So 12 months on, how hard has the ad tech business really been hit by GDPR? Erik Tammenurm, CEO at NEXD, believes the biggest impact has been on reach and using external ad servers, data providers and data collectors. He says: “With GDPR, ad networks and DSPs (Demand Side Platforms) had to start keeping an eye on what their vendors were up to. This was a gruesome task that still hasn’t been worked out. In July 2018, Google decided that they will not participate in the IAB’s regulatory framework and they will instead certify vendors themselves, resulting in even more confusion. More broadly, I feel ad tech startups have been hugely impacted.

“GDPR’s main consequence is that most startup vendors will not be able to meet the regulations on their infrastructure or be able to pay for all the certifications that are needed. Historically, innovation has been slow in ad tech, and I feel the squeeze on ad tech startups will only worsen that.

“In short, ad tech saw cost for valued impressions (targeted/viewable) increase by about 30% and the business logic for many vendors had to change in a massive way. I believe the best example we had was how Kargo, one of the biggest video ad networks, didn’t want to lose their minds trying to comply and simply handed their GDPR-impacted business to SublimeSkinz. All GDPR impacts could have been foreseen two years prior, but everyone kind of stood around, scratching their heads.”

But Prash Naidu, founder & CEO of Rezonence, questions whether, other than putting privacy at the forefront of a lot more conversations, GDPR has really had much of an impact. “The media sector, and ad-tech in particular, consistently pay homage to GDPR in conversations and official documentation,” he says. “However, apart from consent popups on publisher sites, very little has actually changed from an operational point of view. Users are still added to thousands of segments without their consent and continue to be re-targeted, again without gaining their consent. Until the ICO rules on whether this is legal or not and issues fines, marketers will continue with the status quo.”

And Richard Bird, chief customer information officer at Ping Identity, says very little has changed in the US since the introduction of GDPR. “Rather than seriously addressing the issues of customer privacy and consumer protection, US businesses slapped a message box onto their sites asking users to ‘accept’ or consent to those terms and called it a day,” he says. “In their defence, the US government walked away from the discussion around data privacy, leaving a vacuum of leadership and standards definition. This lack of leadership has resulted in confusion, frustration and very little guidance for companies to successfully craft true consumer protection.

“However, the pendulum is getting ready to swing not just in the direction of dramatic changes in company behaviour related to data privacy, but toward consumer demands. It is time for us to hold companies accountable for protecting their customers’ digital identities as well as their data. Only when we tightly couple the data that GDPR, CCPA [more on that later] and other regulations say ‘belong to the customer’ with the customer’s actual identity, will we begin to see any improvements in consumer protection and security.”

Certinaly, when it comes to the large fines comoanies were worried out under GDPR, these have been noteable largely by their absence, save for the €50m (£44.2m) fine handed out to Google in January by the French regulator, CNIL, for failing to provide transparent and easily accessible information on its data consent policies.

Aaron McKee, CTO at Blis, believes the industry is still getting to grips with GDPR. He says: “There are different interpretations of the regulation, and companies struggle to be on the same page. And due to a significant change happening in a short period of time, many companies have been unable to integrate consent management platforms in a way that users are comfortable with. Companies are failing because they don’t know how to work in this new world.

“This is how GDPR can be seen as an opportunity to gain a competitive advantage. Competitors are leaving because they don’t have this advantage, as they have not taken things seriously. For instance, there are only two or three location data specialists left in the UK now. As various versions of GDPR start to emerge all over the world in the years to follow, GDPR savviness will be valuable both to enter new markets as well as to better compete in existing markets. Companies which have responded well to GDPR will be well poised to take market share over those that haven’t.”

Read full article here