‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short
The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. But experts say much of that activity was for show because much of it fails to render companies compliant with GDPR.
Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. Others have used what some industry execs refer to as “nuke buttons,” which let the user reject everything without explaining what they’re rejecting or what they’re agreeing to. Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive.
“Many publishers [and marketers] seem to have shot themselves willfully, or ignorantly, in the foot,” said Adrian Newby, chief technology officer at Crownpeak, parent company to privacy vendor Evidon. “They have bombarded their audiences with entirely unnecessary and noncompliant consent and opt-in emails.”
A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. Jangled nerves are calming, but experts warn against feeling a false sense of security.
“Pretty much everyone is breaking the law right now,” said Denmark-based media analyst Thomas Baekdal. “There is not a single consent dialogue box anywhere that is easy to understand. We [publishers] have not really realized how much this is going to hit us. Everyone is trying to make things work the way they used to, rather than thinking about privacy.”
“The European Union is very aggressive about privacy. This won’t stop just because we have a found a way for people to ignore it. This is coming,” added Baekdal. “They’ll likely attack Google and Facebook first. That’s how it will start, but through that, we will realize that as publishers, we’re just as bad.”
GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in.
For example, Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners. Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics — though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model.
“Confusion will continue to reign, and until someone actually gets burned, everyone is trying to fly as close to the sun as possible,” said a publishing executive.
But those who choose to do less now won’t necessarily be better off in the long run, according to some industry executives.
“Just being compliant and talking to users in a legal language won’t take publishers very far and fail to make the best of the potential advantages GDPR is presenting to them,” said Alessandro De Zanche, independent publishing consultant. “Inaction will just play into the hands of the duopoly.”
There are many examples of businesses simply repurposing the existing EU cookie directive policy and running cookie banners at the base of sites, to which users can click “OK” to proceed.
“GDPR consent requires an affirmative action, which leads you to conclude you need an explicit yes button,” Newby said. “No data should be collected until the user says yes. But a lot of publishers have gotten confused and taken a more similar approach to ePrivacy.”
Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017. A lot of focus returned to ensuring the user experience wasn’t neglected for the sake of hitting short-term revenue targets.
“With Y2K, there was so much freaking out,” said Brian Kane, co-founder and chief operating officer of ad tech vendor Sourcepoint. “But it came and went, and was never talked about it again. It’s the exact opposite with GDPR. It came on May 25, and it was the start of the conversation. We’re in conversations with publishers about how they approach consent, how they tie it with their subscriptions offerings and monetization strategies.”
‘Scale with great context’: The Independent eyes global expansion
The U.K. news title marked 'double-digit' revenue growth this year and posted a profit, despite the pandemic. It plans to grow headcount by up to 25%.
‘This is a tricky job for humans’: How Meredith used AI and contextual data to build Campbell’s a new campaign
To keep Campbell's ads relevant, Meredith created new artificial intelligence technology to track hyper-contextual data.
Vying for consumer revenue, Eater serves up new wine subscription play
Eater's making a play for more national scale consumer revenue with the launch of its new wine club.
SponsoredHow artificial intelligence and machine learning power content-first newsrooms
By Chris Nguyen, executive vice president, marketing at Naviga Digital is no longer just a nice addition to a newspaper’s success, but an imperative. While print remains a key source of revenue — capturing both subscriptions and advertising — spending too much time on designing and managing printed editions has become an obstacle to digital transformation. […]
‘Clearly underinvesting’: Some of the world’s biggest marketers pledge to direct more media dollars to minority-owned business
Procter & Gamble to McDonald’s, Pernod Ricard to PepsiCo, big marketers pledge to curtail media dollars that help fuel racial basis.
Paid virtual events are the new golden ticket for publishers
There are other added benefits for publishers to have ticketing on their events, beyond the revenue.