Estimated Reading Time: 7 minutes
The General Data Protection Regulation (GDPR) imposed by the European Union (EU) last May (2018) has had a major impact on advertisers—particularly audience-based advertising methods. Though technically only regulating businesses operating within the EU, GDPR has fueled discussions increased protections and restrictions on data storage AND usage globally. By 2020, Europe will take data privacy a step further with updates to the ePrivacy Directive, which aims to put more robust definitions, clarifying privacy and data announced under GDPR.
Following GDPR, a number of other countries including Australia, Canada, and the United States (to name a few) have passed their own initial privacy regulations. Though many early regulations are broad in scope, they too are having far-reaching impacts on advertising budgets and company data strategies.
In this blog, we’ll explore the major impacts data regulation is having on audience-based marketing tactics, as well as how advertising strategies are evolving to maximize accuracy and ROI in reaction to limitations brought about by GDPR.
Impacts and Penalties for Non-Compliance with Data Regulation
Needless to say, regulations came about in response to a number of factors. Increasingly questionable tactics employed by many businesses and platforms, lack of transparency into data usage, and a growing number of data breaches and privacy scandals all contributed to the current legal situation.
Gone are the days where companies can bury data usage information deep within privacy policies, omit it completely, or hoard data based on policies that are purposefully vague in order to skirt responsibility. Companies that gather visitor’s personal information through cookies and other tracking tools now require explicit consent. Regulations also require companies to disclose how data will be used and whether it will be shared with third-parties or sold to data aggregators. Hence, major regulation was needed.
If nothing else, the goal of GDPR and other data privacy regulations is to increase transparency for how consumer data is gathered and used. It requires that companies clearly identify the personal information and data they gather, for what purpose the data is gathered, and that they acquire explicit consent from users.
This introduced additional burdens on both advertisers and consumers—which we’ll explore in the following sections.
Data Regulations Increase Operational Cost
Regulations burden businesses of all shapes and sizes by increasing operating costs associated with maintaining systems, policies, and personnel to ensure compliance. Larger companies that process or store personal data—whether for employees or consumers—are required to appoint a Data Protection Officer (DPO) who is responsible for maintaining data security policies, educating employees, conducting audits, and more.
For smaller companies—with more limited budgets—regulations impose a higher bar of entry as well as increase operating requirements. The combination of increased costs, potential fines for non-compliance, as well as barriers to entry have led many small businesses to avoid data gathering and audience-based advertising altogether. These costs can be prohibitively expensive for some companies—and even beyond initial operating expenses, the increased risk and liability associated with gathering, storing, and using personal data may be a showstopper.
Chief among concerns facing companies in a post GDPR world is the potential financial burden caused by non-compliance or misuse of data under new regulations. Companies have been forced to reevaluate the benefits of marketing strategies reliant on personalized information versus potential damages from fines. Fines which can be significant. As GDPR outlines, fines can be up to €20 million or 4% of the total worldwide annual revenue for the prior financial year, whichever is higher. And regulatory bodies have made a point early on in showing they’re serious about compliance. Just this January, Google was fined €50 million by CNIL, France’s data protection regulator, for failing to comply with GDPR regulations.
Reduced Effectiveness and Major Barriers
Many agree that new regulations, like GDPR, are a step in the right direction. Consumers should have a clear understanding of how their data may be used so that they can make educated decisions about who and where to share personal information and for what they are trading that valuable information for. Companies like Apple, have taken a stand as champions for privacy and security—blocking browser-based trackers and cookies and insisting on “consumer-first” data privacy standards. But many of these changes, insert friction
The changes brought about by new regulations have reduced the effectiveness of personalized, audience-based targeting data, while increasing the associated costs and risk. GDPR has made its presence felt on nearly every business and ecommerce site. Cookie notifications and cumbersome opt-in and privacy statements have sprung up on all legitimate marketing websites. And with new regulations looming over the horizon, companies of all types attempt to adapt and make technical decisions that will have ramifications for years to come.
With major scandals like the Cambridge Analytics data breach on Facebook’s platform, an increasing number of consumers are more vigilant about whom they share personal data with—resulting in lower engagement, sign-up, and opt-in rates.
Limitations, Lack of Quality, and other Concerns over Third-Party Data
Third-party data is any data gathered by another entity that does not have a direct relationship with the data belonging to the user (i.e. a data aggregator and not the original gatherer of the data). In recent years, third-party data has been central to audience-based targeting methods, particularly retargeting.
Often acquired or accessed through data aggregators, social media, publishing platforms, or other partnerships—third-party data gives advertisers personalized demographic, geolocation, and browser-history (behavioral) information that has been critical to audience-based targeting and retargeting efforts. That data empowers advertisers to better measure performance and correlate results from advertising spend with last-click and last-viewed attribution models.
But due to new regulations on data privacy, concerns regarding fines, potentially damaging “optics” for brands, and even quality concerns—companies are leaning away from third-party data use. In 2016, Matt Rosenberg—then CMO of ChoiceStream—described the quality problem facing third-party data.
“Advertisers need scale, and as a data vendor, if you can’t provide that, no one will buy your segment.”
But in order to achieve scale, strict adherence to data quality and accuracy is often abandoned.
“If you can get 300,000 people in a group with 95 percent confidence that they belong there, or 30 million people in a group with 60 percent confidence, well, it might not be such a hard decision to relax your model a bit, especially when no one is set up to audit you.”
– Matt Rosenberg, CMO of ChoiceStream (2016)
The Rise of Contextual Targeting
As all of these factors continue to drive change for businesses, advertisers, and platforms in the Ad Tech industry and beyond. Many companies have already adjusted their advertising strategies, focusing on other targeting methods—particularly contextual targeting. Here’s a brief look at the advertising engagement strategy landscape from a sample of U.S. and U.K. advertising executives:
GDPR and the looming threat of compliance-related fines has clearly put a damper on audience-based targeting methods. Yet, it is surprising to see that advertisers—even in the U.K.—continue to employ behavioral and other audience-based methods in their advertising strategies. The data from this study by the contextual ad firm GumGum was taken from 116 senior digital advertising executives in the U.S. and U.K in 2018. As GDPR did not go into effect until late May, and penalties have only really begun being issued, we’ll expect that a growing number of advertisers will depart from audience-based efforts—particularly in the U.S. where the CCPA and other regulations won’t go into effect until at least the beginning of 2020.
Contextual targeting is an advertising approach where ads target individuals based on the content they’re already looking at. Rather than relying on personally identifiable information gathered through third party data, unique ad identifiers, and cookies—advertisers can pursue contextual targeting strategies, using topic-based categories and relevant keywords to engage with the right audience at the right time to impact buying and decision-making habits and achieve lift.
Contextual targeting is in many ways superior to audience-based targeting. It not only reduces the reliance on personal data but allows companies to avoid GDPR entirely. Contextual ads can be used to complement content, rather than advertise based on an individual’s identified likes or previous browser history—which can often leave consumers with that eerie feeling they’re being spied on. In some studies, contextual targeting has been found to increase purchase intent by up to 63%.
So how can companies take advantage of contextual and make the shift away from audience-based methods and strategies?
That requires highly accurate categorization services and tools, the required technology and expertise to scale (often partnerships), and a plan for evaluating and measuring early experiments to ensure quality, accuracy, and effectiveness. Stay tuned for our next blog: The Rise of Contextual Targeting—and Why It’s Here to Stay, where we’ll further dive into the advantages of contextual targeting as well as continue to explore how companies can best make the transition away from audience-based methods and reduce their reliance on personalized and third-party data.