Will the upcoming GDPR regulations end up making the Google/Facebook duopoly even more dominant in the digital media world – and what can smaller players do? Dan de Sybel, CTO, Infectious Media, thinks that with the challenges of GDPR close on the horizon, it’s now time to collaborate or die.

ExchangeWire: What effect will GDPR have on the diversity of providers in the programmatic sector?

Dan de Sybel: Initially, GDPR will drastically cut down the number and diversity of partners with whom publishers choose to work. There's a double-edged sword with unrestricted access to pseudonymous cookie data. Whilst the sharing of such data has undoubtedly led to huge innovation in media and online advertising worlds, the industry has always ducked the question: "At what cost?" GDPR should resolve that in one fell swoop, but there will be casualties along the way, with both smaller ad tech firms and publishers potentially going to the wall because their business models no longer work.

Do you think the GDPR will work to the benefit of the Google/Facebook duopoly?

Dan de Sybel, CTO, Infectious Media

Reducing diversity will certainly help the duopoly. There are few companies in the world with the resources of Google and Facebook to deal with complex game-changing legislation like the GDPR. It will be easier for Google and Facebook to become single points of consent across the entire space – because they can record consent via a disclaimer when someone logs into their platforms. However, they will be forced to come clean about how data is shared internally within their companies, something they have always been cagey about. They are also (with Amazon) the first companies that are likely to be taken to court over alleged infringements of the GDPR and the industry will end up looking to these initial court cases for the precedents that will dictate the real effect of the GDPR enforcement.

As with everything else GDPR-related, at this time it is unclear if the benefits to Google/Facebook will outweigh the drawbacks.

What does that mean for advertisers? For publishers?

Hopefully GDPR will mean more transparency for a start. With fewer players in the supply chain, there should be less opportunity for hidden charges and a clearer understanding of all the parties involved in a transaction.

However, it will reduce revenue opportunities as well, and with the industry's methodology for tracking conversion under threat, it has the potential to cause a large amount of advertising dollars to be shifted to other channels.

The good news is that if the industry rises to the challenge of GDPR by working together more closely on a unified solution, the potential spoils are great: better, more accurate tracking with people being comfortable with how their data is being used and not so suspicious of advertising in general

What are the implications for smaller media agencies?

All agencies will have a drastically reduced range of ad tech companies with which they can work. This will make it harder to innovate and do different things. The temptation just to funnel all ad spend through Google/Facebook will be high, since they will deal with so many of the concerns related to the GDPR and are a convenient scapegoat for any issues that arise.

But if ad spend is moved away from digital display entirely, some small specialist agencies are likely to suffer and this will add to the reduction in diversity across the industry.

Will blockchain play a role in complying with GDPR?

Blockchain has the power of answering the main uncertainty around the GDPR: how do you keep a universal record of an individual's consent and share it so that each company knows whether they are allowed to track that individual or not?

Current efforts all fall short as they centre around one company managing that consent. Getting individuals, as well as an entire industry, to trust a single company with that kind of power would be difficult, if not impossible, and blockchain provides a nice, neat way of allowing multiple companies to track this in a consistent and agreed upon way.

We are a long way away from this, though, as blockchain verifications cannot operate at a real-time scale, so much work needs to be done to make them more efficient. There are also challenges around the sheer size of the blockchain ledger involved that would need to be addressed. Thankfully, these are all solvable engineering problems, it will just take more time and research to get there.

How are smaller companies collaborating with one another in light of GDPR?

There are some exciting collaborations that really signpost the way in terms of how the industry needs to respond to GDPR.

DigiTrust, for instance, is a not-for-profit, industry-wide collaboration of companies, that is creating a centralised ID that consumers’ permissions can be attached to, reducing the number of requests for consent.

Similarly, in Germany, a consortium of major publishers and businesses named Verimi aims to provide a single login for customers across all partner sites that comply with GDPR.

While these initiatives in their current form are unlikely to address all aspects of GDPR – and there are many more hurdles to clear – they show how collaboration could offer far more effective solutions than individual ad tech businesses attempting to go it alone.