iabeurope: GDPR impact on Programmatic Trading blog series – GDPR three months on
Programmatic technology is now at the forefront of data-driven advertising, indeed, half of European display ad revenue is now traded programmatically and programmatic in Europe has reached a market value of more than €8bn according to IAB Europe’s 2016 Programmatic Market Sizing study. However, with regulatory challenges drastically questioning how the digital advertising ecosystem operates, programmatic trading needs to show that it can adapt to meet the evolving needs of the industry.
In this blog series, IAB Europe’s Programmatic Trading Committee and its members assess the impact and the opportunities of the GDPR on Programmatic Trading.
David Pironon, Board Member, IAB France
GDPR 3 months on…
Even though, 25 May was the most anticipated date in the industry and was known about way in advance, the impact of the fateful day set off more waves than expected. One clear fact was brought to light, that despite the anticipation and the brouhaha, the market was simply not ready, and industry players were not speaking the same language from the get go. Some companies, including the Los Angeles Times, the Chicago Tribune, even took drastic measures, such as suspending their services in Europe, to avoid non-compliance.
Furthermore, during the first weeks of GDPR implementation, the effects on campaign deliveries and the split of advertising spend among sellers was unexpected at times. Publishers and platforms with the highest Consent Management Provider (CMP) adoption rates among their users were not always benefiting from being early supporters of this new tool.
A transition phase that won’t last – Why TCF and CMP are critically important
However, this transition period won’t last, and the real effects of GDPR will be more visible, little by little, once CMP adoption takes off, and when all players apply a strict policy on user consent management. There will be no doubt then, that only the players who anticipated well and have been exchanging user consent information with others in a standardised way, will manage to grow their businesses sustainably.
The IAB Europe’s Transparency and Consent Framework (‘the Framework’) is undoubtedly the only common language, as it helps players in the digital advertising chain ensure they are GDPR-compliant especially when it comes to accessing data and/or processing of personal data. The Framework is particularly relevant to publishers (with first party data) who partner with third party vendors to enable these third parties to process user data. It provides a standardised mechanism for requesting, storing and sharing user consent along the supply chain.
The Framework aims to provide a complete solution to ensure full compliance with GDPR by enabling user consent management for every involved vendor. Publishers need to be aware of this when they are making their choice (and when implementing their consent management solution).
Let’s focus on in-app, which currently has much lower CMP adoption rates. Indeed, in-app is often wrongly perceived as a secondary issue compared to web traffic, whereas it is directly impacted by GDPR, as the use of mobile advertising IDs and other personal data are also restricted to users who have explicitly given their consent. In the mobile app environment, the IDFA / Advertising ID / Lat-long are the typical types of personal data that will require consent from the user before being processed by any vendor.
Hence, the risks for app publishers who don’t implement a CMP and don’t collect consent for each vendor involved are significant. Every user should be able to freely accept the processing of their data by being clearly informed; and each user has the right to know who accesses their data, and for what purpose. There’s a lot to be seen post GDPR, and the topic of user data and consent will be sticking around for quite some time.
Why GDPR impact will be broader than just the EU
It is interesting to observe that other regions could follow the example of GDPR and pass / update their own data protections laws.
In the US, the state of California recently passed the Consumer Privacy, giving residents of the state significantly more control over how their data is collected, used and handled. It allows consumers to know what information companies are collecting about them, why they are collecting that data and who they are sharing it with. Although the law will not go into effect until January 2020, it will without question have massive implications for every brand, agency and tech company.
The trend to more closely govern personal data will continue, as people are interested to see what third parties can gain access to their data. Technology companies, media groups, retailers and banks are among those most affected because of the vast amounts of information they hold on customers.
To read the article in its entirety, please visit iabeurope.eu