While the EU’s General Data Protection Regulation (GDPR) and its 'baby sister', the ePrivacy Regulation, may be full of ambiguous, legal jargon, one thing is clear: if you collect data from EU citizens, then your world is going to look a whole lot different come 25 May, 2018. Even though most of the articles contained in both regulations are troubling for the online advertising industry, there’s one section of the GDPR that’s especially worrying – the one about user consent. Maciej Zawadziński, CEO, Clearcode, explains why, exclusively for ExchangeWire.

Here’s a short recap about what the GDPR has to say about consent, without the legal jargon:

Companies that wish to track online users (i.e. EU citizens) and collect data about them will have to get clear and voluntary consent. This can’t include pre-marked opt-in boxes and companies can’t deny access to users if they don’t consent. Also, consent will have to be received for each activity. So, for example, if a company wants to track a user’s behaviour via web analytics AND use their data for advertising, then they will have to get consent for both activities.

As it stands currently, companies and publishers don’t have to get consent from users if they want to collect data about their behaviour and use it for analysis or to serve them targeted ads; so the real impact of this new consent policy won’t be truly understood until companies actually start implementing it.

However, a recent report from PageFair has given the whole online advertising industry a preview into this new, post-GDPR world, and it’s not pretty.

PageFair exposes some ugly truths about user consent

The PageFair survey, which included over 300 respondents, uncovered some pretty scary realities surrounding the user consent section of the GDPR.

Here is a summary of some of the most damning results:

1. Consenting to sharing web browsing habits looks slim

Source: PageFair

Under the GDPR and ePrivacy Regulation (which is still being drafted), publishers will have to get clear consent from online users if they want to share their web behaviour with other companies – whether that be for advertising purposes or simply just to analyse their behaviour with web analytics companies like Google Analytics.

The results of this particular test reveal that online users don’t want their data to end up in the hands of third parties, even for something as basic as web analysis. To improve your chances of getting consent for analysing website behaviour, you could opt for a self-hosted web analytics platform as this will mean you are the one collecting, storing, and using the data – not some third party.

2. Companies that use first-party cookies for behavioural targeting will benefit

The survey also uncovered some truths about how users feel about first- and third-party cookies, which probably won’t come as a surprise to most:

“The very large majority (81%) of respondents said they would not consent to having their behaviour tracked by companies other than the website they are visiting.”

This highlights the concern users have surrounding third-party trackers (i.e. third-party cookies that can track users cross-site) and will cause huge problems for a large majority of ad tech companies and advertisers as they currently rely on third-party cookies for behavioural ad targeting.

It will, however, have less of an impact on large companies, such as Amazon, as they will still be able to use first-party cookies for behavioural tracking. Companies, such as e-commerce stores, that use content personalisation to promote their products and recommend similar ones, will also be less affected by this as they too will be able to utilise their first-party data for these activities, provided they get consent to do so.

3. Publishers will be the gatekeepers for consent and may charge accordingly

Consent will need to be given to all companies wanting to track and analyse user data, but will very likely be collected at the publisher level.

And this puts publishers in a very interesting, and somewhat powerful, position as they will become the gatekeeper between online users and advertisers and ad tech companies and may decide that the effort required to gain user consent may warrant some sort of financial reward.

Source: PageFair

Interestingly enough, it seems as though ad tech companies (32%) believe that publishers will ask for some sort of compensation more than publishers themselves (27%).

What does this report tell us?

This results from the report tell us two things:

1. A large majority of users will not consent to being tracked nor allow companies to use their data for behavioural targeting.
2. Advertisers and publishers will benefit from a first-party cookie approach.

What’s next for ad tech an a post-GDPR world?

When reading reports like the one from PageFair, ad tech companies and advertisers shouldn’t be thinking about how they will overcome these challenges or bypass the upcoming changes in the GDPR and ePrivacy Regulation. Instead, they should focus on creating a future-proof business.

For the most part, this will involve coming up with innovative and forward-thinking ideas about how companies can still serve relevant ads to engaged audiences without having to collect user data, and therefore won’t have to worry about getting user consent.

Admittedly, this is no mean feat and it’s fair to say that this kind of technology isn’t even around yet. But, as we’ve seen in other industries where companies have had to make fundamental changes to the way they operate in order to comply with new laws, sometimes all it takes is a nudge in the right direction for innovation to show itself.

The GDPR is the nudge that ad tech desperately needs.