GDPR compliance will reshape the adtech industry in ways that we are not starting to forecast. Gaining permissions for existing data sets is a priority but will not always be possible. Companies who have a direct relationship with their clients and troves of first-party data will be in a solid position. Persistent IDs are gaining traction as people-based marketing strategy…
There is mounting speculation about how the data-driven economy and in particular the ad-tech ecosystem will be reshaped by legislation focused on increasing protection of customers’ data and privacy. After months in which the specialist press deprecated the scant preparedness for the new, post-GDPR world, and its unfamiliar apparatus of transparent opt-in, right to be forgotten and data portability, the feeling is that the industry is coming to terms with the fact that change will happen and that its effects will not only be punitive. The UK Government has recently announced the expected Data Protection Bill, which will secure GDPR compliance of UK firms after Brexit. (In doing so, the Information Commissioner’s Officer has hinted at a quite lenient application of the legislation, leveraging on reprimands and public pressure rather than on hefty six-figure fines). This has generally had a positive reception – a sigh of relief, in fact – reassuring businesses that the data flow with the continent will not be compromised. In working towards compliance, it is now vastly acknowledged that firms can establish a new trustworthy relationship with their customers about the use of their data in a way that might prove beneficial for their business model. A stronger opt-in culture, for instance, could enhance the strategic importance of customer consent management as users will give and withdraw consent and thus inform their personal marketing and brand experiences. From the pages of this blog, Teavaro’s position has always been that GDPR represents an epochal opportunity, not the death-knell for the industry.
By creating new opportunities, encouraging certain business models, and disfavouring old practices, the GDPR will reshape the ad-tech industry in ways that we are only now starting to forecast. The great majority of customer data in possession of companies is at the moment lacks GDPR compliance and might be useless in a year’s time. This phenomenon is sometimes referred as ‘compliance drop out’. One possible solution is so-called ‘re-permissioning’; that is, securing fresh consent from customers, in line with the forthcoming rules. This will not always be possible and will change the quality of data stored, as well as the relationship with the client. Refreshing consent might involve an awkward ‘conversation’ with the customer base, perhaps via email marketing, if the customer has given consent for the use of such means of communication in the first place. Overall, it seems safe to say that GDPR will favour companies that have a direct relationship with their customers, which is the best way to gain consent, while intermediaries (companies who rely on third party data) will find themselves in a more difficult position. According to Johnny Ryan, head of ecosystem at PageFair, an Ireland-based ad serving technology company, “Companies who create value only by using data and tracking people across the internet will have to find a way to build a relationship with the customer. They will have their businesses seriously disrupted.”
In this sense, behemoths such as Google and Facebook, whose practices have sometimes incurred the ire of EU courts, might actually find themselves reinforced in their leading position through the new EU legislation. They have both recently enhanced the transparency of their privacy and consent policies and through their scale of logged in users can easily gain compliance consent for the use of data. In the near future, users will still opt-in and readily give personal data in order to use ‘free’ services (there has been little traction so far for a marketplace of users’ data controlled by users, although there are some startups that operate in that space). In this scenario, persistent IDs – identifiers established through a login that can be used to identify and track a user across several devices – are gaining traction among brands as way to prosper outside the comprising model of the walled gardens. Recently, for instance, two of Germany’s largest broadcasters have teamed up to create a single ID for their customers to use across all their media, with a unified way of managing the privacy settings and the way their data is used. If, as it seems, GDPR compliance will encourage the adoption of persistent IDs and ID matching as a coping mechanism, that would mean more reliance on first-party and deterministic data, and therefore a better deal for marketers (both in terms of reach and attribution) and publishers as well as personalised journeys, aka ‘people-based marketing’, for the customers.
For more information on GDPR, take a look at our GDPR series.