‘GDPR is not done’: Confessions of a publisher programmatic director

Answers have been lightly edited for clarity and flow.

What was the biggest pressure for publishers in 2018?
We knew GDPR would happen well in advance but not the shape it would take. So no one in the industry took a stand in tackling it; everyone including us waited until two to three months before [May 25] to really start addressing it.

What was the hairiest moment?
One of the biggest would be when Google organized a meeting with publishers on May 24 to tell us what their strategy was going to be from May 25 onwards. No one had any turnaround time. That’s why all the big U.K. news publishers didn’t attend as a kind of boycott, even though they didn’t gain much from doing that. A lot of the people at publishers that were responsible for all the data and ad operations, that had been working on GDPR took the day off on May 25. They just didn’t want to deal with the issues, and Friday is never a good day to start troubleshooting.

Has Google’s communication improved around GDPR since that time?
No. One of the main GDPR objectives is to regulate data but also fight against the Google-Facebook duopoly, but it’s really just made them stronger. They don’t need to answer to anyone. GDPR gave Google a reason to become even more of a protected walled garden. We had to switch all out deals back to Google at the start because our consent strings weren’t being passed properly. June would have been a big win for Google.

Are you happy with how your consent management platform is passing consent strings?
So many CMPs have emerged based on zero tech — they just made it up, but they had to build something to answer the market need. It’s all been very confusing. We chose an independent one [CMP] and decided to pay for it, not accept one of the free versions because nothing is free. We didn’t want to give access to our data to a third-party provider. Even today we’re not sure it’s working properly. We also haven’t signed any of our data protection agreements because we’re such a big company we can’t afford to have a breach in contract with anyone.

Why are you unsure your CMP is working?
The consent rates look too high for what they are supposed to be. We also have poor management from the vendor, even though we have paid them quite a high price. A lot of other premium publishers tell us they’re getting the same treatment. It wasn’t until August that we started seeing the consent strings passed properly by our CMP. We lost money from that. I’m not sure we have the right [consent rate] numbers in front of us.

Is the worst behind us with regard to GDPR?
The dust has been brushed under the carpet, but GDPR is not done. The [Information Commissioners Office] will look further into this and in more detail. I believe there will be actions soon, and we will all have to react again.

What will be big next year?
Next year focus will be on publisher alliances and unification of user IDs. With ePrivacy Regulation coming up, I feel like we are in the exact same situation we were last year with GDPR — no one is paying attention because everyone is running after money to try and finish the year. We’re under a lot of pressure. But just because the deadline has been pushed back doesn’t mean we should ignore it.