The Mad, Mad Rush to Conform With GDPR: Could Greater Trust in Digital Be the Ultimate Outcome?

Opinion: The industry might be forced to act in ways it might not have otherwise done

GDPR may be a catalyst for the kind of change that leads to greater trust in digital
Tanaonte/iStock

As companies struggled to meet Friday’s deadline to comply with the European Union’s General Data Protection Rule, the digital advertising industry has been venturing outside of its comfort zone—the legal liabilities it now faces are more immediately measurable than other recent concerns about such advertising-based issues as measurement and attribution.

Aligning to the law could well have the additional benefit of aligning digital with consumers’ own expectations around trust and safety—and even greater control of their own data.

In the end, then, GDPR might force the industry to act on trust in ways it might not have otherwise done.

None of that lessens the anxieties and activities companies are undertaking, nor are all digital players “ready.” While Facebook CEO Mark Zuckerberg professed during his grand apology tour of Europe that Facebook would be GDPR-compliant by the deadline, the fact is that people are trying to interpret not just the legislation, but also the guidance, and many are confused.

Given how deeply interconnected and interdependent companies are in this sector, the last-minute muddle about who is responsible for what under a new law is predictable, as much as is the whispered math presuming to calculate which companies will benefit and which won’t.

At this point, though, finger-pointing—a favorite game in digital—doesn’t equate to the preparation that each company is bound to take on its own, as its individual responsibility, not just to GDPR but to consumers’ expectations. The regulation is here, the industry doesn’t have a choice, and complaining doesn’t create compliance.

New businesses arise—again

As with every other disruption in digital, whenever there’s a wrinkle in the industry—whether it’s been measurement, or viewability (remember that?), or attribution and, now, this new legal threat—smart people have developed solutions that make them rich, even if their technologies last for only a moment and wind up confusing things even more. It’s no surprise then that some hope remains, even this late in the game, for the unicorn tool or service provider that will make this complex compliance challenge easier to deal with. Just make it all go away, if just for now.

Indeed, there is a burgeoning industry of consent-management platforms, as well as agency consulting opportunities, but relying on any outside force to deliver on time and complete compliance may be optimistic.

IAB Europe and the IAB Tech Lab stepped forward with a Transparency and Consent Framework that various players have had the foresight to adopt, including Quantcast. And IBM has offered to help companies comply with its own technology with the rather defense-department-speak name, “Resilient Incident Response Platform.”

Some data-driven companies have realigned their businesses, like Acxiom, which announced that it would revise its online portals in Europe, as well as the U.S., and potentially realize the value of its acquisition a few years ago of LiveRamp, a data-onboarding company. Two marketing tech firms have taken more drastic steps and pulled out of Europe altogether: Cross-device identity specialist Drawbridge decided to do so in March, followed by location-data company Verve.

Let’s take a look here, gathered in one place, at some solutions industry players have released:

Marketers

Many marketers are rightly spooked by their potential exposure via data that sits outside of their immediate control in the nether regions of their supply chains. They’ve been pushing on their ad tech vendors to assure them they’re in compliance, and that seems to be an advantage to some of the larger suppliers of data sets.

Duracell, according to a recent Digiday report, “has told data resellers that they will need to prove they will do so in a way that’s compliant with the regulation; otherwise, it will notify the rest of its supply chain that they have been cut off.”