Love it or hate it, the arrival of the General Data Protection Regulation became the biggest topic — and cause of hand-wringing — for advertising companies across Europe in 2018.
One of the biggest challenges facing publishers, agencies, advertisers and ad tech vendors has been the breadth of the law’s interpretation, which has, in turn, resulted in a chaotic and confusing online experience for European users.
Here are five things we learned about GDPR in 2018.
It highlighted Google’s power
If the law was partly an attempt by the EU to reduce the power of Facebook and Google, we can safely chalk that up to a hard fail. Google’s relationship with major publishers became deeply fraught in the weeks around the law’s arrival. The tech giant’s failure to inform publishers (and media buyers) of its own strict interpretation of the law until the ninth hour caused massive issues that reverberated across the whole digital ad ecosystem. Unsurprisingly, volumes on AdX surged in the few days after May 25, while other ad tech vendors saw their volumes drop hard, according to ad tech and agency executives.
Google has battled anti-competitive charges in Brussels for years and won’t want to attract unwanted attention from regulators on whether its GDPR compliance strategy is working to its own commercial advantage. But its large logged-in user base naturally gives it an advantage that publishers don’t have on their own (hence so many GDPR alliances). Google has so far gone its own route with GDPR, but there are signs of more cooperation with the rest of the industry. Regardless, any change Google makes to its GDPR strategy will have ramifications for everyone else.
Trust between partners will take time to repair
Procrastination was the only common pattern of behavior in the media industry when it came to preparation for GDPR. During the last-minute scramble to get ready, swathes of businesses tried to hoist the burden of liability onto any partner in their digital ad supply chain who’d willingly sign — or bow to pressure to sign — updated contracts.
Clients wanted agencies to assume risks, while agencies insisted publishers assume them. Publishers then did the same to tech vendors in one giant game of hot potato. Meanwhile, publishers felt pressured by Group M, Publicis and Google, who they claimed used their size to push their own agendas. Google’s lack of consideration for publishers and other vendors when it came to forewarning them of its plans has also caused deep skepticism of its motives.
Discussions around the adoption of the Interactive Advertising Bureau Europe’s attempt at creating an industry standard, albeit a far-from-perfect one, has become an exercise in publishers and ad tech vendors relearning to trust each other.
Regulators are just getting started
Regulators were pretty quiet for the first six months after the law’s arrival. Then there came a flurry of fines and warnings. The ICO issued heavy penalties to companies including Facebook, which received warning of a £500,000 ($661,000) fine for its part in the Cambridge Analytica scandal. Uber also got slapped with a £385,000 ($485,000) fine for failing to protect customer data during a cyber attack. Both were fines that predated GDPR, however, and so were under the more lenient fining conditions of the Data Protection Act. Next year, that won’t be the case.
French data protection authority CNIL has come down hard on location ad tech vendors, issuing public warnings to ad tech vendors Fidzup, Teemo and, in November, Vectaury, which attracted a lot of attention. Although fines weren’t issued, the orders given to companies like Vectaury to get compliant could spell the end of some current ad tech business models.
“Assumed-consent” strategies are popular but risky
There’s a reason gaining GDPR consent has been described by some in ad tech as “a wobbly wagon.” The lack of standardization of consent management systems — which collect and store information on which users have given consent to be served personalized ads — has resulted in a messy online experience for people in Europe. And some publishers are uncertain they’re seeing the right opt-in rates due to CMP glitches. Those that are boasting super high opt-in rates of above 80 percent, are likely not doing much by way of compliance, according to ad tech sources. A common approach has been one of assumed consent, meaning that if a user continues to click through to articles after being notified, that’s a signal that consent has been given. But that’s a route regulators may not look kindly on.
“It’s hard to say how big an impact GDPR has been on monetization for publishers because the very large majority have not been doing things compliantly since the start,” said an ad tech executive who requested anonymity due to having a lot of publisher clients. That said, until regulators show their cards, most publishers will take the path of least resistance.
Good news for U.S. publishers in Europe
In November, U.K. regulator the ICO reprimanded the Washington Post’s approach to gathering consent, through which it offers a paid premium subscription in return for no ads and no tracking. The only free option requires the reader to give consent to be tracked in return for access to a selection of articles. The ICO ruled that this approach was in breach of GDPR. However, what was notable was the ICO’s watery delivery of the warning and lack of follow-through. The ICO stated that it had written to the Washington Post and told the publisher that its current approach isn’t compliant but stated merely that it “hoped” its warning would be heeded.
That could bode well for other U.S. publishers, such as the Los Angeles Times and the Chicago Tribune, which have closed their sites in Europe.
Inside Hearst UK’s multi-pronged approach to third-party cookie replacements
Hearst UK's Ryan Buckley and Faye Turner are testing everything from 50,000-person panels to clean rooms.
Out of home fights for greater ad share as it cites better value on action taken by consumers
An OAAA study found that OOH is on par with other media in eliciting action from those consumers who recall seeing the ads. And since it's much less costly, it's a more effective means of influencing consumers.
The Rundown: BuzzFeed Inc. revenue up by 26% despite hits to commerce business, expects similar momentum in Q2
Despite significant declines in BuzzFeed Inc.’s commerce business, overall revenue was up, due to increases in the company's advertising and content arms.
SponsoredHow marketers and retailers are unlocking the true value of retail media
Ben Kneen, senior director of product management, Xandr It’s a challenging time for retailers in the advertising industry. As they cope with supply chain woes and inflation-related pressures, they seek high-margin revenue streams amid evolving privacy regulations and massive shifts in identity solutions — including IDFA, the deprecation of third-party cookies and more. In light […]
Member ExclusiveMedia Buying Briefing: Omnicom Media Group tackles supply-chain challenges for its clients
The media agency network created a metric designed to help brands calculate where and when to redirect media spend as a result of supply chain issues they face — rather than just putting a halt on spend when there’s a supply crunch.
The Rundown: Podcast production companies and platforms pitch diverse audiences and ad targeting improvements at IAB’s Podcast Upfront
The three-day podcast-focused event highlighted improvements in dynamic ad insertion, machine learning and diversity of creators, content and audiences.