Everyone and their mother - as long as they work in ad tech - know that GDPR is on its way. Beginning May 2018, Europe’s GDPR, the General Data Protection Regulation, will become legally enforceable, affecting businesses around the world. But I still meet people who are trying to figure out the exact nature of this new law, including who does it effect, and how it is expected to affect their adtech business. No one knows for sure yet, but we want to help you prepare for what is one of the most significant industry developments for 2018.
A Brief Overview of the GDPR
The GDPR was enacted in 2016 by EU regulatory bodies as a comprehensive means of ensuring that individual data privacy remained protected. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
While the law was enacted in 2016, it does not become legally enforceable until 2018, which given the nature of its scope and compliance preparation required, makes sense. Technically, the GDPR restrictions only apply to the protection of the rights of European citizens, however any global business including European users will need to become compliant as well, or risk being prosecuted.
The extent of the prosecution? A fine of 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year. In case of an enterprise, whichever is greater.
The Scope of the Law: Ensuring User Data Privacy
What steps does the GDPR require businesses to take to protect user data, and what might this entail for your adtech business?
According to the law’s specifications:
The “controller” or “processor” (business) that collects personally identifiable information must obtain consent from the individual from whom data is being collected.
There must be a clearly written statement identifying which t data is being collected and specifying what the business intends to do with it.
Any EU citizen who agrees to have their data collected must have the ability to remove their consent at any moment. They may also request their data be deleted, as well as receive a digital copy of any personally identifiable data that the business has collected.
The Anticipated Affect on Users & Ad Tech
Since many businesses do not request user consent to utilize their data for advertising purposes, one of the most direct consequences of this act may be the appearance of major popups, prompting the user for permission to share his details with advertisers and present him with ads. While much speculation has ensued about whether this will hurt publishers, the majority agree that users that wish to interact with a site, will continue to do so, regardless of the annoying popup.
The next question discussed is the issue of programmatic advertising. Due to the instantaneous nature of carrying out real time bids, and the number of parties involved, it would be quite difficult to make it clear to the user in advance, where he is signing his details over to, and who would be using them. After all, that data is decided upon just seconds before the actual action is carried out. As such, speculators predict a decline in use of programmatic ads (at least among businesses dealing with the European market) and a rise in the use of direct advertising.
A Big Boost for Premium Publishers
That brings us to the issue of how the GDPR is expected to directly affect publishers. The general forecast seems to be a bright one for premium publishers. As marketers shift away from purchasing traffic on programmatic advertising platforms, or from low-quality non-compliant publishers, the expectation is for there to be a shift over to the use of premium publishers that customers can count on for regulatory compliance. To ensure such, publishers will have to adjust the way in which they currently do business. For example, to perform cookie-based retargeting, publishers will have to receive a user’s permission in advance, letting them know what data is being collected, for what purposes it's being used, and what other parties are involved.
Publishers will also have to be vigilant in ensuring that they do not share their users’ information with unspecified parties or companies outside of the ones that were expressly stipulated to the user and pre-agreed upon by them. With a rise in malvertising and ad security issues however, even premium publishers have been having difficulty, as unbeknownst to them, ads get published on sites that have not been pre-agreed upon, malware gets implemented, and at times, third-party tracking devices get installed.
The Trickle Effect: A Rise in Ad Security
Incentive to rectify the issue until now has been entirely reputation-based. But with the additional legal aspect involved, the industry expects to see a rise in ad security monitoring and compliance solutions, such as GeoEdge, that ensures a clean, safe and engaging user experience.
GeoEdge has developed the capabilities to audit your ads for GDPR compliance. Our comprehensive ad security and verification solution ensures the user that their rights are not being violated and that your users are safe from bad ads, data leakage, malvertising, etc.
Contact us at GeoEdge to learn more about our GDPR capabilities and how we can protect you from facing future fines for inadvertently violating a user’s privacy. Given the massive scope of the regulation, only time will tell what repercussions and changes the GDPR will bring.