A year on, what are the global impacts of the GDPR?
A year on, Jakob Bak, CTO and Co-Founder of Adform, discusses the global impacts of the GDPR.
May 25, 2018. Etched into many marketers’ brains as the General Data Protection Regulation (GDPR) implementation day. The new law brought with it the promise of a seismic shift in data processing. In reality, one year on, are things any different?
In the months following “G-Day”
There was a brief – albeit well deserved – respite from discussions about GDPR over the summer of 2018. But since then a cross-industry effort has propelled those discussions forward, as the implications of the regulation and its impact on data usage are realised. We’re now at the point where additional improvements to the Interactive Advertising Bureau’s (IAB) Transparency & Consent Framework are being implemented across the market.
A year on, the immediate next steps will focus on rolling out this updated framework. It’s expected that more publishers, as well as Google, will follow suit with further data privacy efforts that not only protect their readers, but also elevate their business models. By putting data integrity first, publishers are well armed to empower readers with the knowledge of how their data is collected, stored and processed, leading to clarity and fairness of choice.
Ethics and implementation
While the industry is making progress, in all honestly we have barely scratched the surface when it comes to compliance. In the adtech sector you can see many companies still in the early stages of understanding how to approach data handling in a more ethical manner, with initial teething issues in 2018 surrounding the “waterfalling” of consent downstream.
In 2002, when I founded Adform with Gustav Mellentin, our CEO, and Stefan Juricic, our CPO, in Copenhagen, Denmark, we launched the business with an open and transparent approach at the heart of our business – the standard across many Nordic companies. This privacy-by-design approach enabled us to create one of the most technologically sophisticated platforms in the market today. It also meant we were already set up to support legitimate interest, and I was even able to offer my expertise in this area through the IAB Europe’s policy committee and the IAB Transparency & Consent Framework steering group.
The key is in sharing insights that will benefit both consumers and the commercial interests of businesses involved in the supply chain. Now we have more clarity on privacy-safe technologies, I fully expect we will see an increase in compliance as we pass the one-year mark.
Advertiser-side adjustments are also on the horizon, as an understanding of the need to maintain consent logs increases. This is timely, with the likelihood that the Information Commissioner’s Office (ICO) and its EU counterparts will start enforcing tougher consequences. In a bid to make further examples of some of the bigger players – following the well-publicised £44 million Google fine – and ensure those advertiser-side alterations are made, we’re likely to see some hefty fines if evidence of a data breach comes to light throughout the rest of this year.
After a certain amount of leniency on the part of the ICO – while exact definitions of the GDPR were clarified – we’ve reached a point where both regulators and public opinion agree that consequences should be much tougher.
The EU and beyond
Across the board, companies are taking a new approach to data privacy. Up until now the focus has been on implementing and cleaning internal systems; going forward I expect a greater emphasis on external platforms. This isn’t isolated to Europe; we’re also seeing a shift in the conversation surrounding data regulation across the US – from regulators, businesses and the wider public.
We’re at an exciting stage, with plenty more improvements and collaborations on the horizon – as both public opinion and regulating bodies in countries around the globe take a stronger stance on privacy in the digital world. It is, at the end of the day, entirely in everyone’s interest – particularly the public’s – to ensure the principles of the GDPR don’t stop here.