Two years ago, establishing more stringent, comprehensive, and consistent rules for safeguarding consumer data was exactly what GDPR was set up to achieve. Fast forward to 2020, and the regulation has become a byword for robust data protection across publishing, advertising and beyond. It has also played a huge role in influencing similar legislation in many countries across the world, for example, California’s Consumer Privacy Act (CCPA).
Adjusting to the most significant shake-up of data management for two decades hasn’t been easy. But too often, focus has fallen on the negative impacts of GDPR — such as non-compliance and massive fines — instead of the benefits.
Now, not only is there a shared standard of best practice, but data-savvy consumers are clearer about the key requirements for gaining their trust; especially transparency around data use and fast responses to data breaches. As a result, publishers and businesses alike are in a better position to build stronger, long-term consumer relationships based around transparency, trust and privacy.
As the European Commission completes its first official GDPR review, it will be important to maintain this positive trajectory, as well as assessing how data privacy measures can be refined and improved further.
For leading forces across the digital media and advertising scape, now is not the time to stop moving; it’s more vital than ever to keep raising the bar on responsible data use, regardless of the temporary reprieve from the UK’s Information Commissioner’s Office (ICO).
Now, for the 2nd anniversary of GDPR, we gathered some views and opinions from across the industry on the journey so far and what should come next:
Sustaining collaborative momentum
MD, Association of Online Publishers (AOP)
“As a trade body for publishers, we worked tirelessly in the lead up to GDPR to ensure we were prepared and understood the exact requirements demanded of publishers. During this time, we worked closely with the ICO and two years on, we continue to engage in positive dialogue with them, and our GDPR working group has evolved to become the ICO working group.
“The ICO’s warning to the ad tech industry one year ago was extremely valid, and their latest updates regarding a pause on investigations should not change the priority that companies place on compliance. For our members, GDPR remains high on the agenda and we are continuing to invest resource into providing guidance and we work closely with our partners – that includes our relationship with the ICO.
“One output of the working group is the creation of a document outlining proposed mitigating options, that recognises the complexities of the ecosystem, and acknowledges publishers’ reliance on other industries, technical solutions and trade bodies to meet their responsibilities as data controllers under GDPR. Looking forward, we will continue in our role as the trade body for premium publishers to encourage other stakeholders to recognise their responsibility in the ecosystem.”
“Closer alignment between industry and regulatory bodies is permitting both sides to better understand the technology available and industry data flows. The result is clearer visibility into the challenges companies are facing in GDPR implementation, as well as sharper insight into how they can best approach compliance. There’s a variety of working groups, and independent advisory boards like the IAB, ANA and ESOMAR, helping to further address these issues and identify some of the technological challenges that lie ahead – I hope we can continue to leverage them for the transparency and consumer awareness we seek.”
“We’re now two years on from the implementation of GDPR, one year since the ICO’s report on adtech and real-time bidding (RTB), and currently five months into the CCPA’s enactment. Privacy is more relevant than ever today, with the phase-out of third-party cookies already underway worldwide. However, this doesn’t mean the end of programmatic advertising as we know it.
“By putting data integrity first, as an industry we can further empower consumers with the knowledge of how their data is collected, stored and processed. This collaborative cross-industry effort will also speed up the shift from working with multiple third-party vendors to more sophisticated integrated advertising platforms that include comprehensive consent management solutions as standard.”
Preparing to tackle future challenges
“Two years on and GDPR maintains its standing as a key priority for companies across Europe, and the world. In the UK, the ICO’s announcement regarding ‘pausing’ its investigation into the ad tech industry does not mean data privacy should move down the agenda. Businesses must continue to focus on ensuring best practice in data management, making sure they have the right systems and processes in place to track data better and ensure the correct permissions are sought, and always followed.
“As an industry we do have a clearer understanding of what compliance means and moving forward we should be seeking the most efficient ways to comply with our responsibilities. The tools and means exist to ensure both compliance and excellent levels of service. It’s time to turn this into a strategic advantage for companies.”
“While all companies should be in control of their GDPR compliance at this point, publishers and advertisers should especially now be preparing for the perfect storm that’s heading their way. With more global privacy regulations rolling in, unstable ad spend, and the end of third party cookies on the horizon, the industry is under pressure to adapt to the changing conditions. In response to this, we expect to see compliant use of first party data continue to grow in popularity. By establishing direct relationships, publishers and their advertisers can use personalisation methods to seize strong monetisation opportunities.”
EMEA MD, Integral Ad Science (IAS)
“Two years on from the GDPR, our research shows that privacy is still a key concern for the majority of consumers, in fact a massive 94% of them – even if 33% of consumers remain unaware of specific data privacy regulations. Instead of sharing personal details, UK consumers prefer to see digital ads based on interests and purchase history. With the demise of the third-party cookie, advertisers must now consider context as a crucial part of their approach to audience targeting.
“Almost nine in ten (87%) consumers understand their time online means more opportunities for data to be collected and used for advertising purposes. However, by considering the environment – the topics written about on the page, the sentiment and emotions conveyed – brands can adjust their strategies to engage with consumers alongside relevant content. The knowledge that context provides a clear opportunity to reach receptive consumers will be incredibly valuable for brands as we enter a cookie-less world.”
Managing Director, EMEA at DoubleVerify
“As we enter the third year of GDPR implementation and a new post-cookie world, many marketers are looking to leverage new methods to reach audiences. While GDPR has been an important and necessary regulation in Europe, it has also limited the data advertisers can use for targeting, analysis and optimisation.
“Contextual targeting provides an alternative for cookie-based targeting without the need to use personally identifiable information (PII) or track cookies. It uses information about the content of the page, not bid or impression data. By combining machine learning with human expertise to enhance the scale and accuracy of semantic and contextual targeting, marketers have a viable substitute to target consumers and improve their media experience, while maximising campaign performance. It’s not a silver bullet for targeting but it’ll play a significant role in driving performance in the future.”