Desperate times call for desperate in-browser messages.
With Apple already making moves against ad tracking in its Safari browser and the General Data Protection Regulation being enforced in May, ad retargeters are desperately trying to get consent from users to track their digital browsing behavior. Companies such as Criteo and AdRoll are trying to get people’s consent by serving in-browser messages that opt users into ad tracking once they close the messages.
Criteo and AdRoll did not return messages about this story in time for publication. But Digiday spoke to five ad tech industry insiders who unanimously concluded that the in-browser messages should not qualify as acquiring user consent.
The GDPR demands that personal data only be used with explicit permission from individuals. Apple updated its Safari browser in September to prevent third parties from tracking users for more than 24 hours after a user visits a website.
Together, these moves make it a particularly difficult moment for retargeters since they are fighting a two-front war to keep their business model afloat, said Ratko Vidakovic, founder of ad tech consultancy AdProfs. Criteo’s stock already tumbled in December after it revealed that Apple’s crackdown on ad tracking hurt its business more than expected.
As seen in the screenshots below, AdRoll placed an “accept and close” button where users normally close a window. To opt out of AdRoll’s tracking, users have to click the link in the fine print.
Similarly, Criteo served people a message that opts them into the firm’s tracking once they click any link on the page. Its opt-out option is also buried within the message.
The GDPR regulations state that consent must be “freely given, specific, informed and unambiguous.” Ari Paparo, CEO of programmatic bidding firm Beeswax, said there’s no way the tactics of Criteo and AdRoll meet this standard. He called their attempts to gain consent “ridiculous.”
Altimeter analyst Susan Etlinger said these tactics are risky because companies that don’t comply with the GDPR could face a fine of 4 percent of annual sales or €20 million ($24 million). Trying to nudge users into consenting to data tracking is “going to become a high-stakes poker game for advertisers once GDPR goes into effect,” she said.
Since retargeting firms usually don’t have direct relationships with users, the GDPR’s consent requirements could expose their business models. But they’re not the only group in the Lumascape that the legislation could affect. Any vendor that primarily relies on third-party data could get caught in the crosshairs. That’s why data management platforms may soon face a tough battle to obtain the data that powers their businesses.
The enforcement of the GDPR will fundamentally change ad retargeting as we know it, said Dave Morgan, CEO of TV ad-targeting company Simulmedia. As browsers start policing ad tracking, Morgan thinks more users will refuse to consent to handing over their data to ad companies, and aggressive ad targeting will become harder to execute.
“I don’t know how one would argue that [the retargeters’] approaches truly amount to clear notice and consent,” Morgan said. “In fact, this is the kind of stuff that holds back digital advertising and undermines the industry’s trustworthiness with both advertisers and users.”