Digiday Research: European publishers’ GDPR fears recede

In surveys of publishers conducted at the Digiday Publishing Summit Europe events in October 2017 and February 2018, we found that concerns about the GDPR and ePrivacy have remained relatively the same. With little new information being released about the regulations, there isn’t much to contribute to publishers’ worries. However, the noticeable trend was the increased likelihood that publishers weren’t worried about the GDPR or ePrivacy.

The Article 29 Working Party has been notoriously slow to release updates on the specific requirements the GDPR requires. This has led many publishers to take a wait-and-see approach to the GDPR, potentially reducing concerns about it. Attitudes about GDPR enforcement are also slowly starting to shift. Those that say the GDPR will “[rip] the digital ecosystem apart” are becoming quieter. Marketers now view the GDPR as a transformation of existing data laws rather than a full-blown revamp. Transformation or not, publishers might have simply found solace in believing they can pass off blame to their tech vendors for failures to comply with the GDPR.

‘Legitimate business interest’ as a stopgap or full solution
Under the GDPR, users will have to voluntarily opt in to sharing their consumer data with the websites they visit. Prior Digiday research found that losing their consumers’ audience data was publishers’ biggest fear about the GDPR. As a result, nearly one-third of publishers (31 percent) plan on invoking a “legitimate business interest” to retain their consumers’ personal information.

The GDPR states six different lawful bases for a business to process consumer data, with the most common basis being when users consent to sharing their data. Each business has to declare which legal basis they are using to collect and process consumers’ data. Of the six, legitimate business interest is the most flexible and could allow most companies to function similarly to how they did before May 25.

Many ad tech vendors are claiming legitimate business interest as a solution to GDPR headaches, but nobody can guarantee it will allow businesses to use audience data as they once did. The fact that 63 percent of publishers said they were unsure whether they would employ legitimate business interest as a legal basis underscores the confusion surrounding the issue. Publishers that follow ad tech vendors’ lead could use legitimate business interest as a stopgap measure to continue their existing business practices until the European Union specifies the GDPR prohibits using it, or it could eventually turn into a viable way for publishers to collect, retain and process user data.

How publishers are planning to obtain consent
One question that remains for publishers is how they will obtain consent from users to process their data. Research from PageFair found that only 23 percent of marketers expect consumers to opt in to sharing their data. Two-thirds of publishers in Digiday’s survey plan on using the opt-in banners they already use.

Publishers that rely on their existing banners or are considering tracking walls might find themselves in hot water with regulatory officials. As Digiday’s GDPR guide explains, standard privacy notices that include pre-ticked boxes won’t cut it under the GDPR. The GDPR encourages publishers to develop multiple ways to gather consent such as privacy dashboards, video explainers and other auditory messages for the visually impaired. Redoing their privacy banners will be a start for publishers, but it might not be sufficient.