When GDPR came into effect in 2018, many predicted difficult times and a loss of competitiveness for the European digital industry. However, the strict new directives marked the beginning of a mass global movement, giving consumers choice and control over their data. Europe has become a de facto leader of the global technology community, because of this landmark regulation, not in spite of it.
Beyond the UK
The California Consumer Protection Act (CCPA) is the first major regulation in the US to take inspiration from GDPR. Residents of California now have the right to identify which personal data is being collected about them and can request its deletion. CCPA paves the way for mass adoption across the entire United States. If Silicon Valley takes action, then others will follow. New York, Vermont, Maryland, Washington and multiple other states in the U.S are now planning to implement data protection legislation of their own.
Latin America and APAC regions are adopting new privacy laws too. In South America, the Brazilian Lei General de Protecao de Dados (LGPD) will come into force in August 2020. The Mexican regulator (Profeco) is currently finalizing a regulation that will come into effect by spring. Argentina and Chile are also in the midst of discussions to reinforce their current laws. Australia, Japan, South Korea and Singapore are among the various markets in APAC creating or updating their regulations to protect citizens’ data also.
The cost of non-compliance
For advertisers and publishers, there is now nowhere to hide. The modus operandi of transparency and consent is nearing a point of absolute globalisation. The data malpractice which underpinned the digital advertising industry for years is finally beginning to be regulated on a global scale.
However, businesses face a real challenge understanding the nuances of each individual law and adapting practices to comply with all of them in real-time as they change and evolve. The implementation of these regulations hasn’t dominated headlines, but the fallout from being found non-compliant has. According to a study conducted and published by DLA Piper, European authorities have already claimed 114 million euros worth of fines for non-compliance with the GDPR. In the UK, British Airways and Marriott Hotels are awaiting a collective $300 million fine for data misuse by the Information Commissioner’s Office. In the U.S., three months before the implementation of the CCPA, only 48% of the businesses were ready or expected to be ready to comply with the new regulation.
The legal risks of non-compliance already pose a very real threat. And with new laws being rolled out around the world constantly, each with individual clauses, this threat becomes even harder to manage and avoid. If adapting to the legal requirements of data privacy wasn’t hard enough, advertisers and publishers still need to grow their businesses and generate positive results from all digital advertising investments, while remaining compliant. This is not an easy balance to strike.
How best to proceed
Organizations require advertising technology (ad-tech) partners to reach consumers and grow. But most ad-tech uses data collected with legacy compliance techniques. Consent is often forced, ambiguous or non-existent. Organizations are forced to choose between the use of risky data that generates short term ad results, or, face a complex compliance operation that hinders ad results.
There is also the question of reputation. Organisations are already fighting hard to control brand safety as it pertains to the inventory upon which their ads are served. But today there is a new kind of reputational dimension to consider – data safety. Consumers are now more aware than ever they should be given explicit consent to share their data. They distrust organizations that do not respect this choice. If they see ads they haven’t chosen to see, they think negatively of both the publishers serving the ad and the brand funding it. According to our Reality Report, 52% of consumers globally agree intrusive or irrelevant marketing messages give them a poor opinion of the app or website that hosts them.
Managing privacy and data safety is an extension of brand safety. It’s imperative to build a positive reputation, protect your brand and drive results. And it all starts with user choice.
Compliance: an ongoing, complex and global issue
Advertisers and publishers would enormously benefit from the expertise of technology companies who master consent management. They offer viable solutions that automatically adapt to complex data protection laws across the globe, accurately and explicitly. Given the financial and reputational consequences of being found non-compliant are significant, many businesses are turning to expert guidance to help them manage the shift. It should come as no surprise that European companies who anticipated the worldwide movement initiated by GDPR are well-placed to offer these relevant solutions.
The global implementation of privacy regulations demonstrate user consent and transparency are here to stay and marketers should consider it an opportunity to build a new level of trust into their relationship with users. We have already seen a shift in approach, with advertisers now favouring ‘choice-driven advertising’, which ensures ads are only shown to consumers who have consented to see them.
If dealt with correctly, the forthcoming regulations present a significant opportunity for the industry. Not only to create a unified, global approach to data privacy that respects the consumer, but also increase brand engagement and perception.
By Raphael Rodier, CRO International of Ogury
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.