GDPR and Business Models in the Ad Industry: A View from Teavaro

The coming of the GDPR and ePrivacy means more than following compliance guidelines set up in a handbook. Companies need to train their staff in the ethics and intricacies of data protection and think strategically about the business models that will succeed in this post GDPR and ePrivacy regulated world. In a series of blog posts, accompanying Teavaro’s presence at dmexco in Cologne, I will be discussing with Robert Bergmann (CEO) and Ben McDermott (Lead Consultant) some of the issues related to the opportunities and challenges linked to the legislation that will be implemented in less than a year.

The coming of the GDPR, soon to be transposed in equivalent UK legislation, will arguably favour those companies that have a direct relationship with the customer and rely on first party data. Do you think this means that walled gardens like Facebook and Google will be largely unaffected by its implementation or even strengthened in their market positions?


Robert Bergmann (RB):

I think companies like Facebook and Google will benefit from GDPR and ePrivacy regulation as they are in general better prepared, have much more resource to deal with it, and provide the consumer services that people want and use daily. It is therefore a much more natural thing for them to introduce their customers to it and obtain opt-ins.

Other direct-to-consumer media providers will have an opportunity to build services based on their 1st party media consumer data, but as they are currently very dependent on the ad tech ecosystem (SSPs, ad networks, agency trading decks / DSP, etc.), which largely depends on 3rd party cookie ID sync on web, they will likely see some initial revenue decline, as brands might put even more of their budget on FB and Google as they want to address audiences not just place ads on media, especially for performance campaigns.


Ben McDermott (BM):

Facebook and Google should be ready to make the GDPR transition in a way which will leave them unaffected in the marketplace, even strengthening their position as competitors struggle to cope with the requirements. However, there is the potential for misinterpretation of the regulation – either purposefully as they push the boundaries or through lack of clarity and contradiction in certain areas – that could have damaging ramifications should regulatory bodies be willing to make an example of them through the courts.  As the flow of data runs into such companies, and GDPR is very clear on holding both data owners and data processors liable for misuse of data, such an event could be extremely damaging to their business.

However, the more likely – and perhaps more depressing – scenario is that companies will rely more on these giants to govern their data and thus their advertising budgets safely, further reducing the spend in the remainder of the advertising ecosystem as it struggles to adapt and keep up. Companies must prepare for the post-GDPR and ePrivacy future –the two are aligned in requiring an active opt-in consent for a named organisation and offer the ability to withdraw that consent. Different scenario may arise from rules that effectively disrupt the marketing and ad tech world as we know it. Companies will look for alternative solutions coming through, or potentially face a duopoly for years to come that will have an effect on pricing and marketing performance.


Some German broadcasters have joined forces to create a unified, GDPR-compliant user ID and login registration to establish a way to achieve a more accurate audience identification and therefore create more media and audience reach. Do you see this as a trend that will increase as we approach May 2018?



I see that there are an increasing number of initiatives, which I could broadly categorise in ad tech (, agency ( and media owner / brand led groups. The first is an attempt to keep the ad tech platforms working and alive. The second is more of an attempt to keep agencies and their platforms connected with advertiser data, and the third is to build scale around media ecosystems via a common ID and login approach.


I think the problem with these initiatives is that participating companies are often competitors; their motivation is mainly to counter the Facebook-Google duopoly, but providing a common ID does not help protect their data and to build lasting assets.

I see the solution in a technical capability, as we are building, which allows each company to build proprietary data assets and solutions, which it can better control and protect, but also connect into a wider ecosystem to allow media buyers to make the most of their own data as well as buy publishers’ audience segmentations as needed.

For that to be successful, the media buyer (advertiser or agency) needs to be able to buy media and audience data seamlessly at scale and with the means to independently verify performance through preferred tools. The process of controlling access to the targeting attributes, campaign user ID for frequency capping and sequencing would need to be automated so that it can scale without significant additional costs.



I think Robert’s answer captures the essence of this: despite all the spin, these cooperatives are blatantly an attempt to combat the above scenario, where Google and Facebook create an unassailable duopoly post-GDPR / ePrivacy. While such attempts to restore a balance are needed, the proposed end goal of providing a single, agnostic user ID that eliminates the threat of these colossuses is unlikely, compromising and has started too late. The method is too similar to that employed by Google and Facebook, meaning the long-term benefits to publishers are reduced, as it would simply be trading one restricted marketplace for another, and are overshadowed by their short-term goals – goals which are perhaps catered best by the walled gardens at present.

While this trend will no doubt increase as the cold sweat of realisation manifests and the walled gardens’ stranglehold tightens, there are potentially more powerful means to facilitate a defence against a duopoly in digital marketing that don’t necessitate such compromise for publishers.

In the second post of this series, we will look  more in depth at what all this means for the ad tech system and at the possible scenarios that could emerge in particular with the application of the ePrivacy directive, which will be affecting current pillars of the ecosystem such as third party cookies and ID synching. We will also hear more about the role of Teavaro in facilitating the emergence of a possible industry-wide solution.

Teavaro will be running a GDPR Breakfast on 10th October in association with Mobile Marketing Magazine for brands and media owners. For more information and to register, please click here.

About us
Picture of a team analyzing stock market information

Teavaro truly connects brands and their customers, driving privacy-compliant personalised engagement across any media and device.

Follow us on social

Contact us

We answer all emails and requests as they come in usually within 2 working days.

More from our blog