With 33% of German consumers choosing not to engage with a website over privacy concerns, Ken Parnham, managing director, EMEA for TRUSTe, explains just how serious an issue privacy is in Europe’s biggest untapped market.

With the increase of programmatic buying and the online bidding landscape growing in the German market, more US based companies are looking to expand into Germany and take advantage of increased activity in the country’s booming online ad marketplace.

The traditional ad-tech expansion route for a US company is to launch in the US market, open an office in the UK and then expand into Germany, using the German market as the springboard for the rest of Europe. The route is the most logical one however there is a major issue companies should be aware of: German attitudes and legislation around consumer privacy are very different than in the UK and the US.

Simply put, Germans are particular about their data. Concern about how their personal data is collected, used and shared is an attitude shaped both by the legacy of World War II, as well as the rise in personal computing technologies in recent decades.

In fact, data protection in Germany began in 1970 when the German State of Hesse introduced the world’s first privacy law. Since then, data protection has continued to be a legislative priority with the latest amendments to the German Data Protection Law (BDSG) in 2009 following a number of serious data protection breaches. The key for companies is to know how to deal with grey areas between what the law permits and what it forbids. As it is the Land (State) Data Protection Authorities which regulate the private sector this is even more complex in Germany.

With the introduction of the EU Cookie Directive and the proposed EU Data Protection Regulation there have been concerted efforts by regulators to set common standards for data privacy across the EU, but currently there are still markedly different approaches to compliance and consumer attitudes across key EU markets.

What do German consumers think about data privacy?

The TRUSTe EU Consumer Privacy Index was the first study to provide a comprehensive analysis of current consumer attitudes to data privacy and company practices across the EU. The extensive study included over 4,000 consumers in France, Germany, Great Britain and the Netherlands and an analysis of the tracking and compliance on the top 50 websites as ranked by Alexa.com in each of the four countries.

The study showed high consumer awareness that websites place cookies and trackers on computers to track online behaviour, and slightly lower levels of awareness that this also took place on smartphones. Awareness that tracking took place on mobile devices was greatest in Germany (70%) and lowest in France (34%).

The consequences of getting this wrong for businesses are significant with 33% of consumers in Germany choosing not to visit a company website due to concerns about their privacy online, and 34% not using a smartphone app due to online privacy concerns.

82% of German consumers expect companies to comply with the EU Cookie Directive, and nearly half (49%) of German consumers plan to only visit websites of companies who comply with the Directive so there are clearly significant potential consequences for businesses of ignoring the Directive.
What does the mean for ad tech businesses?

Any company looking to expand their RTB business into the German market will need to make sure they have the required data management policies and technology in-place to make sure they address German legal requirements, as well as the expectations of German consumers. Companies should conduct privacy risk assessments to ensure they understand what data is collected, what rights are being provided - notice, consent, data retention, access rights – and how data is being stored and used (security, data governance, third party sharing).

In addition to ad tech compliance, companies transferring data outside the EU from Germany should be able to demonstrate “adequacy” for cross border data transfers – using mechanisms such as the EU Safe Harbour Framework or by getting consent from individual users for data collection or use.

The key is to make data privacy a part of your planning process from the start to ensure that you don’t get tripped up by data protection issues when entering the German market.

The Adtrader Conference focusing on the challenges of the German market takes place next week on April 8.

Follow Ken Parnham on Twitter here