GDPR 4 years on – What’s it changed and where next for adland?

Four years ago today, the General Data Protection Regulation or GDPR was introduced by the European Union, with the aim of protecting the data and privacy rights of the public. 

It’s the toughest regulation of its type to be applied to the digital world and online advertising in particular.

So we’ve been asking experts from the adtech world how they think it’s re-shaped the data landscape and – with new tech innovations such as the metaverse and AI programmatic advertising on the horizon – how it may shape the future…

Lloyd Davies, Managing Director UK, Making ScienceLloyd Davies, Managing Director, Making Science UK 

“The metaverse, cryptocurrencies and NFTs are just some of the changes we’ve seen in the landscape since GDPR’s introduction. 

“With marketers having to navigate data-privacy across ever evolving trends and platforms, it can be difficult to keep up. 

“As we hurtle towards the first-party future, privacy friendly analytics tools will be essential to provide granular audience information that meets the requirements of tighter privacy regulations, and identifies how brands should effectively reach customers across different devices and platforms.”

amy yeung lotameAmy Yeung, General Counsel and Chief Privacy Officer, Lotame

“Data privacy has evolved from a highly recommended practice to an absolute must. As the fourth anniversary of GDPR approaches, businesses need to focus on data minimisation. 

“This requires examining the reason for data collection and identifying only the most crucial data needed to fulfil this purpose. 

“Pinpointing the reasons that most necessitate data collection means the solution will further reduce the likelihood of superfluous data use.

“This will reduce the legwork on compliance components such as DPIAs and data governance, and can also shrink the footprint for protective data security fencing. 

“Overall, it will cut costs in terms of dollars and personnel resources, as well as safeguard businesses from reputational damage. 

“Now that there is the “shot heard around the world” and we can all see the cost to bear, it’s imperative that businesses employ smart solutions to responsibly manage data and keep privacy front and centre.”

Tony Ayaz - Scuba AnalyticsTony Ayaz, CEO, Scuba Analytics 

“Although GDPR has driven progressive steps towards improved data privacy practices, organisations continue to fall prey to regulation violation and hefty fines. 

“Compliance becomes even more difficult to navigate when considering the global reach of GDPR, challenging even tech giants to comprehend and meet data transfer regulations between regions. 

“Fortunately, one powerful solution for brands is to minimise the volume of external data sharing and exportation–a commonplace practice of legacy analytics systems–and ensure their analytics tools work within the confines of their own firewalls and security measures.”

Ben Erdos - Total Media SolutionsBen Erdos, Chief Services Officer, Total Media Solutions 

“As the IAB’s Transparency and Consent Framework recent run-in with EU regulators shows, the digital media industry is still trying to get its head around the GDPR legislation four-years on. 

“From high profile breaches like the IAB’s to a day-to-day misunderstanding of what meaningful consent constitutes, the industry needs to get up to speed fast.

“As the raft of more recent legislation and the scrapping of third-party identifiers has shown, tightening regulation and privacy concerns are here to stay; the development of Web3 and the Metaverse is only going to continue this trend. 

“With the possibility of both greater immersion and tracking, the industry needs to focus on making Web3 more privacy secure in a more user-centric manner than its predecessor.”

John TiggJohn Tigg, GM, International, Yieldmo 

“From a regulatory perspective, GDPR’s introduction paved the way towards the cookieless future. In recent years there have been numerous tools – such as fingerprinting or IDs – offered as a solution, but these too are very likely to be regulated out of existence. 

“Brand advertisers and publishers should be thinking ahead, being cautious about investing huge amounts in something that might be next on the legislators’ list of non-compliant approaches, and sourcing sustainable alternatives.

“The users’ right to privacy must be respected and there are ways to manage this long term. 

“Effective results and data privacy are not mutually exclusive and this can be proven by opening up and better monetising previously unaddressable inventory, and reaching customers across all digital channels. 

“A move back to contextual – anchored in an advanced machine learning and a privacy-first approach – is on the cards.”

Michael Nevins - Smart AdServerMichael Nevins, Chief Marketing Officer, Smart AdServer

“The GDPR has not only encouraged tech giants to reassess how they collect data, but set in motion an intense debate around the true meaning of the word ‘consent’. 

“The industry’s desire to regulate monopolistic players remains strong, but it will soon be consumers that are seen as the key drivers of change in adland, as they become increasingly aware of their data and how it’s used. 

“Moving forward, adtech companies that prioritise the public good by operating with openness, fairness and accountability will be able to meet not only the industry’s need for transparency and privacy, but also the everyday consumer’s need for choice.”

Anthony Lamy - VidMobAnthony Lamy, VP EMEA Client Partners, VidMob

“Over the last four years we’ve moved into a time of innovation, with an increasing number of marketers revisiting how the core component of their campaigns – the creative – can now be used to provide a new kind of first-party data to alleviate signal loss.

“Combining performance metrics with creative data extracted by new artificial intelligence and machine learning tools, can give clarity on creative performance, allowing for precise optimisation and targeting. 

“Marketers are again recognising that creative is the primary driver of campaign success, and using the latest tools to gain a deeper understanding of its effectiveness is helping them drive ROI, while respecting user privacy.”