Dear American publishers that think they will be fine when the General Data Protection Regulation takes effect next month: Check your email.
As brands, agencies and publishers scramble to get their data collection, usage and storage situations in line with European regulations, few have gotten their email newsletter subscriber operations into a GDPR-compliant state, either by securing affirmative consent for use of subscribers’ data or by updating their email onboarding process so people give consent when they subscribe.
Some haven’t done it because they have their hands full with other facets of GDPR compliance. Others haven’t because they’re still trying to figure out if their current situations are, in fact, acceptable under the regulations. Others are waiting for third-party providers to deliver tools to help navigate the problem. Still others are reluctant to do anything that could put a meaningful dent in their newsletter subscriber counts.
“This is definitely a risk,” said Brad Schorer, the president and CEO of data and marketing consultancy Digital Segment. “They need to prepare to have the steps in place to allow for their readers to opt out of the newsletter and/or be able to produce the level of detail on them that the publisher has in house.”
A common misconception about the GDPR is that it is for European companies. In fact, the GDPR covers any company that collects data from European Union citizens, which is to say most every publisher. Publishers have liability if they have any EU citizens on their email newsletter lists. Under GDPR rules, publishers must be able to point to a specific date when a reader affirmatively consented to have their data used by publishers. That covers all email subscribers, not just those acquired after the GDPR takes effect on May 25.
Most publishers don’t have those dates on file, particularly for email subscribers they’ve had for years, which presents them with an uncomfortable choice: Send an email asking European newsletter audiences to opt back in, risking a percentage of their subscriber base dropping out, or do nothing and hope the law is enforced for bigger violations.
“Any communication to consumers always entails the possibility of losing readerships due to opt-outs for any number of reasons,” Schorer said.
Many publishers also have to figure out how to get readers to actively consent, a break from the user experience templates that readers have been trained to expect in recent years. “It’s difficult to funnel people into signing up as it is,” said one source who oversees newsletter operations at one large publisher. “Now, we have to go completely out of the way to make sure consent is explicit by not having pre-checked boxes. Users have learned behavior that assumes boxes will be checked, and now we will have to teach them new behavior.”
The GDPR, to this point, has been a worry for European publishers, which have been busy hiring data protection officers and trying to build unified login systems to minimize shock when the regulations are enforced. As the May 25 enforcement date has drawn closer, fears among European publishers have subsided a bit, according to Digiday Research.
Yet many American publishers draw sizable chunks of their audience from outside the U.S. Just over 10 percent of The Washington Post’s digital subscriber base, for example, is based abroad. The New York Times said 14 percent of its 2.6 million digital subscribers reside abroad, though that number does not exactly correspond with its 13 million email newsletter subscribers; the Times does not break out the country of origin of newsletter subscribers.
Some publishers are trying to be proactive, despite the minimal risk to their business from being GDPR-compliant. At Morning Brew, a business-focused newsletter publisher with 180,000 subscribers and an open rate that hovers around 45 percent, just 3 percent of its subscriber base resides in Europe. But the company decided to add a double opt-in system to its newsletter onboarding program, in part because it minimizes bad actors taking advantage of its referral program and in part because it sees upside in adapting its system in ways that emphasize transparency and privacy.
Morning Brew is still trying to confirm that every facet of its business is GDPR-compliant, but it said it expects to be by next month. “The way we justified it is we need to do right by our readers,” Morning Brew co-founder Alex Lieberman said.
CNBC to test increases on its subscription prices next year
After seeing continued subscriber growth to its two products, CNBC will begin testing price increases next year.
How Apartment Therapy’s Riva Syrop is pivoting its events business around the economic climate
Apartment Therapy's event strategy closely revolves around its commerce business to appease both advertisers and consumers.
Experts tip in-house operations and retail media as the most fertile landscape for new job market entrants
Although 'readjustment' and 'flexibility' will be required from those laid off by Big Tech.
SponsoredPublishers are adapting advertising strategies for a privacy-first world
Tina Iannacchino, senior publisher director, Seedtag So much of the attention around the death of third-party cookies and its impact on the digital advertising industry is focused on the implications for brands and consumers, which is far from the complete picture. The digital publishing industry in the U.S. is massive and set to be shaken […]
Member ExclusiveMedia Buying Briefing: What a tour through Dentsu and Microsoft’s metaverse campus says about the future of digital marketing
Digiday gets a guided tour through Dentsu and Microsoft's metaverse campus, where clients can test out retail concepts or build showrooms in the virtual world.
The Washington Post invests in climate coverage as its team expands to over 30 journalists
The Post's climate team continues to expand as the publisher makes big bets on the beat drawing younger audiences.