At the Digiday Hot Topic UK: GDPR event in May in London, we surveyed 22 companies on what they predict will happen as a result of the General Data Protection Regulation. Check out our earlier research on what companies are tracking to measure the impact of GDPR here. Learn more about our upcoming events here.
- Sixty-eight percent of respondents to Digiday’s survey say Google and Facebook will benefit most from GDPR.
- Publishers, followed by ad tech vendors, are most likely to experience the brunt of negative GDPR consequences.
- Three-quarters of respondents are worried about declines in digital revenues as a result of GDPR.
- Seventy-five percent of companies say the greatest cost incurred in the run-up to GDPR was time spent on GDPR-related issues.
Publishers face the most negative GDPR consequences
GDPR, which took effect May 25, is a massive overhaul of the European Union’s privacy laws and has industry insiders worried about the future of ad-supported businesses. Industry executives have clear opinions on who GDPR will negatively affect most. Of the executives polled at the Hot Topic event, 40 percent thought publishers were most likely to be negatively affected, while 38 percent chose ad tech vendors.
Getting user consent on behalf of Google exposes publishers to a myriad of risks, including ensuring vendor compliance with GDPR, ad-targeting reductions and lower CPMs. Publishers that use WordPress face uncertainty about whether WordPress plug-ins powering their sites are GDPR-compliant. While GDPR could improve the quality of data that companies collect, it will also reduce the amount of information that they collect, as consumers opt out of sharing their data. With a smaller pool of information about their users, publishers will struggle to attract premium advertisers.
Vendors are in an equally perilous position. Without a direct connection to consumers, many face an uphill battle to get consumers to share data with them. Ad tech vendors claiming that processing consumer data under “legitimate interest” absolves them of getting consent from users are doing so at their own risk, with publishers using GDPR to cut ties with noncompliant vendors.
The duopoly wins again
However, many believe the Facebook-Google duopoly has the most to gain from GDPR, with 68 percent of the 22 digital media executives in the Hot Topic survey thinking this is the case.
Google benefits from GDPR because it rid itself of the most onerous task required by GDPR: getting users’ consent to collect their information, such as location and on-site behavior. Google pushed the responsibility to get user consent onto publishers, claiming Google’s ad products wouldn’t be able to bid on publishers’ inventory due to concerns that those publishers aren’t GDPR-compliant. Now that GDPR is in effect, demand on Google’s ad products has increased as other exchanges experience a drop-off in demand. As a result, industry executives have found themselves more reliant on Google than ever.
Facebook has also claimed its business will grow despite GDPR. The social media behemoth might have to change how it targets ads to focus more on contextual targeting. Even as people become increasingly aware of data privacy following GDPR and the Cambridge-Analytica scandal, the overwhelming majority of users are unlikely to abandon the platform. For advertisers, if GDPR reduces their ability to target consumers at scale across various websites, that means Facebook — and Google — are two of the few players able to offer such a solution.
Worst-case scenarios are occurring
Publishers’ worries about GDPR are already being realized. The most widely held concern among the companies Digiday surveyed was that GDPR would lead to a decline in digital advertising revenues, with 75 percent of companies sharing this concern. At least half of the surveyed companies were also concerned about the possibility of losing audience data and ad-targeting capabilities.
Leading up to GDPR, advertisers considered halting programmatic ad buying rather than risk improperly using audience data. Immediately after GDPR took effect, advertisers followed through. Demand requests from exchanges dropped between 25 and 40 percent on May 25. Some publishers shuttered their European websites altogether. Furthermore, data from Ezoic found CPMs in Europe continued to drop even a week after GDPR’s implementation. Regardless of whether the pause in programmatic spending is temporary, lower CPMs due to reduced targeting capabilities could have a lasting effect.
Time is money
Companies face numerous costs associated with GDPR, like hiring expensive data protection officers or spending money to reconfigure tech platforms. One ad tech vendor reportedly spent $11 million to become GDPR compliant, but wasn’t sure if it achieved compliance. Yet for all the financial resources companies have directed toward GDPR, 75 percent of respondents said the biggest cost was time spent working on GDPR-related issues.
Companies had two years to prepare for GDPR, but many did little until the few months before the law took effect. The fact that time spent on GDPR projects was the biggest cost for companies shows how little happened leading up to GDPR. Half of companies held their first GDPR-related meeting after the beginning of 2018, according to Digiday’s earlier research. Costs associated with hiring talent to ensure compliance might be low because 36 percent of companies didn’t hire anyone for that task.