‘Everyone is breaking the law right now’: GDPR compliance efforts are falling short
The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. But experts say much of that activity was for show because much of it fails to render companies compliant with GDPR.
Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. Others have used what some industry execs refer to as “nuke buttons,” which let the user reject everything without explaining what they’re rejecting or what they’re agreeing to. Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive.
“Many publishers [and marketers] seem to have shot themselves willfully, or ignorantly, in the foot,” said Adrian Newby, chief technology officer at Crownpeak, parent company to privacy vendor Evidon. “They have bombarded their audiences with entirely unnecessary and noncompliant consent and opt-in emails.”
A tumultuous few weeks after the law’s arrival on May 25, in which programmatic ad volumes plummeted mostly as a result of Google’s last-minute GDPR policy changes, programmatic spending is returning to pre-GDPR levels. Jangled nerves are calming, but experts warn against feeling a false sense of security.
“Pretty much everyone is breaking the law right now,” said Denmark-based media analyst Thomas Baekdal. “There is not a single consent dialogue box anywhere that is easy to understand. We [publishers] have not really realized how much this is going to hit us. Everyone is trying to make things work the way they used to, rather than thinking about privacy.”
“The European Union is very aggressive about privacy. This won’t stop just because we have a found a way for people to ignore it. This is coming,” added Baekdal. “They’ll likely attack Google and Facebook first. That’s how it will start, but through that, we will realize that as publishers, we’re just as bad.”
GDPR has been criticized for being vague and open to interpretation, which is what led to such disparate consent-gaining methods. Publishers across Europe are divided between those that have taken softer legitimate interest-based approaches or opt-out methods to claim compliance, while others have gone the harder consent-based route that requires people to opt in.
For example, Bloomberg and Forbes appear to be taking strict active consent approaches, while others like the Guardian and MailOnline are running consent banners. Several publishers have divided explainers on their cookie use into those used for advertising and tracking, and those used for site analytics — though users aren’t always able to pick one and reject the other; in many cases, it’s all or nothing. Others are simply hoping to stay under the radar until they have figured out how to be compliant in a way that doesn’t damage the business model.
“Confusion will continue to reign, and until someone actually gets burned, everyone is trying to fly as close to the sun as possible,” said a publishing executive.
But those who choose to do less now won’t necessarily be better off in the long run, according to some industry executives.
“Just being compliant and talking to users in a legal language won’t take publishers very far and fail to make the best of the potential advantages GDPR is presenting to them,” said Alessandro De Zanche, independent publishing consultant. “Inaction will just play into the hands of the duopoly.”
There are many examples of businesses simply repurposing the existing EU cookie directive policy and running cookie banners at the base of sites, to which users can click “OK” to proceed.
“GDPR consent requires an affirmative action, which leads you to conclude you need an explicit yes button,” Newby said. “No data should be collected until the user says yes. But a lot of publishers have gotten confused and taken a more similar approach to ePrivacy.”
Publishers went on a soul-searching mission when ad blocking reached crisis levels in 2017. A lot of focus returned to ensuring the user experience wasn’t neglected for the sake of hitting short-term revenue targets.
“With Y2K, there was so much freaking out,” said Brian Kane, co-founder and chief operating officer of ad tech vendor Sourcepoint. “But it came and went, and was never talked about it again. It’s the exact opposite with GDPR. It came on May 25, and it was the start of the conversation. We’re in conversations with publishers about how they approach consent, how they tie it with their subscriptions offerings and monetization strategies.”
How The 19th relied on memberships and funding to launch during a pandemic
In order to keep on schedule to launch ahead of the U.S. presidential election, non-profit publisher The 19th had to rely heavily on membership and fundraising to meet its launch goal of $4 million.
‘Let the buyers know you exist’: How Morning Brew plans to grow brand ad dollars from its base of direct response
Direct-response ads accounted for 90% of Morning Brew's 2019 revenue in 2019. Its CEO wants brand advertising to account for 50% by the end of 2021.
‘A significant uptick in deal flow’: Why Europe is becoming a hotbed of ad tech innovation
Ad tech companies with data privacy and identity solutions are in vogue among the sector's investors and acquirers.
SponsoredPublishers: Assessing risk and ensuring payments in times of crisis
As the industry navigates the continued impacts of COVID-19, here’s the questions publishers should ask their programmatic partners or ad management providers to protect themselves from clawbacks and lost revenue.
‘We can be agile and evolve’: News UK is quickly growing a 7-figure incremental revenue stream from social video
The goal for Social Studio is a 10-day turnaround from campaign booking to going live.
Lack of events revenue squeezes B2B media, forcing virtual volume — and innovation
Advertising, subscriptions and commerce have begun to recover. But events have not, and B2B media companies are feeling the squeeze.