Programmatic for sellers: Understanding identity, programmatic deals, CTV and privacy More from the series →
This lesson reviews the rapid development of data privacy regulations and is intended for those familiar with programmatic advertising and wanting to expand their understanding.
In the EU, the stringent GDPR is the law of the land. In the U.S., California has led the data privacy charge with CCPA and its CPRA amendment. Other states, including Colorado, Virginia and Utah, are following along. One thing is certain: the evolution of privacy regulation is only just beginning.
Unfortunately, evolution is messy. The disparate data privacy laws worldwide and in the U.S. have made life difficult for the ad industry. Some laws require users to proactively opt-in to data collection, while others allow users to opt-out. Some laws only apply to companies with a minimum revenue threshold, while others apply to anyone collecting data.
To be successful, programmatic sellers must understand the broader impact of data privacy regulation on the major programmatic stakeholders in the industry.
Data privacy regulations present many difficulties for marketers everywhere. In short, many laws limit companies’ use of consumer data for ad targeting and measurement. These laws make it harder for marketers to precisely target audiences, tailor specific messages to audiences, and measure ad effectiveness.
For example, data privacy regulation makes using data brokers to acquire and target audiences difficult. It also makes it difficult for an advertiser to use their own data within an external piece of technology to target users on websites and apps.
When regulatory change is announced, businesses are left to interpret the new legal requirements and adapt their business models as they see fit. In the U.S., the lack of federal privacy laws has also left the door wide open for Google and Apple to decide how to regulate data privacy.
Marketers are playing ball because they have to, but the urgency for compliance isn’t quite there yet. So far, only GDPR has brought about significant fines, but that’s likely to change with California’s CPRA amendment. Businesses will no longer have a 30-day grace period to fix their compliance issues, and the new enforcement team will be on the lookout. As fines mount in the U.S., marketers’ risk tolerance will likely drop.
Data privacy regulation is a puzzle for publishers, too. On the one hand, media companies have an intimate, non-transactional relationship with their users; it’s in a publisher’s best interest to maintain consumer trust so they continue to spend their time and attention on their sites. However, publishers also rely on consumer data to monetize their content with advertising. It can be a challenging needle to thread.
Ad-reliant publishers try to comply by continuing to collect data, but respectfully and with consent. Since compliance requires a significant investment of time and resources, publishers mainly comply with a “lowest common denominator” policy by following the most stringent data privacy rules and applying them everywhere.
And some publishers are shifting their business models away from ads towards subscriptions to future-proof their businesses against impending data privacy developments.
Data privacy regulation helps some ad tech companies and hurts others.
For behemoths with a consumer-facing relationship and their own data set — think Google, Facebook and Amazon — data privacy regulation gives them an edge against competitors that don’t have the luxury of their own data. Big Tech seems to be a significant beneficiary of the data privacy revolution despite being a major threat to user privacy moving forward. Still, data privacy regulations make most ad tech companies worse off.
Companies that are intermediaries don’t deal directly with consumers or even publishers but instead depend on other sources for data, like data brokers. While these companies are working hard to develop alternative means to collect data in a privacy-first manner, they will have a tough time convincing consumers and regulators that they have positive intent. Their future is a bit cloudy.
When selling a programmatic offering, it’s critical to understand two key points:
- What mechanisms will continue to enable targeted advertising in a privacy-centric world?
- How are these mechanisms future-proof and free from ongoing regulatory and platform changes?
Most consumers believe that data privacy regulation is a massive win for them. If one’s data is protected, one should theoretically not be exposed to identity theft, hacking, etc. However, these regulations must be written, implemented and enforced correctly to have the desired effect.
Thus far, regulation has seemed to focus on data collection and has not considered the mechanisms for collecting, encrypting, sharing and applying data. Most data privacy regulation has been ambiguous in these areas.
Data privacy regulation adversely affects consumers, including creating the propensity for a less personalized online experience. Smaller, niche publishers may also see less ad revenue since more established players have the resources to comply with data privacy regulations. Of course, other stakeholders are involved, such as privacy advocates, the government, companies in adjacent sectors, etc.
The bottom line is that the data privacy revolution is an ongoing battle between many parties pulling in different directions. And the process does not look like it will end any time soon.