by Stephen Zafarino

The GDPR and the effect on US ad tech

Jun 28, 2018

It’s not just you. Since the European Union’s GDPR (General Data Protection Regulation) went into effect on May 25, companies have been ramping up those opt-in boxes, website banners, and emails updating you on the additional permissions needed to track your activity and process your data. And the user experience isn’t the only thing that’s changed. 

As the impact of the GDPR continues to be felt around the globe by both companies and consumers, it’s crucial to analyze how these laws impact U.S. businesses along with ad tech and marketing automation as we have come to know it.  How they contribute to the ongoing conversation on data privacy and what the future holds for targeted online marketing.

What’s GDPR?

To briefly sum up what the EU’s GDPR entails, it’s comprised of the modernized laws that protect consumer’s personal information which are now the strongest data protection rules in the world. The core update, among many, is that these rules now apply to any company that holds or uses data on people inside the EU, regardless of the size or physical location of the company.

Translation: These new rules have impacted almost every ad tech company, many of which are U.S.-based, and the clients they partner with. The maximum consequence of failing to comply with this new legislation is either 4 percent of the company’s annual revenue or €20 million, whichever is greater.

The US-based response: winners and losers

Given the severe penalty for failing to comply with GDPR, it’s no surprise that major, U.S.-based ad and cloud service providers like Google, Facebook, and Amazon have spent the past two years prepping to ensure compliance. Amazon, in a possible effort to extract itself from fellow data-privacy-plagued competitors Facebook and Google, has welcomed the GDPR by creating a new data processing agreement, providing additional resources to ensure customers comply with new requirements, and updating the terms and conditions for AdWords.

With billion-dollar revenue streams, it’s no surprise the most popular online ad producers — Google and Facebook — have done everything possible to ensure compliance but it also proves the clear winners of this legislation, outside of consumers, are the online ad giants. Smaller ad tech producers or ad-based companies in the US have released statements about their inability to comply and resulting move to block all ads from EU users, while Google and Facebook were able to actually expand their online ad footprint. Despite this success, the extra precautions taken by online ad giants doesn’t guarantee them safety as Facebook, Instagram, WhatsApp, and Google’s mobile OS Android have already received complaints filed against them.

But what is most surprising is that even some major U.S. publishers like the Los Angeles Times have been unable to ensure GDPR compliance and have thus blocked EU users from their content entirely. Originally thought to be a short-term solution, it’s looking like blocking content and ads from the European market might be the indefinite solution for many U.S. companies in an effort to avoid penalties that would force them to close for good.

What about marketing automation?

While ad producers are facing the most scrutiny at the moment, the advent of the GDPR also means major changes to the current state of marketing automation tools. More and more it’s looking like the period of time we are just now leaving will be looked back on as the good old days of targeted online marketing when everything from automated data management campaigns, reverse IP tracking, lead scoring, and reactivation programs were, for the most part, fair game and relied heavily on data acquired with much less detailed and tangible user consent requirements. However, those days are now over, at least for global brands with consumers located in the EU.

The solution for today’s digital marketers? Developing clear processes to secure the necessary user consent compliance for all components of data-driven, automated campaigns. Yes, that also means creating a clear process for record disposal for those users who revoke consent. But the solution to these GDPR-related issues will surprisingly be found within the marketing automation platforms and solutions themselves. Marketers will need to leverage these platforms to drive enhanced personalization through automated preference management, a functionality that will now become crucial to email marketing in the post-GDPR era.

The big data-driven picture

The larger points the GDPR makes is regarding various complex arguments on online privacy, who owns our personal data, the rising tide against Big Tech, and the future of targeted marketing, ad tech, and marketing automation. It’s much more extensive than current U.S. laws on data privacy and begs the question if the EU is leading the legislative wave against the data collection practices today’s marketers have become intensely reliant on. It has also proved just how dominant Google and Facebook have become in the online advertising market, and that updates to current data privacy regulations will do little to change this fact.

For now, it seems a majority of major advertising players based out of the U.S. show no signs of expanding compliance past the borders of Europe. On the flipside, U.S.-based companies that can’t afford or ensure GDPR compliance are simply choosing to neglect the EU audience altogether. However, for global brands compliance driven through marketing automation functionality will be critical for continued targeted and email marketing success and the avoidance of major fines. It will be interesting to see what new marketing strategies and campaigns emerge from forward-thinking U.S.-based companies and global brands set on dominating today’s post-GDPR online world despite the compliance obstacles.