Germans are privacy fiends, but when it comes to the highly anticipated General Data Protection Regulation, they’re treating it as business as usual.
The reasons for this vary, including cultural differences and the country’s attitude toward different business threats like the ePrivacy Regulation. Germany’s stance on data privacy is singular in Europe due to its time under Stasi rule. Consequently, data transparency in media and advertising is highly valued and incorporated earlier into business practices than in other countries.
For German marketers, transparency in data use is the top concern, with 66 percent of marketers citing this as the area in which they expect transparency from ad tech vendors, according to a recent report from independent media-buying platform Iotec, which polled 250 senior marketers. By contrast, the top focuses for U.K. marketers are ad fraud and transparency on ad tech vendor pricing, according to a corresponding Iotec report that polled 500 U.K. senior marketers.
“There’s an air of calmness and pragmatism in Germany compared to elsewhere,” said Paul Wright, CEO of Iotec. “They’re used to this approach.”
Preparing for the GDPR hasn’t been easy in Germany, though. But transitioning to being GDPR-compliant has been less of a jolt for media and advertising companies there than it has in the U.K., for example.
While the majority of the U.K. market is awaiting final direction on how to obtain consent and share data from the Information Commissioner’s Office, German publishers are conducting business as if the law is already being enforced. Some U.K. data specialists at publishers have already pointed out that waiting on the ICO’s final guidance is naive — there are plenty of other ways to prepare, given the fundamentals of the regulation are set. Yet many have paused strategy changes until the final guidance arrives in December.
“In Germany, we’re [Iotec] signing data-processing agreements, which clarify what we do with data and is signed by us and the client. We put pixels on publishers’ sites, and they want to know how we use that data,” said Wright. Having those terms written into contracts makes it clear to the publisher who is liable for the sharing of customer data, which will be critical under the GDPR, given the severity of the fines. “We’re not as used to that in the U.K., where we’re less clear who is liable,” he added.
Another reason German media businesses seem way ahead of the rest of Europe in their readiness for the GDPR is because the ramifications of the regulation have been major topics in the press there for nearly two years, unlike in the U.K., where widespread coverage has only happened recently.
Added to that, Germany took a firmer approach to enforcing the ePrivacy Directive (due to be overhauled into the ePrivacy Regulation next year) than the U.K. and other European markets. Users that visit a publisher website in Germany are opted out of having their data stored by default. Only once they opt in do publishers store their data. In the U.K., it’s the other way around.
Internal GDPR workshops are common at German publishers, during which long lists of ad tech suppliers are vetted with the aim of crushing any risk, and contracts are adjusted accordingly to ensure suppliers or ad networks are accountable for their own sharing of data.
“There’s still a way to go on that,” said Oliver von Wersch, a publisher consultant and former managing director of growth projects and strategic partnerships at German media house Gruner + Jahr. “Many publishers here now have a more clear picture and are addressing vendors with new contracts. I expect in the first quarter we will start seeing the active removal of vendors from the supply chain.”
Businesses have been advised to appoint data protection officers to get in line with the new law. In the U.K., these roles are still rare, whereas in Germany, most publishers already have them, according to von Wersch. “Publishers [in Germany] understand there is a lot of homework to do around [GDPR] documentation, having the right security guidelines in place and defining data processes,” he added. “Many of them are well underway.”
That’s not to say the Germans are immune to anxiety. Rather, their energy is firmly directed to the ePrivacy Regulation due to be enforced next year. The terms of this law are still being determined in Brussels, but if the current proposal for the law stands, the potential ramifications are far more alarming than those of the GDPR, according to German publishers. Axel Springer is among those lobbying against the changes.
“The [GDPR] itself is balanced in terms of what the rights of the publisher are and what the rights of the user are,” von Wersch said. “But if you look at ePrivacy, it becomes very different — it’s very much on the side of the user and opposes many things publishers are reliant on for monetization.”