“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Marco Kloots, CEO at Platform161.
The challenges associated with the upcoming European General Data Protection Regulation (GDPR) are well documented. The opportunities, not so much.
The fact is, GDPR is an ideal opportunity for brands to get clarity around their first-party data, if they haven’t already. And with it, they could put themselves in a far stronger position to start using that data, within the confines of the new law.
In some cases, this could even open up a big advantage over competitors, especially those that may still rely on third-party data, which could become considerably less valuable and trickier to access after GDPR comes into force.
Right To Access, Change And Be Forgotten
Under the new legislation, a user has the right to be forgotten. Therefore, when an agency is using a demand-side platform (DSP) that’s connected to a data exchange and a consumer asks the advertiser to be forgotten, whom does the media agency contact?
How can an advertiser guarantee its consumers that it can be responsible for making sure that person is forgotten when it doesn’t own the data?
There is a big dependency here across many links in the overall ad tech chain. And in many cases, it is anything but transparent.
Whereas, when an advertiser has full ownership of its data, it is apparent how working with a tech partner and conforming to new regulations are not mutually exclusive.
Transparency Of Origin And Processes
AdExchanger Daily
Get our editors’ roundup delivered to your inbox every weekday.
Daily Roundup
Ad exchanges or any other third-party data provider collect insights from many different sources – some large, some small. Whether it’s publisher data, offline data or CRM data, the challenge is in ensuring that all of these parties are compliant, too.
With all the changes GDPR will bring, there is still room for debate around who is responsible for what and who has final responsibility. Imagine if one link in the ad spend chain gets audited. The more third-party tech an advertiser is connected to, especially tech that is data-related, the greater the chance that they are not well enough equipped to explain what exactly happens all the way down the line. It would be difficult to offer a clear view of the data they are using and exactly where it comes from.
A question of shared responsibility arises. Are advertisers only expected to have their own houses in order, or must they also take responsibility for third parties that they use?
In short, the authorities could surely decide that if an advertiser is the one serving an ad using personal data, it’s the advertiser’s responsibility. In other words, whether it’s first-, second- or third-party data, it’s the advertiser’s duty to access, change or remove data at the consumer’s request.
Data Location And Business Interests
In the world of ad tech, it doesn’t take a genius to work out that most data exchanges are US-based, VC-funded companies. And the GDPR is well and truly an EU thing.
Only time will tell how much effort each party will dedicate to laws passed in another continent – especially if the region represents just a small piece of the overall revenue pie.
Follow Platform161 (@Platform161) and AdExchanger (@adexchanger) on Twitter.