Data regulation is forcing users to think critically about digital privacy.
Many marketing tech vendors—including ad retargeters, location data companies, demand-side platforms (DSPs) and data management platforms (DMPs)—don’t have a direct relationship with users, so they often obtain user data without ever getting consent.
These vendors could soon be in for a wake-up call since the EU’s General Data Protection Regulation (GDPR) is likely to lead EU citizens to become more selective about how they share their personal data online.
In a February 2018 survey of 1,050 UK internet users conducted by The7stars, nearly 60% of respondents said GDPR is making them question how much data companies have on them. And about a third of those polled plan to exercise their right to be forgotten after GDPR goes live.
GDPR goes into effect in May and stipulates that data of EU citizens can only be used if they give a company explicit permission. An article of the GDPR also states that people have the right to have their data erased should they desire.
If users follow through and behave in line with the findings of this survey, marketers will likely have a more difficult time relying on audience targeting to fulfill their campaigns. With GDPR looming, several DSPs are already planning to place more emphasis on contextual targeting to reduce their reliance on user data. If users opt out of being tracked en masse, marketers will face further pressure to reach people without relying on the ad retargeting that has become the backbone of programmatic advertising.
Companies that are found to be in violation of GDPR face a fine of $24 million or 4% of annual sales, depending on which figure is higher. Despite the potential for stiff penalties, just 6% of firms are completely prepared for GDPR, according to a November 2017 survey of IT professionals in North America by Erwin.
What makes GDPR preparation so difficult is that interpretations of the law vary widely, and it is unclear exactly how stringently regulators will enforce it.