While the EU’s General Data Protection Regulation (GDPR) and its “baby sister” the ePrivacy Regulation may be full of ambiguous statements and legal jargon, one thing is clear; if you collect data from EU citizens, then your world is going to look a whole lot different come May 25, 2018.
Even though most of the articles contained in both regulations are troubling for the online advertising industry, there’s one section of the GDPR that’s especially worrying – the one about user consent.
Here’s a short recap about what the GDPR has to say about consent, without the legal jargon:
Companies that wish to track online users (i.e. EU citizens) and collect data about them will have to get clear and voluntary consent. This can’t include pre-marked opt-in boxes and companies can’t deny access to users if they don’t consent. Also, consent will have to be received for each activity. So for example, if a company wants to track a user’s behavior via web analytics AND user their data for advertising, then they will have to get consent for both activities.
As it stands currently, companies and publishers don’t have to get consent from users if they want to collect data about their behavior and use it for analysis or to serve them targeted ads, so the real impact of this new consent policy won’t be truly understood until companies actually start implementing it.
However, a recent report from PageFair has given the whole online advertising industry a preview into this new, post-GDPR world, and it’s not pretty.
Ask us anything about the technical side of the GDPR
PageFair Exposes Some Ugly Truths About User Consent
The PageFair survey, which included over 300 respondents, uncovered some pretty scary realities surrounding the user consent section of the GDPR.
Here is a summary of some of the most damning results:
1. Consenting to sharing web browsing habits looks slim
Under the GDPR and ePrivacy Regulation (which is still being drafted), publishers will have to get clear consent from online users if they want to share their web behavior with other companies; whether that be for advertising purposes or simply just to analyze their behavior with web analytics companies like Google Analytics.
The results of this particular test reveal that online users don’t want their data to end up in the hands of third parties, even for something as basic as web analysis. To improve your chances of getting consent for analyzing website behavior, you could opt for a self-hosted web analytics platform as this will mean you are the one collecting, storing, and using the data – not some third party.
2. Companies that use first-party cookies for behavioral targeting will benefit
The survey also uncovered some truths about how users feel about first- and third-party cookies, which probably won’t come as a surprise to most:
“The very large majority (81%) of respondents said they would not consent to having their behaviour tracked by companies other than the website they are visiting.”
This highlights the concern users have surrounding third-party trackers (i.e. third-party cookies that can track users cross-site) and will cause huge problems for a large majority of AdTech companies and advertisers as they currently rely on third-party cookies for behavioral ad targeting.
It will, however, have less of an impact on large companies, such as Amazon, as they will still be able to use first-party cookies for behavioral tracking. Companies, such as ecommerce stores, that use content personalization to promote their products and recommend similar ones will also be less affected by this as they too will be able to utilize their first-party data for these activities, provided they get consent to do so.
3. Publishers will be the gatekeepers for consent and may charge accordingly
Consent will need to be given to all companies wanting to track and analyze user data, but will very likely be collected at the publisher-level.
And this puts publishers in a very interesting, and somewhat powerful position as they will become the gatekeeper between online users and advertisers & AdTech companies and may decide that the effort required to gain user consent may warrant some sort of financial reward.
Interestingly enough, it seems as though AdTech companies (32%) believe that publishers will ask for some sort of compensation more than publishers themselves (27%).
What Does This Report Tell Us?
This results from the report tell us 2 things:
- A large majority of users will not consent to being tracked nor allow companies to use their data for behavioral targeting.
- Advertiser and publishers will benefit from a first-party cookie approach.
What’s Next for AdTech in a Post-GDPR World?
When reading reports like the one from PageFair, AdTech companies and advertisers shouldn’t be thinking about how they will overcome these challenges or bypass the upcoming changes in the GDPR and ePrivacy Regulation, instead they should focus on creating a future-proof business.
For the most part, this will involve coming up with innovative and forward-thinking ideas about how companies can still serve relevant ads to engaged audiences without having to collect user data, and therefore won’t have to worry about getting user consent.
Admittedly, this is no mean feat and it’s fair to say that this kind of technology isn’t even around yet. But as we’ve seen in other industries where companies have had to make fundamental changes to the way they operate in order to comply with new laws, sometimes all it takes is a nudge in the right direction for innovation to show itself.
The GDPR is the nudge that AdTech desperately needs.
This article was originally published on ExchangeWire