Publishers are feeling jittery about the new European privacy and data regulations coming down the pike. The new rules, which take effect in 2018, will drastically change how companies collect their customer and audience data. Like all EU rule changes, the devil is in the details — and the details can be eye-watering. And it appears publishers are putting off preparations to the last minute.
“I’ve been surprised by how little many people seem to know about it across publishers, agencies and advertisers,” said Pete Wootton, managing director of digital for magazine group Dennis Publishing. “But if publishers don’t prepare, they could lose €20 million [nearly $22 million] or 4 percent of global revenue in fines — and it could potentially restrict their use of data like email list rental, lead generation, all of which becomes harder.”
Here’s what the procrastinators out there need to know.
The goal is more notice about what data is collected and why.
The General Data Protection Regulation will likely cause a world of hurt, in the short term at least. Publishers need to rethink everything from how they communicate that explicit consent is needed to collect and store audience data, to investing in new tech to facilitate this. They also might need to change relationships with existing ad tech suppliers.
But in the long run, premium publishers that have ticked all the right regulatory boxes could be in a strong competitive position. And it could get rid of a lot of the deadwood.
“I suspect in the long run, it will be good for publishers and the buy side because at first glance, it looks like it will remove a lot of data or make it harder for you to keep data, but the data you do keep and get consent for will be far higher quality,” said Jim Edwards, editor-in-chief of Business Insider UK. And that scarcity in supply could lead to higher demand and prices. “The supply of people willing to tolerate advertising or give over their data is going down, and when that happens, prices go up — making the remaining data more valuable,” he added.
No, the sky (probably) won’t fall.
Once publishers do gain compliance, it’s unlikely a stampede of people would refuse to give consent to collect their data. Users will still want access to the content. In many ways, the ad-blocking crisis hitting publishers is in full swing. Some media execs believe ad blocking is the ideal indicator for the kind of audience drop-off publishers may see — that has ranged from 15 to 30 percent across Europe, according to Internet Advertising Bureau figures. The high number of people switching off ad blockers have reassured individual publishers, leaving a small cohort of people (in the single digits) refusing to entirely. That’s hardly anything to sneeze at, depending on the audience.
“The kind of people you see on Reddit that are annoyed at the lack of consumer privacy, they’ll likely disappear from lists and you could argue they’ll no longer appear inside [data-management platforms] that are looking at cookies,” Edwards said. “You could argue that the ad-blocking population is in some ways a proxy for the amount of people who will decline their consent.”
This is another blow to the cookie.
Pity the poor cookie. The internet advertising business was, in large part, built off the humble tracking cookie. And now the cookie is under threat on several fronts, particularly with the rise of real user data on platforms like Google and Facebook. Most publishers are driving some kind of personalization strategy, whether it’s for products or ad targeting. For publishers with subscriptions strategies, that means driving free registrations. Much of that centers on using email addresses and logins over cookies. And that’s going to pan out well for GDPR-compliant publishers. Not so much for companies that rely solely on dropping a bunch of cookies on publisher sites.
Content-recommendation engines, for example, will be among those forced to adapt. GDPR could also rid publishers of the number of ad tech companies that plug into their sites and drop cookies.
“Companies like that will have to smarten up or ship out. There will definitely be some kind of shaking-up effect,” said John Barnes, chief digital officer of Incisive Media.
Americans can’t just ignore this as an obscure European bureaucratic issue.
GDPR is going to affect any company with audiences and customers in Europe. That means American companies with global operations will also have to prepare.
“There seems to be a view amongst U.S. companies that it’s a ‘European thing’ that they don’t need to worry about, but that’s clearly not the case if they have any European customers,” said Wootton. It’s true that the regulations will tighten around the data of European web users, but American companies have hundreds of millions of web customers.
Likewise, Brexit will not exempt the U.K. from adhering to the new laws. Publishers like Business Insider, a U.S.-founded but now German-owned company, courtesy of its sale to Axel Springer, will be in a prime position to view the difference in cultural attitudes toward data privacy. “Those are conversations we are going to have to have,” added Edwards.