#GDPR: 6-months on

Home Blends & Trends 3 January 2019

Since the GDPR was implemented in May of this year, it has been tough to clearly evaluate the short- and mid-term consequences on the tech and digital ecosystems. The French CNIL organization noted an “unprecedented level of awareness” particularly among French citizens – but what can we say about advertisers and publishers?

Checking in with companies

Several companies put their best foot forward before May 25, 2018 in order to comply with the law… A commendable and encouraging endeavour. According to the CMO Council report entitled GDPR Impact and Opportunity, all 227 marketing managers interviewed agree that GDPR is an opportunity to better serve their clients, while being perceived as a way to strengthen the trust between users and brands.

But some are still playing catch-up. The report underlines that too many companies still do not feel that the new regulation applies to them, and thus have not planned any audits of their data for the foreseeable future. In fact, only 57% of those surveyed confirmed that they had already audited their data, which is a key step to compliance with the new regulation. On the other hand, a recent study from Quantcast and EBG found that 66% of advertisers and agencies think that GDPR is intricate, and that it is difficult to manage personal user data. Reactions certainly seem mixed.

When browsers become champions of the privacy cause

Browsers did not await GDPR before acting to protect user data. In 2017, Apple debuted its pioneering Intelligent Tracking Prevention, a feature that chases third-party cookies from Apple’s Safari browser. With its September 2018 update ( ITP 2.0), the browser blocks any so-called third-party cookies, which prevents cross-domain  tracking or advertising retargeting Firefox, which advocates for “visible and visceral” impacts on privacy, will follow in Apple’s footsteps in January 2019.

These changes come with certain problems for site publishers. Cross-domain tracking means that web users’ paths can be traced, which is especially valuable for e-commerce websites which use a third-party shopping cart hosted on another domain name.

Contextual targeting, second-party partnerships, and Programmatic Guaranteed: what changes are in store on the media side?

GDPR will also have an impact on media investments, with three notable trends:

  • Less personalised advertising using third-party data and more using contextual targeting, as already noted by some programmatic buyers in France.
  • More partnerships among brands and publishers using second-party data, due to the rising value of first-party data according to The Guardian, News UK, and Business Insider.
  • Greater reliance on “Programmatic Guaranteed“, a programmatic model that gives advertisers priority access to publisher inventories, with greater precision. This method is pricier, but guarantees working with a trusted publisher for whom we know how consent is acquired. An English publisher estimates that 70% of its video inventory is now sold via programmatic guaranteed deals, compared to just 40% in 2017. (source: Digiday).

Essentially, the online advertising ecosystem is adapting (as well as it possibly can) to new standards of data use, and is slowly moving towards transparent data collection, with more respect for privacy. It should be noted, however, that GDPR does not signal the death of online advertising in Europe. According to eMarketer, digital media investments continued growing in 2018 and now represented almost 64% of the advertising market in the UK, almost 31% in Germany, 29% in France and 29% in Spain.

Better ways to obtain consent: the latest from the IAB

Lastly, because the IAB (Interactive Advertising Bureau) is conscious of the complexity of GDPR application in the Adtech industry across Europe, the organization has  created a set of rules and technical specifications to make obtaining and sharing consent easier for all players in the advertising chain. With its Transparency and Consent Framework, publishers and online service vendors are now speaking the same language, and can share their users’ data with third-party services – but only when the users have given their consent. According to the Quantcast study, 73% of publishers have set up a content management platform (CMP), 96% of which are compatible with the Transparency and Consent Framework.

So how does it work? The user gives consent in four “simple” steps:

  1. The user visits the press website and a window pops up.
  2. The user accepts to share data (or not) with each adtech partner present on the publisher’s site, which are stored in a variable called the “Consent String”
  3. Each external player has access to the “Consent String” using an API, and can then adapt data collection in light of the user’s choices
  4. Data access and on-site advertising is then decided depending on the user’s choices.

As you can see, on paper the process is not completely smooth in terms of user experience, as it requires several actions from the individual. What’s more, the “informed” consent of the user is not really guaranteed, as the user doesn’t necessarily understand what exactly the third parties might do with his or her data. The perfect compromise between protecting privacy and easily obtaining consent hasn’t quite been found yet!

Brands must develop their practices in conformity with GDPR.  Compounded with the growing numbers of browsers changing their cookie management systems, this means that online  advertising is transforming itself for a smoother and less intrusive experience. There are several benefits: greater transparency for users, respect for privacy, and faster loading time for pages (Severbolt, for example, is 75% faster). There’s still work to be done, but the realization that data exploitation must be improved has taken root in the adtech industry. The revolution of data collection and processing is underway!

Column originally posted in French on the JDN website, November 20th 2018.

Would you like another cup of tea?