In the latest MadTech Sketch, Ciaran O’Kane looks at the implications of the latest privacy rulings in the EU, and maps out the privacy options for the open web and walled gardens.

The recent DPC ruling against Meta has serious implications for data-driven advertising in the EU. The Irish DPC — under duress from its parent organisation — ruled that the legal justification used by Meta for targeting users with personalised ads contravened EU data laws.  

Basically, Meta did not opt-in users to receive behavioural ads – and does not let them opt-out. Instead they buried consent in their T&Cs. It’s the price you pay to use the Facebook service.  

Meta insists that removing its ability to target ads in this way will affect the service. Utter nonsense, of course. The company is going to appeal – and will fail to get this overturned. It is the law.

This affects all walled gardens operating an ad business in the EU. You must opt-in users to display targeted ads – or face a PR punch in the mouth as well as an eye-watering fine.

Assumed user consent no longer an option

Those using first-party data will need to get consent. Simply logging in does not suffice as an opt-in.  Assumed consent is now off the table. The privacy moat in Europe gets deeper and murkier.   

How will the industry navigate this?  How do you work in a “zero data” environment? In the desperate attempt to keep the status quo, are we again painting ourselves into a corner?  

Can new “privacy innovations” like clean rooms fill the targeting void? Will IDs unravel as its targeting foundation, email addresses, are either deemed too close to PII by whatever privacy law you live under?

And what happens to measurement without a consent signal?  

Let's look at the post-privacy options for the European open web and walled gardens in today's Sketch. Given GDPR and platform restrictions, the logical thing ad tech can do is to productise from a privacy-first perspective.