“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
When the General Data Protection Regulation (GDPR) was passed in 2016, it was a wake-up call for anyone that handled consumer data.
When the law went into effect, there were high hopes that its regulatory framework would make large-scale improvements to a digital ecosystem that wasn’t working for consumers.
Regulators had the best intentions: building consent structures for user data and imposing fines and penalties on entities that betrayed those consumer protections.
Now, four years since its implementation, GDPR’s efficacy remains unclear.
Many have expressed dissatisfaction with it, even writing premature obituaries for this landmark legislation. GDPR’s biggest hurdle? Enforcement. Smaller countries and under-resourced regulatory bodies were tasked with imposing fines – hundreds of millions of dollars – on some of the most well-funded, largest corporations in the world.
While it may be valid to express frustration at the failures of the GDPR, or to write it off entirely as it languishes, it’s important to recognize how important it was in changing the conversation surrounding consumer privacy online.
GDPR has become a bellwether for data protection
Before GDPR, Big Tech, brands and advertisers were all in the big data business. They collected as much consumer data as they could with minimal consent and without much strategy for what they would do with the data once it was collected. Third-party cookies were bought and sold, which led to shady targeting practices and a multitude of data breaches.
In short, the privacy structure of the pre-GDPR internet was centered around the needs of corporations, not consumers. Once it passed, it became incumbent upon governments to protect consumer data and make clear to companies that they needed to build structures of transparency and consent in online traffic. They needed to realign their practices with consumers in mind.
Unsurprisingly, with the tone set by the GDPR, a number of similar legislative frameworks around the world jumped on this collective realignment: the UK, South Africa, Japan and even California all passed legislation of their own.
Building better data practices in advertising
New legislation represents a changing conversation surrounding consumer privacy. But without the buy-in of Big Tech companies, brands and advertisers, true change won’t come to pass.
In advertising, a growing emphasis on privacy has caused a large-scale overhaul and reevaluation of how data is collected, activated and stored. Consumers have become much more aware of their rights online. Transparency is now a point of distinction for advertisers.
Rather than tapping into the endless stream of inexact but cheap third-party identifiers, advertisers now have to audit and make better sense of first-party data. In fact, many are still learning to tap into this data and make it actionable.
Crucially, by using consent-based data gathering, advertisers have been able to build infrastructures capable of better targeting and personalization. Those that have adopted these more sophisticated practices are able to model customer journeys from end to end and better tailor their advertising efforts.
Setting change in motion
The book hasn’t been closed on GDPR and other consumer data protection legislation. While enforcement remains a challenge, the imperatives these laws signal have been internalized by many stakeholders, particularly in advertising.
As further changes crest the horizon – such as the sunsetting of third-party cookies – the advertisers that made transparency, consent and consumer privacy cornerstones of their operations will continue to succeed even as the landscape continues to evolve.
Follow Incubeta (@IncubetaGlobal) and AdExchanger (@AdExchanger) on Twitter.