May 25 will be the day of reckoning for many businesses in the media and marketing industries. It’s the date Europe’s highly anticipated General Data Protection Regulation kicks in, from which point no business operating in Europe can use data without explicit permission from users to do so. The maximum penalty for noncompliance: fines to the tune of €20 million ($24 million) or 4 percent of annual sales.
The GDPR is a slow-moving wrecking ball, after a two-year incubation period that served mostly to heighten confusion over what the regulation means and how to get out of its way. In 2018, the hand-wringing and chatter will give way to action, with a period of intense pain, while companies come to grips with a post-GDPR world. For all the talk of revolution, the GDPR will end up a blip for most rather than a world made new. But that will be after the new regulation causes its share of confusion.
For years, publishers and brands have been burned by not fully understanding how vendors operate within their digital ad transactions — that lack of information will land them in hot water with regulators if left unchecked. Under the GDPR, publishers will share liability if a vendor uses data without the correct level of consent.
Wrestling that level of transparency from ad tech vendors and agencies won’t be easy. Even now, some vendors are passing the buck to publishers, which they expect to shoulder the burden of gaining compliance on their behalf. The harsh reality is, no one will shelter anyone. When it comes to the GDPR, it’s a dog-eat-dog world.
In the U.K., detailed updates on exactly what implementation will look like have dripped through from the Information Commissioner’s Office at a snail’s pace, leaving very little time for businesses to actually implement. That means companies have been forced to second-guess potential outcomes and try to lay out contingency plans for worst-case scenarios, like if advertisers panic about not being ready themselves and pull campaigns. It also means a last-minute scramble to get ready is inevitable.
That said, it’s not all bad news. There are some silver linings hidden within the confusion. For instance, the GDPR will root out bad practices in digital advertising that have long been cause for embarrassment — like cookie bombing. It could bring about some much-needed change in programmatic trading; help end interruptive ads altogether; improve the user experience; and reward publishers and marketers that offer a clear value exchange with users, while penalizing those who don’t, along with bad actors like data merchants that scrape fees within digital ad transactions, essentially stealing from both publishers and marketers.
“GDPR will force programmatic to evolve to greater accountability and improve advertising,” says Amir Malik, programmatic lead at management consultancy Accenture. It could cull bad practices like cookie bombing, where ad networks buy a load of low-quality inventory so they can drop as many cookies as possible in order to inflate campaign conversions, to the detriment of the user experience, he adds.
Those are the long-term benefits. But in the short term, things are going to be tough. For those who think that the issue will be fixed on May 25, think again. The “fun” is just beginning.
More in Media
Amazon expands media footprint with iHeart sales deal and new TV outcome tool
Amazon is deepening its role in streaming advertising with an expanded iHeartMedia sales deal and outcome-based TV buying technology.
Media Briefing: Inside publishers’ real Cannes agenda – AI money vs agentic hype
For publishers, Cannes this year isn’t just about showing up for clients and sponsors. It’s a mid‑year checkpoint on two hard questions: who is going to pay for the open web in an AI world, and whether agentic media buying is a real fix or just a freshly branded ad‑tech tax.
Forbes tests a creator-led audience play to grow off-platform reach
Forbes is yet another publisher tapping creators and their audiences to drive off-platform growth – with a slightly different structure.