Opinion: Europe's Strict New Privacy Rules Are Scary but Right

By Published on .

The next big disruption in digital media is coming from the European Union, but it's not stopping there.
The next big disruption in digital media is coming from the European Union, but it's not stopping there. Credit: via Wikimedia Commons

Apple defies industry logic.

Apple is the only major tech company with a default assumption that consumers don't want to be tracked or targeted across the web. Its leaders convey a belief that your data is your data until you say otherwise. In a world where data has been called the "new oil," how does Apple side with privacy and stay so rich?

Cynics argue that it's because Apple depends less on advertising and commerce. I say it's a benefit of Apple's strategic decision to build trust with its customers.

If you work in digital media, you need to know that the industry is one year from taking a big step toward Apple's view. No, this isn't a case of digital disruption coming (once again) from Silicon Valley. In this case, the seismic shift originates in the European Union. Much of the digital media industry is likely to panic over the coming months. But mark my words: The EU will ultimately lead publishers and advertisers to a better place.

The most significant change to data privacy regulation in more than two decades will go into effect on May 25, 2018. Under the EU's General Data Protection Regulation, or GDPR (a mouthful, I know), any company will need to ask for explicit consumer consent to collect and use data across the web and app ecosystem. The GDPR has been described as a new gold standard globally and "extraterritorial" in that it applies to any company that touches personal data of EU citizens -- so everyone needs to pay attention.

And the GDPR has teeth: It will prescribe fines equal up to a whopping 4% of global revenue. To put this in perspective, Facebook's fine last week of $130 million (for providing misleading information about its WhatsApp acquisition) could have amounted to more than $1 billion if it happened under these new rules. Amid our industry's uproar over the digital advertising "duopoly" of Google and Facebook, Europe should be applauded for writing the first law that, as a byproduct, may actually change how those companies do business.

So how exactly will these rules affect everyone?

Let's start with consumers
They should always be priority No. 1 (see: Apple). They distrust digital advertising more than any other format for a reason. More and more boycott all of it by installing ad blockers. That's not entirely about privacy, but tracking consistently ranks among consumers' top concerns consumers with online advertising.

Though research earlier this year showed that Republicans and Democrats both overwhelmingly supported preserving the FCC's privacy rules for browser histories and other matters, Congress gutted the rules anyway and rapidly heard from their constituents. This may be part of the reason we're seeing regulation at the state level and new bills out of GOP leadership. Bottom-line: People want simple and effective ways to prevent companies from tracking everything they do on their phones and browsers. In fact, 92% of consumers say they don't want their browsing data sold or shared without permission. Just ask yourself, would you?

The impact on advertisers is a bit more complex
Digital is still mostly a direct-marketing business where advertising is bought at minimal risk, optimized with performance guarantees and targeting to the best audience possible at the lowest possible price. These are the classic rules of direct marketing. And to do it, unsurprisingly, advertisers prefer zero limits on how they can mine and use data across the internet. Trade lobbies like the Direct Marketer Association are happy to explain that more access to your browser data means more relevant ads for you. So, of course, they are concerned about GDPR.

Two other significant advertising trends are happening, though, which suggest that these new rules may ultimately benefit advertisers.

First, advertisers have peeled back the onion on transparency to see what is really happening in programmatic. And they've learned that intermediaries are often using advertisers' data -- and often their purchasing power -- to benefit their own interests. Economists at Carnegie-Mellon have demonstrated that without privacy rules, intermediaries' interests don't align with the advertising firms that they are supposed to represent. "We find that a strategic intermediary may choose to share with advertising firms only a subset of consumer data," they concluded, "maximizing its profits at their cost."

Second, brand advertising -- in which advertisers typically care about the context and use emotion and art to create desire and demand -- is shifting towards digital. This trend is gaining momentum as TV and magazine audiences, the historical venues for brand advertising, begin to decline. But again, there is significant research that brand advertising often fails when solely dependent on targeting. Don Marti has done significant work in pulling together this research.

Think of the publishers
They are, of course, closest to my well-disclosed interests as I lead a group that represents them. No doubt we've thoroughly documented the significance of the control by the duopoly, particularly as it relates to data collection. Unfortunately, the industry continues to do exactly what the duopoly and ad tech lobbyists demand: We are all complicit in protecting their ability to vacuum data across the web. Allowing the market to enable more and more data collection by third parties hurts us all.

Three years ago, I walked through the math on how behavioral targeted advertising is immaterial to publishers in light of solving for bigger issues. Previously, many argued that multi-site behavioral ads were critically important to the funding of high-quality news and entertainment. What we discovered, however, is that these types of ads that collect data across the web were only responsible for approximately three to four percent of publisher revenue.

Though open exchanges increasingly take a share by selling surplus inventory, they're also being used as a tool to find audiences at the lowest price available -- significantly cheaper than anything relying upon a publisher directly. And what's worse, they often do so by using the high-quality publisher's brand and audience for a single instance to collect data and retarget in worse contexts for brands. With the addition of header bidding tech, that data can often be collected without even making the winning bid.

Think about this for a second: Publishers are allowing ad-tech companies to collect their audience's data and browsing history only to sell ads to these users elsewhere. Publishers also let Facebook (and now Twitter) do this by collecting data whenever Like (or Tweet) buttons show up on any page. Did a publisher ever intend for their audience's entire browsing history to be available to Facebook? I doubt it. But that's what they've granted Facebook in pursuit of Likes.

This time next year the GDPR will go into effect and things will inevitably change. The application of this regulation is also likely to eliminate current friction (goodbye to awful EU cookie notices) and offer easy ways to turn consent on or off using long-defined but mostly ignored Do Not Track signals.

These are positive developments that put the consumer first and increase trust. But importantly, the GDPR also solves an issue for advertisers and publishers by making intermediaries truly accountable to publishers' customers: advertisers and consumers. As long as the EU doesn't bend to the demands of the powerful platforms, the new privacy rules could actually breathe life and energy back into the economics of the publishing business. Apple wouldn't be surprised.

Most Popular