‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short
The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. But experts say much of that activity was for show because much of it fails to render companies compliant with GDPR.
Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. Others have used what some industry execs refer to as “nuke buttons,” which let the user reject everything without explaining what they’re rejecting or what they’re agreeing to. Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive.
“Many publishers [and marketers] seem to have shot themselves willfully, or ignorantly, in the foot,” said Adrian Newby, chief technology officer at Crownpeak, parent company to privacy vendor Evidon. “They have bombarded their audiences with entirely unnecessary and noncompliant consent and opt-in emails.”
A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. Jangled nerves are calming, but experts warn against feeling a false sense of security.
“Pretty much everyone is breaking the law right now,” said Denmark-based media analyst Thomas Baekdal. “There is not a single consent dialogue box anywhere that is easy to understand. We [publishers] have not really realized how much this is going to hit us. Everyone is trying to make things work the way they used to, rather than thinking about privacy.”
“The European Union is very aggressive about privacy. This won’t stop just because we have a found a way for people to ignore it. This is coming,” added Baekdal. “They’ll likely attack Google and Facebook first. That’s how it will start, but through that, we will realize that as publishers, we’re just as bad.”
GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in.
For example, Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners. Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics — though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model.
“Confusion will continue to reign, and until someone actually gets burned, everyone is trying to fly as close to the sun as possible,” said a publishing executive.
But those who choose to do less now won’t necessarily be better off in the long run, according to some industry executives.
“Just being compliant and talking to users in a legal language won’t take publishers very far and fail to make the best of the potential advantages GDPR is presenting to them,” said Alessandro De Zanche, independent publishing consultant. “Inaction will just play into the hands of the duopoly.”
There are many examples of businesses simply repurposing the existing EU cookie directive policy and running cookie banners at the base of sites, to which users can click “OK” to proceed.
“GDPR consent requires an affirmative action, which leads you to conclude you need an explicit yes button,” Newby said. “No data should be collected until the user says yes. But a lot of publishers have gotten confused and taken a more similar approach to ePrivacy.”
Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017. A lot of focus returned to ensuring the user experience wasn’t neglected for the sake of hitting short-term revenue targets.
“With Y2K, there was so much freaking out,” said Brian Kane, co-founder and chief operating officer of ad tech vendor Sourcepoint. “But it came and went, and was never talked about it again. It’s the exact opposite with GDPR. It came on May 25, and it was the start of the conversation. We’re in conversations with publishers about how they approach consent, how they tie it with their subscriptions offerings and monetization strategies.”
‘We’re netting out with higher revenue’: Publishers reaping the benefits of Snapchat’s strong second half
With CPMs up as much as 20% year over year in the fourth quarter, many Discover publishers are bullish on the upstart platform for next year.
How Cosmo is building brand affinity with younger audiences through its focus on commerce
Cosmopolitan's focus on e-commerce through a line of branded wines and its own shopping holiday has led to a 254% increase in product sales.
‘Go to market faster’: The Washington Post’s Arc goes outside the tent for payment and data integrations
Subscriber revenue has become more of a priority to the Washington Post's Arc clients since it launched its subscription tools last year.
SponsoredPublishers will lead the charge as cookie-less advertising becomes the norm
Steve Wing, managing director, EMEA, Magnite As the advertising industry moves closer to a cookieless world — one in which browserless environments including connected TV (CTV) and mobile in-app are an increasingly large part of ad budgets — publishers will have an increasingly important role in developing the future of identity. Segment creation and identity […]
‘Profitability in the back half of next year’: BuzzFeed CEO Jonah Peretti (and Verizon Media CEO Guru Gowrappan) on their big merger
A special Digiday podcast episode features Interviews with BuzzFeed CEO Jonah Peretti and Verizon Media CEO Guru Gowrappan.
‘People have had permission to experiment’: Pandemic expedites rethink on 9-to-5 work structures
Starting out as a short-term fix to weather the coronavirus storm, employers are seeing work hours outside the traditional 9-to-5 week as a new normal.