• by Maciej Zawadziński , Op-Ed Contributor, November 30, 2017

In the early days of online advertising, the amount and type of data that companies could collect about users was limited to the header information passed along with a HTTP call from the user’s browser, such as the language set on the user’s computer, URL of the page that the ad is being loaded onto, and the browser type and version.

As the popularity of web cookies grew, advertisers soon realised they could track user behaviour across the web with third-party cookies.

Over the years, advertising companies and data providers have been adding more and more trackers (i.e., third-party cookies) to websites in an effort to gain a deeper understanding of online users and their behaviour.

This practice went on for some time before online users became aware of the scope and scale of these data collection and tracking activities, and once they did, they began to push back.

They began installing browser plug-ins like Ghostery, browsing the Internet using Private/Incognito mode, and downloading ad-blocking software to block advertising and third-party trackers.

But it's not only online consumers who have taken notice of all of this. The European Union has also kept a close eye on the way companies collect, store, and use personal data, and the General Data Protection Regulation (GDPR) is proof of that. By now, we all know that the GDPR is on its way, and this means all companies that collect data about EU citizens will have to make a number of policy and technological changes to ensure they are fully compliant.

Becoming compliant will be challenging to say the least, and will mean making fundamental changes to how companies conduct business, whether they realise this or not. Instead of focusing on the negatives, companies should be focusing on the positives, and there are a few.

Due to the fragmented nature of the digital advertising ecosystem, publisher revenues are being eaten up by ad-tech vendors and intermediaries. While the GDPR will not reverse this, it will restore the balance of power between the supply side (i.e., publishers) and those on the demand side (e.g., advertisers, DSPs, and other intermediaries).

As publishers will be the gatekeepers between advertisers and audiences, they will have the upper hand when it comes to media buys. Also, as data will not be able to be shared and/or resold to other parties without the publisher’s knowledge and proper data processing agreements with all companies that want to have access to it, the whole process will become more transparent.

However, the real test for publishers will be obtaining user consent. If they are able to convince their audiences to share their data with online advertisers, this will put them in a favourable position and their revenues will likely increase. Failure to do so will negatively affect the whole ecosystem and all parties on both the supply and the demand side.

The GDPR will help restore trust between online consumers and advertising companies as it puts the power and control back in the hands of online users. Online visitors are the main recipients of online ads, yet for years companies have been convinced that users really want a better ad experience (e.g., customisation, etc.), when all they really want is for companies to take their privacy seriously.

After all, it’s no good showing a personalised ad to an engaged user at the right time if they are just going to block it out of concern for what you will do with their data.

For ad-tech vendors, complying with the GDPR will mean changing their policies and ensuring that their platforms align with them.

For example, the GDPR gives users certain rights, such as the right to change their consent decisions and erase data that has been collected about them. The latter is particularly challenging, as there are no mechanisms in place to delete an individual's data when it has been shared with other parties in the ecosystem. Picture the common situation when one ad-tech vendor shares user data with others. If a user contacts the first vendor and requests that their data be erased, the vendor would have to not only erase it from their own platforms, but from all the others with whom they have shared the data.

This means advertising companies will need to ensure their platforms are able to collect, store, and manage thousands -- even millions -- of user consent requests. But it's not only about making technological changes to comply with the GDPR -- it's also about innovating to create future-proof businesses.

Successful advertising companies of the future will be ones that solve challenges through innovation and limit their exposure to the GDPR with privacy-focused platforms and policies, rather than trying to solve them with band-aids.

When you look back throughout history at the impact new regulations have had on certain industries (think the Clean Air Act and the introduction of clean technologies such as the catalytic converter), you can see that despite the initial challenges, companies that focused on innovation prevailed and in many cases, thrived.

Despite all the challenges the GDPR brings, ad-tech can prevail and thrive as well.