With less than 100 days to go until the European Commission’s new General Data Protection Regulation, the ad-tech industry is preparing themselves for what Criteo CEO Eric Eichmann calls an “evolution, not revolution.”
The GDPR replaces the 1995 Data Protection Directive and harmonizes the various data privacy laws that exist across all 28 member states, including the UK. It provides European consumers important protections, including the power to stop companies anywhere in the world from collecting and processing their personal data.
The objectives of the regulations are to:
- Modernize the legal system to protect personal data in an era of globalization and technological innovation.
- Strengthen individual rights while reducing administrative burdens to ensure a free flow of personal data within the EU.
- Bring clarity and coherence to personal data protection rules and ensure consistent application and effective implementation across the EU.
The rules won’t just apply within Europe but to any global company processing EU citizens’ data, with penalties of up to 4% of global turnover if they don’t comply.
The main question on the industry’s mind is: will the new data protection legislation coming on May 25 be apocalyptic for the ad-tech industry, or just a mild hindrance?
In three separate interviews with Beet.TV, three ad-tech leaders share their thoughts on GDPR and how they see the industry changing.
Preparing for the Unknown
While the implications of these changes seem capable of sending the industry into a tailspin, for AppNexus publisher strategy SVP Tom Shields, many of GDPR’s full effects won’t be known until it comes into effect this May.
“There certainly have been doomsayer predictions who have said that the result of this is only going to be that the large companies get larger, and all the small companies die out,” says Shields. “I don’t think that’s the case.
“While the broad outlines of the legislation are reasonably well understood, there’s an awful lot of detail that’s still going to need to be worked out and tested over time.”
The one sure thing that companies can do, is educate themselves and their customers on the tenants of the regulation, and invest and prepare for it to the best of their ability.
“AppNexus is putting a lot of our code into open-source,” adds Shields, “so that we can enable smaller publishers and smaller technology providers to continue to be able to survive and thrive in this new world.”
Accelerating Towards People-Based Marketing
For LUMA partners CEO Terence Kawaja, the implications of the GDPR as “an accelerant to some narratives and trends that are happening otherwise.”
“That was a trend in any event that was driving people away from the anonymous tracking that we’d used cookies for that grew up in a desktop environment,” says Kawaja. “We already saw that migration with the move to mobile where cookies don’t exist. And then, of course, that got reinforced with Apple and their ITP, their intelligent tracking prevention policies that are limiting people’s ability to track in mobile.
“Those trends existed previously, driving people towards first party like applications of data where they’re marketing towards known users – that movement was called ‘people based marketing.’”
Kawaja sees the GDPR as “an exclamation point” as the rush towards people based marketing and the use of first party data,” as the regulations impose “pretty significant restrictions on anonymous tracking without consumer consent.”
But Kawaja is well aware of the tricky implementation issues.
“For any publisher or anybody with a consumer-facing application, you basically own your supply chain. (But) every aspect along the ecosystem or the Lumascape essentially has to have their own sort of permission.”
A Time for Industry Reflection
At Criteo, our view is that consistency and certainty around privacy and data protection is a win-win for businesses and the consumers they serve.
Acxiom’s chief data ethics office Sheila Colclasure agrees, but the path to that certainty won’t be easy. She says the GDPR presents an opportunity for the ad-tech industry to reflect.
“About six months ago, I would say that perhaps the industry had not really had a moment of reckoning yet,” says Colclasure to Beet.TV. “I think that moment’s come.”
“I don’t think our industry has ever had this level of accountability codified into law,” Colclasure adds. “We are all going to have to think about … our data governance practices, quite specifically in standing up programs to govern all that data.”
Colclasure adds, “Now we have to think about privacy by design. We all have to stand up data governance programs in the design layer with an eye to the impact to the data subject or the individual consumer.”