IQUANTI SPEAKS: GDPR One Year Anniversary: How have we adapted at iQuanti?
One year ago, the European Union began enforcing its Global Data Protection Regulation (GDPR) – arguably the world’s strictest standard for consumer data privacy.
We sat down with iQuanti’s social- and paid-media practice leaders to see how the enterprise digital marketing landscape has changed since GDPR came into force, and to understand how US has responded to GDPR.
How has US approached data protection regulations in the post-GDPR year?
As a marketer based in the US, it’s been interesting to watch the roll-out of GDPR across the Atlantic while monitoring the reverberations in the States. Even though it took over 6 years for the initial proposal to fully roll-out, this was done in full across the EU.
On the flip side, the US at a federal level has been slow moving in adopting similar regulations, pushing action to the state level. This is where things get tricky.
Maybe the most significant movement we’ve seen is in California. The California Consumer Protection Act could hugely impact the future of data privacy in America. If a state such as California, which has the fifth largest economy in the world (behind the greater US, China, Japan and Germany), and is home to many of the nation’s large tech companies, rolled out the proposed California Consumer Protection Act, it would be extremely interesting to watch how US marketers would handle these new rules, regulations and limitations while also continuing to work with other areas of the country.
Has GDPR influenced how marketers approach “data privacy” across digital channels? How have social media marketers, for example, been adapting in the US?
The focus of GDPR is consumer protection, and yes, the legislation definitely has had a positive impact in raising the awareness among digital platforms and marketers.
It’s definitely a contributing factor in the overall move towards increased privacy and consumer protection that is being taken more seriously by Facebook and the other social networks – Facebook in particular has had lawsuits and fines in Europe. But the Cambridge Analytica scandal and other revelations have led to closer scrutiny of privacy issues on social media in the US just as much as in Europe.
From a social media advertiser’s point of view, there are no new steps that one has to take in setting up a paid social campaign to ensure GDPR compliance; it is more a question of dealing with greater restrictions on audience targeting because of the changes made at Facebook and to a lesser degree by the other social networks. The GDPR compliance does have to be implemented on the website landing pages for these campaigns, of course.
While Europe took the lead, so to speak, in enshrining new privacy requirements into law, American brands should stay abreast of what’s happening and be prepared to make changes to their media mix, attribution modeling and marketing technology stack.
Has GDPR had a significant impact on our programmatic solutions in the last year?
Yes, absolutely. Like Melianthe said earlier, the consciousness that GDPR has been able to raise is significant here – data privacy is no longer a priority only in Europe, but across the globe. And we work with global clients.
The first impact we felt was Google’s decision to remove the google ID from event logs last year. It only applied to EU activity, but Google was clear it would eventually be removed from US log files. It only applied to EU activity, but Google was clear it would eventually be removed from US log files. We relied on event level logs for some of our advanced analytics work and made the decision to find an alternative source in anticipation of the US rollout. We didn’t want to set up a long-term project or rely on data/insights that were dependent on the Google ID. There were some cost considerations, but generally, we felt this was a better approach.
We have some global clients that require a more regionalized approach for programmatic activation in certain markets. We’ve assembled a toolset that includes vendors and partners with specific region expertise. For our EU partners, we’ve seen a substantial loss in targeting capabilities and experienced cross-device resolution challenges. This not only impacts our reporting for reach and performance metrics; quite a few of the data partners that we have relied on have been removed as options for targeting because either the partner themselves are not compliant with GDPR or, more often, their onboarding partner is not.
While many of our partners have been adamant that GDPR doesn’t impact their US efforts, it will be interesting to see how California’s version of consumer privacy (CCPA) changes their offerings and methodology for data collection. We’re already starting to see acquisitions in this space to be ready for CCPA and become GDPR compliant, if they’re not already.
One set of data partners has remained untouched by GDPR. Our contextual partners do not rely on user level data and we’ve continued to leverage their capabilities without disruption.
What might be on the horizon for US data privacy in 2019-2020?
Dan Borger: Would there be a greater push to apply California’s data rules across the entire US to keep things simple? Would advertisers setup separate rules for California while keeping the rest of their site visitors as is? Would advertisers choose to ignore California, similar to how some US advertisers have excluded the EU from their advertising campaigns or blocked advertisements for users visiting their site from the EU? These questions are all up in the air.
While this becomes tricky with one state pushing legislation, you can imagine the slippery slope this becomes as more states join the party. At the moment there are 14 states with either passed, pending or dead data privacy laws, further refined by state’s preferences. If the political gridlock at the federal level continues, more states will be forced to take matters into their own hands as privacy becomes more apparent and prioritized by constituents. This of course further complicates an already complex digital landscape.
We see the effects of a complex digital ecosystem all the time. Many senior level marketing executives are not close enough to the constantly evolving advertising and technology world to stay abreast of changes and actively enhance their media mix, attribution modeling, digital experience and marketing technology stack. Multiple state regulations to abide by would further complicate an already complex landscape and leave many brand marketers confused and perplexed.
Theoretically, this could create opportunities for agencies and advertising technology companies to assist with demystifying the space.
- Do agencies hire data privacy consultants to provide guidance and counsel for their clients?
- Do ad servers and DMPs implement functionality where data collection and targeting are automated based on the user’s location?
- Will Facebook and Google allow for national targeting while providing automated yet differentiated data collection regulations based on where the impression is served?
- Or do advertisers simply abide by the strictest state’s guidelines to keep things simple and less complex?
Only time will tell.
We would be closely observing the developments in this space and will keep you apprised of our learnings and strategy here. Have any comments/observations or questions for our experts? Ask us here.