Data privacy and protection capabilities continue to be the most controversial, divisive and discussed topic today. Managing to deliver relevant ads without breaking consumer trust over privacy is a tricky tightrope for marketers to walk. Ivan Guzenko, CEO at SmartyAds, gives an alternative opinion and a holistic view of data challenges.
Many businesses see themselves as extremely advantageous in user data management, and even more expect to become such in the near future according to Data-Centric Organization Survey. Striving for greater data sophistication, 50% of companies are looking for strong predictive analytics solutions, cross-channel measurement, and audience segmentation.
The user data helps to adjust to the customers’ needs, and to understand whether service or product meets their expectations. Also, it helps to discover opportunities for extending the audience pool with proper segmentation. Fueled with user data, AdTech and MarTech tools have become accurate marketing weapons that organize communication with users and define the channels where the message is most likely seen.
However, GDPR has placed different rules on EU-based customer data collection and management. Hence, marketers have faced a great dilemma – to abide by the rules of GDPR, or to restrain from European user data completely?
Data-driven marketing or data regulations?
GDPR has obliged all companies who deal with EU-based customer data to execute their fundamental rights for free access, erasure, and management of personal information. Most importantly, it made obtaining user consent for data collection obligatory.
Last year, companies hastily updated their confidentiality agreements; others quit their advertising campaigns in Europe. Data providers were the most vulnerable in this situation since they’re responsible for processing third-party data. In the short run, this caused a drop in traffic value as certain DMPs stopped processing user data from the EU. According to Digiday, some ad exchanges observed a decrease in demand by 20–40%, but right after the panic ceased, it appeared that the worst had failed to materialize.
American Direct Marketing Association (DMA) delivered results of a study according to which, despite big scandals with user privacy invasion, people in general, don’t mind sharing their data with brands. More than 58% of surveyed Americans are actually willing to share their email or geolocation. Trust appears to be a decisive factor that determines whether a customer will agree to provide personal data. Bonuses and discounts come second. As seen from the chart below, the rest is left to recommendations and general brand awareness.
Before GDPR, some experts predicted the death of programmatic, since it entirely depends on user data. Industry minds had thought that the only possible way for it to keep afloat was shifting to non-personal targeting, based on clickstream analysis instead of using cookies, geo, and other data classified by GDPR as personal.
The dynamic IP address, widely used in programmatic targeting, is attributed to personal data by GDPR, because it can be matched with the logs of the Internet provider, and thus, can identify the user. The world, however, is actively embracing new IPv6 address protocol. It generates a vast number of IP-address variations and enables giving each device a unique IP address. The traffic transferred through the proxy will prevent identifying user activities by source IP address. It will be just a metric used for targeting in case user cookies are unavailable.
GDPR preparations are not over; the concept of ‘privacy by design’ is often criticized for vague statements which can be interpreted differently. This, in turn, has led to the creation of common regulation frames and standardization, like OpenGDPR. This initiative aims to bring business processes to new standards more quickly and without mistakes.
Programmatic initiatives in their turn, are also pushing advertising to greater transparency and user data protection. With IAB’s new app-ads.txt, starting from May 2019, app publishers can also be certified. That means that money, as well as user data, are no longer subjected to fraud risks while parties participate in real-time-bidding or in-app header bidding auctions.
How to embrace GDPR without sacrificing marketing?
Collection of behavioral data through websites, email data, location markers, and other user information is not prohibited completely. Even in Europe, processing user data is still possible but with more control and transparency added to the process. To be considered GDPR-compliant, every company should go through the following steps:
- Determine if your company is impacted by GDPR.
- Examine the databases for the data collected from EU users.
- If such data was gathered before GDPR, renew the user consent and familiarize them with their rights. Otherwise, this data is obsolete and should be immediately deleted.
- Develop a clear, concise, and noticeable form for obtaining user consent and place it on your website where users can see it. Remember, a consent withdrawal form must be implemented in the same clear and understandable manner.
- Involve the legal department to verify changes and enforce compliance.
- Appoint a data protection officer who will be dealing with questions related to GDPR.
- Make a revision of your partners to ensure you work only with GDPR compliant organizations.
GDPR 2.0: main points of controversy
Putting to action every step of instruction mentioned above is not simple. Indeed, it entails a considerable amount of operating expenses for the correct and timely user rights execution. Most internet businesses today are far from perfect in this aspect.
As it turned out, the new legislation itself appears to be controversial. For instance, if Article 3 states, that all enterprises that process data of EU citizens are subjected to the new regulation, how will the fines of non-compliant entities be enforced in other countries? The fines will make 2 to 4% of the company’s turnover. But, what if those revenues are earned outside of the UK? The other problem is related to the information erasure that will be hard to execute in case user data becomes, for instance, the subject of news, reposts, and so on.
Advertisers, publishers, and users should understand that even new legislation is not perfect, and many statements allow dual interpretation. These rules are primarily aimed at big companies, especially with businesses operating in the EU. Officials have warned that fines are the last measure. In the case of a first time violation, as a preventive measure, the company, most likely, will be instructed how to adhere to laws properly to avoid such incidents in the future.
Preparation to GDPR has cost entrepreneurs a lot of headaches and expenditures. Nevertheless, the legislation had to be redefined completely in order to create a robust digital space for advertising that is equally beneficial for advertisers, publishers, and consumers. Finally, it is safe to say that pessimistic forecasts prepared for ad tech are not true. As the legislation is still being refined, it naturally causes inconveniences, fluctuations, and temporary ad market turbulences. So far, with basic legal, technical, and organizational preparation, collecting and using the user data in accordance with GDPR is feasible without losing effectiveness of advertising.
About the author
Ivan Guzenko is ad tech visionary, blockchain enthusiast, CEO and co-founder of SmartyAds company. Prior to SmartyAds, Ivan held positions at various digital advertising companies helping them to generate sustainable growth. Ivan is also actively consulting startups and mature companies on the adoption of the latest digital advertising techniques.