Our friends in the EU are about three weeks into the brave new (and cross-fingered) world of GDPR. There have been some solid compliance executions, but largely it’s been a wide spectrum between overly cautious and overly loose – (check out www.gdprhallofshame.com for some excellent examples of the latter).
On the ad-tech side of things, we’ve seen a rapid rise of Consent Management Platforms (CMP) and other ‘groundbreaking’ solutions, only rivaled by the pace of people updating their LinkedIn bylines to include ‘GDPR specialist’ or similar. This has been coined (pre-pun laugh) as the 2018 version of the great cryptocurrency/blockchain/distributed ledger status update of 2017. Sure, there are some great companies and people out there, but largely it’s been a muddled and late (was two years’ warning, not enough?) response by many, many companies.
This isn’t a blame game though…. The truth is people honestly don’t know if they are going to be compliant enough under the new microscope. We’ve also seen some pivotal changes from large tech companies including Google, which has recently reversed its initial guidance around limiting CMP vendors which publishers can use for opt-ins from 12 to infinite.
It’s a rapidly learning, tweaking, and mostly adaptive space. The risks are still there though and I’m sure that the powers that be are still hunting for an example poster-boy in earnest. That 4% global turnover fine is just floating out there in the ether, waiting to be called up and bless some unfortunate company…
Who would have thought a user’s right to be forgotten or actually opt-out would be so contentious and complex? It's almost like the companies don’t want to surrender your info. /sarcasm
Putting a programmatic lens on for a moment, we’ve already seen a pretty impressive stutter-step at launch with many exchanges seeing falling demand of between 20-40% on launch. Much of the finger-pointing has been at Google around its abrupt and late notice policy rollouts prior to G-day.
Literally the day prior, some buyers were advised not to buy anything via third-party exchanges as they couldn’t ensure the compliance of the inventory, specifically those using pixels for ad verification and tracking. Alert! Panic stations! (Relax, I’m sure AdExpert was fine...)
We’ve also seen other players in the programmatic space playing with caution as The Trade Desk and MediaMath are both non-binding on any request which doesn’t have a consent string, which, in my opinion, is exactly how things need to be. I’m over the wild wild west (except Salma #TeamHayek) of the supply landscape.
At this point, GDPR is looking like a great sheriff and seems to be making some really positive changes, and once the dust settles and everyone can clearly identify the new ‘norm’ the EU should be in a much better place.
As far as New Zealand goes, most of the above should cover off our traders buying NZ eyeballs on EU-based sites. For our local companies that do business in the EU, it’s caution at a distance with more than likely a heavy reliance on marketing automation tools providing great assistance as far as gaining consent from users in email databases goes. By and large, being compliant with NZ law should cover most, but the really interesting part as far as NZ goes is how the new proposed Privacy Bill could change things up locally. It’s a major update to an Act which was originally born in 1993 and let’s be honest, a TON has changed since then, and it’s fairly safe to say we can expect a TON of changes as a result.
It's a really interesting and challenging time in the ad-tech space, not just with the rollout of GDPR and other like policy changes in the pipeline, but with browsers making some significant changes around cookie tracking, and M&A still pushing on (for example Oracle gobbling up Grapeshot) we’re going to see a slow rebalancing of the lines between content, context and consent. A lot of cons in there, but it’s not all bad.