As Europe’s strict stance on internet privacy continues to gain traction across the globe, advertisers are struggling to balance their need for audience targeting data with increasing demands for privacy.
Regulations like GDPR hit at the heart of the programmatic advertising industry, which relies on personal information to make good on its main value proposition: “the right ad to the right person at the right time.”
In response to the growing public unease with how consumers’ data is being collected and used, the tools long used by the ad-tech industry are becoming less useful. The major platforms by which ads are served—browsers and social networks—are becoming more opaque with their users’ data.
Public sentiment is even turning on cookies, the small bits of code almost as old as the internet itself that track a website visitor across the internet in order to tailor the ads shown to them.
The Interactive Advertising Bureau’s Tech Lab is doing its part as the ad-tech industry’s governing body, proposing several new ideas in the hopes of easing concerns over how firms collect and use personal data. But not everyone believes the agency is going far enough, while others see the policies as unnecessary hurdles.
So, what’s an industry to do?
Complying—and coping—with new regulations
Enacted in May 2018, the General Data Protection Regulation (GDPR) has challenged the core tenets of ad tech across the European Union, with regulators there issuing increasingly stern warnings to publishers and advertisers—not to mention fines.
This was underlined recently by the U.K. Information Commissioner’s Office, which conducted an investigation into ad tech companies’ use of personal data and in particular real-time bidding (RTB), the process by which ads are auctioned in the milliseconds during which a website loads.
In its assessment, the ICO echoed concerns expressed by privacy advocates, including the internet browser maker Brave, over how RTB lets thousands of ad tech companies access the personal details of individuals without their prior consent. “RTB is an innovative means of ad delivery, but one that lacks data protection maturity in its current implementation,” the report states.
Speaking recently at an ad-tech conference in London, ICO head of technology policy Ali Shah struck a more conciliatory tone, although he did underline that under GDPR, the regulator reserves the right to issue fines of up to 20 million euros (about $22 million), or up to 4% of annual global revenues, should it continue to see shortcomings.
Banning RTB would deal a heavy blow to ad tech in the region and bring intense scrutiny on advertisers’ use of data to personalize both the content and placement of ads, according to Brave.
U.S. ad tech prepares for harsher climes
All this takes place against a backdrop of proposed privacy laws either being drafted or proposed across the U.S., beginning with the California Consumer Privacy Act (CCPA). Set to come into effect in January 2020, CCPA will be the first major privacy overhaul ad tech will have to face in the industry’s largest media market.
Additionally, while the industry lobbies for a federal privacy law, state-level politicians across the country are drafting their own laws that could leave data brokers navigating a potential minefield of disparate regulations.
Gary Kibel, a partner specializing in technology and privacy at law firm Davis & Gilbert, described CCPA as a “moving target” for ad tech, with the industry currently awaiting guidance from California’s attorney general.
“Meanwhile, the proposed industry tries to address a process for opt-outs where none currently exists,” Kibel said, adding that the law will force ad-tech intermediaries to interrogate how they collect and store data.