What if a switch was suddenly flipped that meant advertisers and their data partners would have to gain explicit consent from audiences to be tracked, and that allowed those targets to demand a stop to processing of their data in future?
That’s what happened in Europe in 2016 – but the law that was passed affects global companies, too, and the final deadline for compliance is coming this May.
For Brian Wieser, the Pivotal Research senior analyst who is said to be the most-quoted man in advertising and who advises Wall Street on advertising and ad-tech trends, the outcomes are unclear. But one thing is for sure – with just four months to go, many US companies are behind the punch, and playing with fire.
“There’s a whole bunch of possible ways that this could shake out,” says Wieser in this video interview with Beet.TV. “We don’t know. But I think that the bigger problem is that a lot of market participants in the investment community haven’t really thought about it.
“They’re not aware of it. Investors, for the most part, haven’t paid much attention to it. I would daresay most can’t spell ‘GDPR’ yet.”
For the uninitiated, the European Commission’s new General Data Protection Regulation (GDPR) came in to effect back in 2016, updating prior consumer data protection rules in a significant way. Now any global company which deals with EU citizens’ data must comply with a new and more stringent set of demands, including:
- tighter consent conditions for the collection of citizens’ data.
- consumers can instruct companies to stop processing their data.
- automated decision-making and profiling decisions must be made clear.
- consumers can request decisioning by automated processes be stopped and handled by a human instead.
- they have the right to request an explanation of automated decision-making.
- they can request free access, rectification and deletion of data.
Breaching the new rules risks incurring a fine of up to 4% of global annual turnover, up to a maximum of €20 million. Switched-on companies have spent the last couple of years auditing their exposure, adding required data handling managers and getting compliant. But many are now scrambling to meet the deadline, whilst, with a few months to go and GDPR gaining headlines, others are currently in a big public push to profess their own compliance.
Wieser is uncertain what the effects may be, but they range on a spectrum, starting with a comparison with Y2K, the Millennium Bug, which was warned to be cataclysmic and which passed with little fanfare.
“All of a sudden, it could mean it’s the end of the world as we know it, or nothing will happen,” he says. “Nobody really knows, but do you want to take that chance?”
Whilst may European companies have noted the GDPR step-change, many US commentators seem more inclined to frame it in a context of existing emerging trends.
Wieser sees it as “a different expression of the same problem that Apple is attacking with ITP in the United States”, referring to the how Apple’s Intelligent Tracking Prevention limits the ability of website owners and advertising platforms to track users across domains.
The up-shot of each is to put at risk the current version of digital ad tracking, and place more focus on really knowing actual audience members.
“Marketers have to establish stronger direct relationships with consumers and incenting them to establish strong direct relationships,” Wieser adds.
“When you get to a level of trust between a brand and a consumer, they will hand over their data, because they trust the brand. The European government and Apple, they’re kind of both pushing brands in that direction.”