The GDPR will require ad tech companies to make substantial changes to their tech and business models. The question being asked by Maciej Zawadziński (pictured below), CEO of Clearcode, is will they comply, or will they follow in the footsteps of many car manufacturers and cheat the new regulation? Writing exclusively for ExchangeWire, Zawadziński makes an interesting comparison between the emissions scandal and the impending GDPR, as he questions whether ad tech vendors will play by the rules, or try to scam the system.

You may remember hearing about the Volkswagen emissions scandal that made headlines worldwide in 2015.

For those unfamiliar with the story, the German auto manufacturer intentionally programmed its turbocharged-direct-injection (TDI) engines to comply with the United States’ emissions and pollution standards by activating the engines’ emission controls only during laboratory tests. This allowed Volkswagen’s engines to meet the NOx output required by the U.S. and, therefore, allowed them to sell cars in the U.S. market.

The company was later caught when independent tests showed that the TDI engines were in fact producing 40-times more NOx during real-world driving than in lab tests, meaning they grossly exceeded the amount allowed by law.

The Volkswagen emissions scandal is just one of many that have sprung up since 1963 when the U.S. Clean Air Act (CAA) was enforced. Car manufacturers, including Fiat, Chrysler, Ford, Hyundai, and Kia, have all violated the Clean Air Act at some point in the past five decades.

What does this have to do with ad tech and the General Data Protection Regulation (GDPR)? The connection between these emission scandals and the upcoming law change can be explained through the similarities both stories share.

A regulation that changed the game

Many of these car manufacturers had to change the way their engines worked to comply with the CAA. For the most part, this meant making cars produce less pollution and become more environmentally friendly.

In a large majority of cases, reducing NOx production, and subsequently complying with the CAA, meant engine performance was restricted.

Ad tech vendors are now faced with the same situation, as they will have to change the way their technology works to comply with the European Union’s GDPR. In the same way the Clean Air Act is designed to protect the health of U.S. citizens and residents, the GDPR’s purpose is to protect the data of those living in the EU and EEA – something that, let’s face it, is traditionally not in the direct interests of online advertising companies.

A financial incentive NOT to comply

Maciej Zawadziński, CEO, Clearcode

The reason car manufacturers decided to cheat on the emissions tests ultimately comes down to profit, as they would have had to stop production and invest in new research and development to find cleaner technologies. For many, cheating was the cheaper and easier alternative.

For ad tech companies, the financial incentive not to comply with the GDPR may not be as high as it was for Volkswagen, but it still exists, as vendors will need to either assign more work to their in-house development teams or work with an ad tech development company to make their platforms GDPR-compliant.

Development costs aside, the GDPR poses a threat to the very foundations of online advertising: third-party cookies. This alone means that the entire business model of some companies will be heavily affected; think of the business model of data brokers, which can be likened to the business model of car companies that relied on diesel prior to the Clean Air Act.

By now, most of us know that the GDPR requires ad-tech companies to obtain clear, unambiguous, and explicit consent from users if they want to drop a third-party cookie in their browser, collect their data, and use it for online behavioural advertising.

In a world where more and more online users are installing ad-blocking software to eliminate ads and block third-party cookies, this will not be an easy feat.

With that in mind, it’s probably no surprise that many ad tech vendors are putting their chips on legitimate interest; a bet they will certainly lose.

High fines for high crimes

The fines handed down to car manufactures for violating the CAA have varied. Some have received minor fines for minor infringements, while others have been hit hard. The Volkswagen emissions scandal cost the company about USD$30bn (£21.2bn) in total, which includes the numerous fines it had to pay. Ad tech companies that fail to comply with the GDPR will face a similar fate.

The GDPR’s fines range from €10m (£8.7m), or 2% of the previous year's revenue, for less serious infringements, to €20m (£17.4m) million, or 4% for more serious infringements, such as failing to obtain the proper consent for data processing.

For the record, this is not to insinuate that ad tech vendors will intentionally do anything to cheat the GDPR, but there certainly is an incentive not to comply with the upcoming regulation, especially as it will require spending money on something that won't have a return on investment (at least not in the traditional sense), and threaten the business model of just about every ad tech company out there. The next few years will highlight which companies have taken the GDPR seriously – and which ones haven’t.