GDPR compliance has reshaped the adtech industry in ways that nobody could forecast. Gaining permissions for existing data became a priority but the realisation that this was not always possible led to new strategies. Companies who have a direct relationship with their clients and troves of first-party data found themselves in a solid position, utilising persistent IDs as a people-based marketing strategy…
Following the formative years of GDPR, speculation about how the data-driven economy – in particular, the ad-tech ecosystem – would be reshaped by legislation focused on increasing protection of customers’ data and privacy has given way to realisation. After the final months of 2016, in which the specialist press deprecated the scant preparedness for the new, post-GDPR world, and its unfamiliar apparatus of transparent opt-in, right to be forgotten and data portability, the industry soon came to terms with the fact that change would happen and that its effects could be beneficial. The positive reception given to the 2017 announcement of announced the Data Protection Bill by the UK Government, which was aimed at securing GDPR compliance of UK firms after Brexit was telling. Businesses had swiftly come to terms with the new data rules. In working towards compliance, it is now vastly acknowledged that firms can establish a trustworthy relationship with their customers about the use of their data in a way that might prove beneficial for their business model. A stronger opt-in culture, for instance, was quickly viewed as enhancing the strategic importance of customer consent management as users will give and withdraw consent and thus inform their personal marketing and brand experiences. From the pages of this blog, Teavaro’s position has always been that GDPR represented an epochal opportunity, not the death-knell for the industry.
By creating new opportunities, encouraging certain business models, and disfavouring old practices, the GDPR has reshaped the ad-tech industry in ways that nobody initially forecasted. The data lacking GDPR compliance, and might be useless in a year’s time. This phenomenon is sometimes referred as ‘compliance drop out’. One possible leading to ‘compliance drop out’, has long since been replaced by ‘re-permissioned’ data ; that is, data obtained by securing fresh consent from customers, in line with the regulatory rules. Far from involving an awkward ‘conversation’ with the customer base, via whatever channel (if the customer has given consent for the use of such means of communication in the first place), the new awareness of customers about how their data is used has led to improved relationships with companies willing to follow the tenets of transparency and communication. Overall, the prediction that GDPR would favour companies that have a direct relationship with their customers, which was obviously the best way to gain consent, was proven true. Data intermediaries (companies who rely on third party data) have found themselves in a more difficult position, endlessly listed in clunky consent management pop-ups and easily dismissed by the ‘Reject All’ button. In 2017, Johnny Ryan, head of ecosystem at PageFair, an Ireland-based ad serving technology company, said “Companies who create value only by using data and tracking people across the internet will have to find a way to build a relationship with the customer. They will have their businesses seriously disrupted.” Heeding this prediction, corporate relationships changed and these companies became service providers ahead of data farms.
In this sense, behemoths such as Google and Facebook, whose practices have sometimes incurred the ire of EU courts, found themselves reinforced in their leading position through the new EU legislation. They have enhanced the transparency of their privacy and consent policies and through their scale of logged in users can easily gain compliance consent for the use of data. As expected, users still opt-in and readily give personal data in order to use ‘free’ services and there has been little traction so far for a marketplace of users’ data controlled by users (despite numerous attempts). Through this scenario, persistent IDs – identifiers established through a login that can be used to identify and track a user across several devices – have gained traction among brands as way to prosper outside the comprising model of the walled gardens. Soon after GDPR was enacted, for instance, two of Germany’s largest broadcasters teamed up to create a single ID for their customers to use across all their media, with a unified way of managing the privacy settings and the way their data is used. If, as it seems, GDPR compliance will further encourage the adoption of persistent IDs and ID matching as a coping mechanism, that would mean even more reliance on first-party and deterministic data, and therefore a better deal for marketers (both in terms of reach and attribution) and publishers as well as personalised journeys, aka ‘people-based marketing’, for the customers.
For more information on GDPR, take a look at our GDPR series.