Digiday Research: Publishers are expected to suffer most due to GDPR

Vendors are in an equally perilous position. Without a direct connection to consumers, many face an uphill battle to get consumers to share data with them. Ad tech vendors claiming that processing consumer data under “legitimate interest” absolves them of getting consent from users are doing so at their own risk, with publishers using GDPR to cut ties with noncompliant vendors.

The duopoly wins again
However, many believe the Facebook-Google duopoly has the most to gain from GDPR, with 68 percent of the 22 digital media executives in the Hot Topic survey thinking this is the case.

Google benefits from GDPR because it rid itself of the most onerous task required by GDPR: getting users’ consent to collect their information, such as location and on-site behavior. Google pushed the responsibility to get user consent onto publishers, claiming Google’s ad products wouldn’t be able to bid on publishers’ inventory due to concerns that those publishers aren’t GDPR-compliant. Now that GDPR is in effect, demand on Google’s ad products has increased as other exchanges experience a drop-off in demand. As a result, industry executives have found themselves more reliant on Google than ever.

Facebook has also claimed its business will grow despite GDPR. The social media behemoth might have to change how it targets ads to focus more on contextual targeting. Even as people become increasingly aware of data privacy following GDPR and the Cambridge-Analytica scandal, the overwhelming majority of users are unlikely to abandon the platform. For advertisers, if GDPR reduces their ability to target consumers at scale across various websites, that means Facebook — and Google — are two of the few players able to offer such a solution.

Worst-case scenarios are occurring
Publishers’ worries about GDPR are already being realized. The most widely held concern among the companies Digiday surveyed was that GDPR would lead to a decline in digital advertising revenues, with 75 percent of companies sharing this concern. At least half of the surveyed companies were also concerned about the possibility of losing audience data and ad-targeting capabilities.

Leading up to GDPR, advertisers considered halting programmatic ad buying rather than risk improperly using audience data. Immediately after GDPR took effect, advertisers followed through. Demand requests from exchanges dropped between 25 and 40 percent on May 25. Some publishers shuttered their European websites altogether. Furthermore, data from Ezoic found CPMs in Europe continued to drop even a week after GDPR’s implementation. Regardless of whether the pause in programmatic spending is temporary, lower CPMs due to reduced targeting capabilities could have a lasting effect.

Time is money
Companies face numerous costs associated with GDPR, like hiring expensive data protection officers or spending money to reconfigure tech platforms. One ad tech vendor reportedly spent $11 million to become GDPR compliant, but wasn’t sure if it achieved compliance. Yet for all the financial resources companies have directed toward GDPR, 75 percent of respondents said the biggest cost was time spent working on GDPR-related issues.

Companies had two years to prepare for GDPR, but many did little until the few months before the law took effect. The fact that time spent on GDPR projects was the biggest cost for companies shows how little happened leading up to GDPR. Half of companies held their first GDPR-related meeting after the beginning of 2018, according to Digiday’s earlier research. Costs associated with hiring talent to ensure compliance might be low because 36 percent of companies didn’t hire anyone for that task.