The basis of media buying in the programmatic model is precise targeting. Demography, geolocation, interests, shopping behavior – all this allows advertisers to reach the target audience with the message. However, the new regulations imposed by the GDPR cause a wide limitation of access to user data. This in turn forces advertisers to submit to the new digital reality. The changes we are witnessing are opportunity or a threat to the industry?
GDPR in brief
General Data Protection Regulation is a European regulation imposed by the European Union on all member states to protect the personal data of their residents. For the first time, the legal consequences for violation of the law will be the same for all 28 states. Moreover, the rules apply to all companies willing to process EU citizens’ data, regardless of their location. This causes, that law have a global reach. Violation of the RODO threatens high penalties, even up to 4% of the company’s total revenues. Therefore, since the entry of the law, marketers must take extra care to ensure that the actions of company have to comply with the regulation. The most important thing is to have unambiguous consent from users to process their data.
Programmatic without data?
According to the regulations, users must agree, and the brands clearly specify for what purpose data is collected. This means that advertisers must have permission to either show ads, create a user profile, or disclose interaction data with ads. While many users have been reluctant to provide their data before GDPR, their number may increase significantly after it entry into force. In case when user is already a customer of the company or if the data processing is in favor of the company, the regulation may be bypassed due to the concept of “legal consent”. Unfortunately, it has limited praxis and in most cases does not include advertising.
Transparency in action
Even though GDPR brings a number of restrictions to the world of advertising, it does not condemn it to failure. Getting users’ consent, informing them about the intended use of these data, falls in this case onto publishers. Collecting data is not the simplest task, but it will allow the industry to operate in a similar way. It is already evident today that proper preparation and knowledge of the subject allows for continued effective activities.
Industry vs GDPR
Before the GDPR came into force, this topic was discussed almost in every place. Companies were meticulously preparing for the entry of the law. IAB has published the updated “Open RTB” specification in line with the new regulations. Facebook took on the role of data inspector, and set the scope of its responsibility for this function. Being more precise, in a situation where Facebook acts as a data inspector, the responsibility for ensuring compliance of activities with the GDPR falls on entrepreneurs. Most companies have prepared data processing agreements for each of their clients, employing the Personal Data Inspector responsible for activities consistent with the GDPR and other EU regulations on the privacy and processing of personal data. It is also the responsibility of the inspectors to ensure that publishers obtain their consents from their users and that they properly store them.
Undoubtedly, the GDPR caused quite commotion in the advertising industry. Instead of continuing to worry about the entry into force of the GDPR and related to these consequences, both advertisers and publishers should learn the new principles of “buying media” and focus on meeting the needs of their audience.