Is personal consumer data still a viable option to use for ad targeting if only a limited amount of a brand's customers give consent to use it?
This year advertisers and the companies providing services to them will face a lot of challenges around privacy and how to protect the customer data they gather. For the most part, the issues will come from the new European Union (EU) General Data Protection Regulation (GDPR), which becomes law in EU member states this May.
That rule will impact all companies in 2018, from publishers to brands to platform providers -- not just in Europe, but worldwide.
Jason Fairchild, cofounder at OpenX, called GDPR the "single most important regulation to hit advertising technology" because it touches any company that has data on an EU citizen.
"In the United States, no company is ready for this," he said. "We think it will even advance the consolidation in ad tech because for years there's been no risk to a publisher that added ad-tech partners. Now for everyone they add, the publisher is liable for their certification around GDPR."
Ad execs simply are not familiar with laws. In fact, in a recent study by Commvault -- a data backup, protection, recovery and management provider specializing in GDPR -- only 21% of respondents feel they have a good understanding of what GDPR means in practice. Only 18% said they understood what data their company has and where it lives, whereas 17% understood the potential impact of GDPR on the overall business, 12% understood how GDPR would affect cloud services, and 11% said they understood what constituted personal data.
When GDPR goes into effect in May, publishers with European traffic will be required to disclose all of the third parties that capture specific user data from their site, according to a report from Ad Lightning.
While it’s not a U.S. government policy, U.S. companies must take steps to either block EU users or implement processes that ensure compliance. Most tools publishers use to detect ad-related issues don’t provide the transparency required to implement GDPR compliance policies.
Privacy and security breaches will put more focus on legislative developments, according to Dave Dague, executive vice president, Infutor, a consumer identify management company.
With numerous data breaches in 2017, consumer data privacy and security is a top identity trend to watch. While it isn’t likely that EU GDPR-scale legislation is imminent in the U.S., marketers who use consumer identity data should watch closely for new legislation and regulations that affect both treatment and interaction with consumers, Dague said.