Google, Microsoft, Oath and other major tech companies -- but not all -- are preparing for the upcoming May deadline for the General Data Protection Regulation in Europe. Some have begun to allow users to decide what data they want to share, while many have not.
Last week during Alphabet's quarterly earnings call, CEO at Google's parent company Alphabet Sundar Pichai said "we are committed to complying with GDPR across all the services that we provide in Europe. … And we are working to make sure all our products are ready."
Search and services remain at the heart of Google's mission to make information available to everyone, but the company wants to ensure all its products are ready. For example, Google lets users of Gmail and Google Docs choose the data they wish to share.
"GDPR may prove to be a drag on the industry in Europe, but search is probably more immune from negative effects than most other types of digital advertising," wrote Brian Wieser, senior research analyst at Pivotal Research Group.
Search engines could feel less of an impact when it comes to people searching for information, but not for purchases through ecommerce services like Google Shopping and product listing ads -- especially for companies in the U.S. that want to sell goods to citizens living in the European Union.
After all, the growth of the internet promised cross-border ecommerce. Tony Zito, CEO at Rakuten Marketing, said many of the company's clients want to achieve global scope.
U.S. companies doing business in the EU will need to comply with the regulations, and it's a pretty significant change with strict penalties and fines, Zito said. "It comes down to riding the fine line between a person's data and insight about their behavior," he said, adding that companies need to protect that data because it poses a risk to the consumer's identity. Companies are sharing data with others without the consent of the consumer.
Few companies have begun to implement solutions. Only about 30% of companies have begun to prepare for GDPR, Zito said, citing data from PricewaterhouseCoopers (PwC). Some 62% of U.S. companies will spend more than $1 million preparing for GDPR, according to PwC. As a result, about 32% will reduce their presence in the EU and 26% said they would exit the EU. "Small retailers without the resources will exit the market," he said.
Along with the GDPR changes that are coming, the EU Privacy Directive within 12 to 18 months will require companies to process data without consent. Today companies can process data based on "legitimate interest or intent."
"You'll still be able to run advertisements on publisher sites, but publishers cannot personalize that ad to the consumer based on their identity," Zito said, adding that the company is working on creating solutions to help consumers provide consent.
The affiliate industry, for many years, ran contextual advertisements. If a visitor reads an article about football on a site, the ad that serves up next to the content will focus on the sport. There will be increased opportunity for non-personal but contextually relevant ads.
Whenever you begin to create a profile about an individual, it becomes non-compliant. "You'll see a lot of innovation around the tools that let consumers make educated decisions on their consent," Zito said. "That's where you'll see new creative industries pop up."