Europe’s new data privacy law has put a small army of tech firms that track people online in jeopardy.
Europe’s new data privacy law has put a small army of tech firms that track people online in jeopardy and is strengthening the hand of giants such as Google and Facebook in the $200 billion global digital advertising industry.
The General Data Protection Regulation brought in by the European Union in May is designed to protect personal information in the age of the internet and requires websites to seek consent to use personal data, among other measures.
The ability to track internet users has attracted hundreds of companies that harvest and crunch user data from websites - with or without the consent of the site owner – to form very specific individual consumer profiles.
GDPR poses a challenge to those groups because they all need consent to use the data. While sites often request consent on behalf of the ad tech firms they use directly, uncertainty over whether every link in the supply chain is GDPR-compliant is pushing some to leave Europe altogether.
Concerns about GDPR should, however, benefit Alphabet’s Google and Facebook as their loyal customers are more likely to give consent to carry on using sites, allowing the US giants to keep amassing and analysing vast amounts of GDPR-compliant data that advertisers will pay to use.
Big publishers such as national newspapers are also likely to keep their readers and believe they can benefit by eventually charging advertisers more for online slots in the knowledge they are compliant with the new EU rules.
“It’s challenging for the digital ecosystem,” said Mark Read, joint boss at the world’s biggest ad agency, WPP.
“But if consumers feel confident that their data is being protected and they understand how it is being used and it’s done with permission, ultimately that should be a good thing for clients and for us,” he told Reuters.
From a standing start nearly 30 years ago, the internet has become the largest advertising medium in the world because it allows firms to target consumers with ads based on anything from their browsing history, comments, spending power to location.
Within the tangled ecosystem are multiple firms that help brands and ad agencies connect to sites that fund content with targeted ads. For every dollar spent by an advertiser, about half may go to ad tech groups, according to industry estimates.
When an internet user pulls up a page multiple bid requests are sent into the advertising ecosystem touting facts about the person such as demographics and interests, as well as the nature of the site they are viewing.
That personal data can then pass through a dozen or more ad tech firms before a company or ad agency bids at an auction for space on the website and an advert is loaded. It is that spread of personal data that risks breaking the new EU privacy law.
For example, a firm that provides ads for a website viewed on a mobile phone may use other partners not included in the compliance chain to provide information about a user’s location.
That doubt about compliance is threatening the myriad ad tech middlemen and is also prompting advertisers and publishers to rethink how they share their user data.
“In a world where we are putting the consumer first, there are only going to be so many opportunities for the very colourful ecosystem of companies to obtain consent,” said Andrew Casale, head of ad group Index Exchange.
In the midst of the disruption, some ad tech groups are pulling out of Europe. Harry Kargman, founder of mobile ad firm Kargo, told Reuters the company had withdrawn for now because it did not know how GDPR would be applied.
“There is too much uncertainty,” he said. “And I don’t think (that will change) until they apply it in specific cases.”
Verve, a company that helps advertisers target consumers on mobiles based on location, and Drawbridge, a cross-device user data firm, have both stopped operating ad businesses in Europe.