With the General Data Protection Regulation being enforced in May, demand-side platforms need to figure out how to target users without relying on personal data. DSPs that are unable to adapt to the new rules are likely to lose market share and suffer a similar fate as the programmatic platforms that were late to adopt header bidding.
The GDPR demands that personal data only be used with explicit permission from individuals. This could become problematic for DSPs because they rely on audience data to target ads, and 50 percent of European internet users said that if given the option, they would opt out of seeing retargeted ads, according to a December survey by HubSpot.
Johnny Ryan, head of ecosystem at anti-ad blocking firm PageFair, said that when users opt out of having their data used for ad-targeting purposes, DSPs will have to scrupulously avoid using any information that ties back to an individual user. Data like IP addresses and cookies, which are the backbone of real-time bidding, will be off the table in these scenarios. These data restrictions will burden many vendors, and the GDPR will revolutionize ad tech akin to how the auto industry is being pushed to switch to electric vehicles, he said.
To obtain consent from users, DSPs have to rely on other companies along the ad supply chain since DSPs don’t have direct relationships with the end human being receiving an ad. It is the consumer-facing websites of publishers that ad tech companies will rely on to obtain consent, said Ratko Vidakovic, founder of ad tech consultancy AdProfs.
Obtaining permission from people to use their data for advertising purposes isn’t as simple as serving a one-time pop-up message that opts them in. Lawyers, sales execs, editorial people and web developers all get dragged into GDPR-related meetings, said Jeremy Hlavacek, head of global automated monetization at IBM Watson Advertising, which encompasses IBM’s media properties like The Weather Co.
Lawyers inform the rest of the company on what the policy permits, sales aims to make sure the new rules don’t hurt vendor and advertiser relationships, editorial’s focus is on embedding the consent forms in a way that doesn’t provide a bad user experience, and web developers build the features. Hlavacek speculated that small publishers will struggle to devote enough resources to GDPR compliance to make a smooth transition once the regulations take effect.
Since publishers’ opinions of ad tech vary widely, not all publishers are going to trip over themselves to get user consent for ad targeting. Those that rely heavily on targeted programmatic ads will be as desperate as their vendors to get user consent. But other publishers less beholden to ad rates may use the GDPR as an opportunity to re-examine the vendors they want to keep, and it is possible that some publishers fed up with data leakage won’t bother to bug their readers to opt into data tracking.
Publishers’ varied responses to the GDPR could create a patchwork environment where the readers of certain sites are more likely to give advertisers permission to use their personal data than readers of other sites. This will make contextual targeting more important for DSPs as they use content as a proxy to reach audiences, said Ari Levenfeld, chief privacy officer at ad tech firm Sizmek, which acquired DSP Rocket Fuel last year.
“This would necessarily whittle down the universe of targeting options in the EU,” said Eric Berry, CEO of native ad platform TripleLift.
Building features into dashboards for granular content targeting isn’t easy. The contextual targeting would have to be done at scale and across many languages, and these types of products can take months to perfect, Levenfeld said.
To prepare for the GDPR, the DSP Dataxu integrated Grapeshot into its platform about a year ago to beef up its contextual targeting capabilities, said Andy Dale, vp of legal and data protection officer at Dataxu, noting that Dataxu is working on building its own contextual targeting products. Dataxu also plans to hire a data privacy consultant in March since data protection officers are required by the new regulations.
DSPs are far from being the only sector of the Lumascape to feel pressure from the GDPR. Retargeting firms are scrambling to get consumer consent, and data management platforms are bracing for a tough battle to obtain the data that powers their businesses.
“We support ad tech companies and like working with them and want to see them succeed,” Hlavacek said. “But it is a dangerous time to be not fully compliant with all of these rules.”