Will new data protection legislation coming May 25 prove apocalyptic or just a bump in the road? With less than 100 days to go to the European Commission’s new General Data Protection Regulation, the US advertising sector seems split on the issue.
On the one hand, expert ad-tech deal-maker LUMA Partners CEO Terence Kawaja says GDPR will simply hasten changes that were already happening.
“I think of GDPR as an accelerant to some narratives and some trends that are happening otherwise,” Kawaja says in this video interview with Beet.TV.
“That was a trend in any event that was driving people away the anonymous tracking that we’d used cookies for that grew up in a desktop environment. We already saw that migration with the move to mobile where cookies don’t exist. And then, of course, that got reinforced with Apple and their ITP, their intelligent tracking prevention policies that are limiting people’s ability to track in mobile.”
The new GDPR updates prior consumer data protection rules in a significant way. Amongst other stipulations, measures include:
- tighter consent conditions for the collection of citizens’ data.
- consumers can instruct companies to stop processing their data.
- automated decision-making and profiling decisions must be made clear.
- consumers can request decisioning by automated processes be stopped and handled by a human instead.
- they have the right to request an explanation of automated decision-making.
- they can request free access, rectification and deletion of data.
The implications seem profound for a marketing industry that has grown up around collecting user behavior data, often unseen, to better and better target messages.
The rules won’t just apply within Europe. They must be followed by any global company processing EU citizens’ data, with penalties of up to 4% of global turnover. Kawaja sees challenges.
“The rub comes with the consent requirements where the GDPR regulations spell out that it has to be explicit and direct from the consumer,” he says.
“For any publisher or anybody with a consumer-facing application, you basically own your supply chain. (But) every aspect along the ecosystem or the Lumascape essentially has to have their own sort of permission. That will be tricky to see in terms of implementation.”