Last week, Google became the first major use case for Europe’s General Data Protection Regulation (GDPR), racking up a $56.8 million fine for not prominently displaying required information and obtaining adequate consent for ad targeting.
The fine is substantial, but won’t make a dent to the multi-billion dollar company. CNIL, France’s regulatory authority, justified the size of the fine saying that Google’s violations were ongoing and severe, and implied that it wanted to send a clear message to marketers. Google said it is appealing the ruling.
Like much of the ad tech ecosystem, Google was relatively late in its response to GDPR. Weeks ahead of GDPR’s enactment last May, Google told publishers they would be responsible for collecting user consent for Google ad targeting. It offered publishers a consent mechanism in the form of its Funding Choices tool, which is still in beta. Google was still negotiating the implementation of IAB Europe’s Consent Framework, which wasn’t released for comment until March, into the fall.
GDPR governs the collection and handling of data belonging to European Union (EU) members, no matter where the handling occurs. In 2017, California passed a “GDPR-styled” consumer data privacy law that will go into effect in 2020, and other states are expected to follow. Federal lawmakers are starting to discuss enacting a nationwide policy.
So even if you’re not directly dealing with the fallout of the CNIL’s action against Google, it’s important to review your own processes and vendor relationships, and watch carefully how it plays out across the pond. And that’s exactly what U.S. marketers are doing.
Not just a European issue for marketers
“Marketers need to care about these fines because the initial examples being made right now are typically going to be the big names with deep pockets,” said Susan Wenograd, account group director for marketing agency Aimclear. “But rest assured, regulators are taking GDPR seriously and you need to get the house in order.”
Wenograd said that the decision has “the very immediate potential of impacting who marketers can target, and [marketers] need to review proper procedures for consent,” she said. “We all need to be informed and understand the implications of such potential regulation here. Many businesses — marketing firms included — tended to look at GDPR as a ‘European issue that doesn’t affect me.’ Avoid that line of thought!” Wenograd said.
Trust between companies and their customers is on the line, said Darin Archer, CMO of e-commerce platform Elastic Path.
“GDPR is very important from a marketing perspective, as it forces marketers to be more rigorous in their protection of customer and prospect information, in order to maintain trust in the company and the brand,” Archer said.
Data sets may be in peril
Justin Freid, EVP, managing director for pharmaceutical media agency CMI/Compas, said, “Google’s latest fine is adding more fuel to the fire for U.S. advertisers to continue to evolve our data collection and targeting behavior.”
“Communication between ourselves, the data providers and large DSPs has ramped up, as [issues around the] use of the data have become more and more sensitive,” Freid said. “We are seeing certain global publishers and DSPs begin to analyze U.S. programs with GDPR in the back of their minds, questioning certain data sets,” Freid said.
Wenograd said that some of Aimclear’s clients have seen steep declines in data points available to them, requiring new approaches.
“The consent requirements make some things that used to be simple more challenging to accomplish,” Wenograd said. “Marketers need to level-up their thinking and their creative chops in how they dissect the more general data they’re now working with. Classic marketing skills are more essential now than ever.”
Impact on adtech still to come
“Today, this fine will not affect our U.S.-based campaigns, but it is something that we are considering for future planning,” Freid said. “There is no doubt the U.S. will continue to adopt additional privacy elements for consumers. We want our process and partnerships to have as little disruption as possible when this occurs.”
Jonathan Kagan, senior director of search and biddable media for MARC USA, said the impact of the French decision on his company has been negligible.
“In the U.S., [the decision] has no current impact on marketers, but in the EU, it may cause some to reevaluate the tactics they are using,” Kagan said. “This won’t impact my relationship with the vendors, as they seem to always come through, but this will likely have a profound change to their technology offerings.”
Looking beyond traditional targeting
Carolina Abenante, founder and executive vice-chair of premium ad platform NYIAX, says, “marketers should be aware of how that data is pooled from users, the methods for pooling said data, information on consent that is provided to receive data and how that data is treated. This will enable marketers to open that black box of data to see and define its utility in their campaigns.”
“We are always looking for alternatives to data target ads; however, this is dependent upon the needs of the agency and/or advertiser,” said Abenante. “We are looking at many different methods and technologies that enhance first-party data from publishers and companies who are working directly with the publisher, which could enable that eventuality.”
Wenograd’s message to marketers is simple: “Being out ahead of the game was essential. For those who aren’t sure: get smart really fast about GDPR and your business.”