You may not feel like singing “Happy Birthday,” but the European Union’s General Data Protection Regulation (GDPR) will be four years old on Wednesday. And observers still wonder: Does GDPR really protect consumer privacy or is it a boondoggle? And is it helping or hurting marketers?
For perspective on GDPR, MediaPost spoke with Chad Engelgau, CEO of Acxiom, the fifty-three-year-old data services firm that is now part of The Interpublic Group of companies. Engelgau served in a variety of rules during 13 years at Acxiom, and more recently as global chief data strategist at Kinesso.
MediaPost: How has the GDPR affected marketing?
Engelgau: After four years, there are positive impacts, but unintended consequences as well. One of the positive impacts is that GDPR absolutely kicked off a global wave of focus and policy creation about notification and choice for consumers.
If you want to do business with EU citizens, you have to comply in order to participate economically. In some ways, it cleaned up marketplace in Europe: Numerous companies exited because they couldn’t make money in the market.
It also created a wave of innovation, with firms moving from people-based marketing to mobile, geo-based data sets based on location, and has led to the rise of contextual advertising, not so much who is consuming content, but the context of the content.
MP: And on the negative side?
Engelgau: One of the unintended consequences is that the world is dominated by very small group of companies, empowering them more than protecting consumers. Research done in the EU and by the U.S. Federal Trade Commission has shown that GDPR has consolidated their power and made the biggest companies in the world even more powerful.
They have large budgets and legal teams and have the wherewithal to battle in the courts.
There have been significant fines levied against some of the world’s largest companies, but these fines didn’t dent the armor of those entities--they continue to grow, and they’re still the largest companies in world.
And GDPR regulates consent, but not the sharing of data or information across conglomerates. Larger-scale companies with four or five businesses have is an advantage — your consent goes to the largest entity.
Another alarming issue is the number of data breaches that have happened. There has been an 8% increase in data breaches in EU over the last three years. GDPR hasn’t stopped bad guys from trying to steal data. In the most recent breaches, the bad guys infect the code running on hundreds of thousands of systems. It it is global warfare in cyber space.
MP: What about GDPR’s impact on advertising?
Engelgau: The GDPR is shutting down the open marketing ecosystem.
In response to that, different companies have taken the position that it’s our data, we won’t share it, so they are creating ecosystems that exists solely within the large entity, whether a social network or video network. For smaller companies, the biggest challenge is if you can’t effectively monetize media, you have to start charging and putting up a paywall. even consumers in the EU understand the value of free content — getting free content and services is great exchange for seeing ads. Research continues to show that personalized ads are way more effective than traditional ads.
MP: How has email been affected by GDPR?
Engelgau: Email continues to be a strong channel for marketers — with the regulation as written and the application of marketing, has less questions surrounding it at this point: When a company collects an email address from a consumer, and has captured consent to use it and the person can opt out, the brand is free to consistently communicate via email with little or no friction.
MP: What about privacy law in the United States?
Engelgau: Unfortunately, we’re not yet headed to a singular national privacy law.
It’s potentially a trillion-dollar issue due to the cost of compliance for businesses to constantly update their practices going from state to state. Once you hit 20 states, it defocuses us from innovation and focuses us on trying to avoid fines.
MP: What bothers you about some of the state laws?
Engelgau: The private right to action is not necessary in marketing space. There is little to no harm in being marketed to, and class action suits based on marketing of certain content are not a valuable use of time and resources as a culture and as a society.
MP: How is Acxiom affected by GDPR?
Engelgau: As a company, less than a third of our revenue is in global data assets—the remainder is in solutions for direct marketers. We are subject to gdpr, and we have worked with regulators. And we respond to interpretations of legitimate interest and the role of processors and how the law is being interpreted, not just written. It’s interpreted unevenly throughout the EU countries.