.

But let me very quickly summarize the key points.

First of all, Bounty is not a tech company; they are far more like a publisher/ecommerce site, where the way they were dealing with personal data is the same as what we see with every other magazine or newspaper.

In other words, they had included several 3rd party data partners on their site, with the aim of providing more personal advertising and direct marketing.

Secondly, they approached GDPR similar to other publishers also do it today, where they thought that just getting generalized 'consent' was enough.

Specifically, if we go in and read the actual ruling, you will notice a lot of commonalities what you see on most publisher's sites.

So far this should sound familiar to any publisher because this is almost identical to what we see from most publishers.

However, the UK Information Commissioner's Office (ICO) disagrees. And it has ruled this:

And so the result was this:

So, as you can see, the ICO isn't kidding around here. Every single thing that Bounty did is also what most publishers do, and ICO ruled that all of it was illegal.

It's not legal to tell people that they have to give up their privacy to get access to a service. It's the same as what GDPR is focusing on. It's not legal to turn privacy data into a currency.

When getting consent, it's not legal to just show them a generalized consent dialog. It has to be informed, explicit, minimized ... and ever after all that, live up to what people would reasonably expect.

The ICO does not consider sending personal data to a 3rd party for 'marketing purposes' to be a reasonable expectation.

But most of all. ICO didn't go after these 3rd party marketing companies, they went after Bounty. The reason is that Bounty is the data controller, and as such is the party fully responsible for the data collected for its user/readers.

It's the same with publishers. You cannot just point your fingers at Google and say "but they are the ones doing it". As a publisher, you are the 'data controller' for all the data collected via your sites about your readers. This makes you solely responsible, which also mean you are the one who will get fined.

Google might be fined for other things unrelated to what you do as a publisher (which there are several ongoing cases about), but it doesn't protect or exempt you as a publisher.

And it's only a matter of time before they are going to come after publishers, because every publisher is breaking these rules as well. And even if the EU isn't going to come after publishers directly (at first), I can guarantee you that the many privacy activists will do so instead.

So take note of this. The consent dialogs, privacy notices and third-party integrations that you have today are all fundamentally illegal.

This is an archived version of a Baekdal Plus newsletter (it's free). It is sent out about once per week and features the latest articles as well as unique insights written specifically for the newsletter. If you want to get the next one, don't hesitate to add your email to the list.


The Baekdal Plus Newsletter is the best way to be notified about the latest media reports, but it also comes with extra insights.

Get the newsletter

Thomas Baekdal

Founder, media analyst, author, and publisher. Follow on Twitter

"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made ​​himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé


—   newsletter   —


The Audience Relevance Model


The future outlook of the brand+publisher market


Can magazines mix advertising and subscription? And what about password sharing?


What happens when you ask an AI to do media analysis?


Operational security and the dangers of online sharing for journalists


How to think about AI for publishers, and the end of the million views