You may remember hearing about the Volkswagen emissions scandal that made headlines worldwide in 2015. For those unfamiliar with the story, the German automaker intentionally programmed its turbocharged-direct-injection (TDI) engines to comply with the United States’ emissions and pollution standards by activating the engines’ emission controls only during laboratory tests.
This allowed Volkswagen’s engines to meet the NOx output required by the US, and therefore, allowed them to sell cars in the US market.
The company was later caught when independent tests showed that the TDI engines were in fact producing 40 times more NOx during real-world driving than in lab tests, meaning they grossly exceeded the amount allowed by law.
The Volkswagen emissions scandal is just one of many that have sprung up since 1963 when the US Clean Air Act (CAA) was enforced. Car manufacturers including Fiat, Chrysler, Ford, Hyundai, and Kia have all violated the Clean Air Act at some point in the past five decades.
What does this have to do with AdTech and the General Data Protection Regulation (GDPR)? The connection between these emission scandals and the upcoming law change can be explained through the similarities both stories share:
1. A Regulation That Changed the Game
Many of these car manufacturers had to change the way their engines worked to comply with the CAA. For the most part, this meant making cars produce less pollution and become more environmentally friendly.
In a large majority of cases, reducing NOx production, and subsequently complying with the CAA, meant engine performance was restricted.
AdTech vendors are now faced with the same situation, as they will have to change the way their technology works to comply with the European Union’s GDPR. In the same way the Clean Air Act is designed to protect the health of US citizens and residents, the GDPR’s purpose is to protect the data of those living in the EU and EEA—something that, let’s face it, is traditionally not in the direct interests of online advertising companies.
Ask us anything about the technical side of the GDPR
2. A Financial Incentive NOT to Comply
The reason car manufacturers decided to cheat on the emissions tests ultimately comes down to profit, as they would have had to stop production and invest in new research and development to find cleaner technologies. For many, cheating was the cheaper and easier alternative.
For AdTech companies, the financial incentive not to comply with the GDPR may not be as high as it was for Volkswagen, but it is still exists, as vendors will need to either assign more work to their in-house development teams or work with an AdTech development company to make their platforms GDPR-compliant.
Development costs aside, the GDPR poses a threat to the very foundations of online advertising—third-party cookies. This alone means that the entire business model of some companies will be heavily affected; think of the business model of data brokers, which can be likened to the business model of car companies that relied on diesel prior to the Clean Air Act.
By now, most of us know that the GDPR requires AdTech companies to obtain clear, unambiguous, and explicit consent from users if they want to drop a third-party cookie in their browser, collect their data, and use it for online behavioral advertising.
In a world where more and more online users are installing ad-blocking software to eliminate ads and block third-party cookies, this will not be an easy feat.
With that in mind, it’s probably no surprise that many AdTech vendors are putting their chips on legitimate interest, a bet they will certainly lose.
3. High Fines for High Crimes
The fines handed down to car manufactures for violating the CAA have varied. Some have received minor fines for minor infringements, while others have been hit hard. The Volkswagen emissions scandal cost the company about $30 billion in total, which includes the numerous fines it had to pay. AdTech companies that fail to comply with the GDPR will face a similar fate.
The GDPR’s fines range from €10 million or 2% of the previous year’s revenue for less serious infringements, to €20 million or 4% for more serious infringements, such as failing to obtain the proper consent for data processing.
For the record, we are not insinuating AdTech vendors will intentionally do anything to cheat the GDPR, but there certainly is an incentive not to comply with the upcoming regulation, especially as it will require spending money on something that won’t have a return on investment (at least not in the traditional sense), and threaten the business model of just about every AdTech company out there. The next few years will highlight which companies have taken the GDPR seriously and which ones haven’t.
The article was originally published on ExchangeWire.