The General Data Protection Regulation (GDPR) was adopted in 2016 and finally enforced on May 25, 2018. This is a European privacy law that regulates, among other things, how organizations can collect, store, and use the personal data of EU citizens. Essentially, GDPR has redefined the relationship between companies and consumers, empowering the latter with control over their personal data.

Once the law was adopted, the first headlines — and eye-watering fines — suggested all doom and gloom for advertisers. Companies used to have easy access to abundant customer data, from tracking a user’s browsing behavior to purchasing third-party databases. These rich insights opened new avenues for creating highly targeted offers with the granular level of personalization.

GDPR, however, has significantly transformed the way brands interact with consumers. Although the law is very nuanced, here are the key points of GDPR impact on adtech:

  • Under GDPR, personal data now includes cookie IDs, location data, IP addresses, device IDs and digital fingerprints, which significantly changes the way how adtech vendors can collect, use, and store this data;
  • Marketers can now collect only as much data as needed and relevant for the activity in question.

Indeed, adapting to the new cookieless environment is not easy but adtech companies are making strides.

GDPR and adtech: How companies adapt to privacy-first environment

1. Zero-party data

Advertising is all about data — namely the mix of first-, second-, and third-party data that marketers use to build effective, highly targeted campaigns.

Today, however, many marketers won’t touch third-party data with a barge pole out of fear of violating GDPR. Third-party data is considered the least privacy-compliant because it is collected and distributed by an outside vendor that has no direct connection with the users. So, there is no way of knowing for sure that an aggregator is playing by the GDPR rules. This has brought the focus on the first-party (the data you collect directly from your users) and second-party data (someone else’s first-party data) as the most trustworthy and compliant sources.

But in 2018 Forrester Research introduced the adtech world to zero-party data. The new kid on the block, zero-party data is the data that a user provides to the company willingly and intentionally. It can include such personal characteristics as gender, age, purchase intent, style preferences, and more and can be acquired through quizzes, polls, website activity, and customer profiles. Zero-party data is similar to first-party in terms that it is consent-based, the key difference is volunteering vs. collecting. In an example below, a user voluntarily shares their personal info in exchange for a free offer.

Source: The future of customer engagement and experience

2. Consent management platforms

User consent is one of the most pivotal concepts of GDPR. The law prescribes that in order to collect and use personal data, organizations need to get consent — specific, freely given, informed, and unambiguous.

Consent management platforms (CMP) streamline the process of requesting, receiving, and storing consent. To present the opt-in and opt-out information, CMPs employ a pop-up, widget or banner, which allows a user to see for what purposes their data is being collected and what companies will have access to it.

Source: Header Bidding

Need help with your adtech challenges?

From programmatic advertising solutions to advanced data management platforms to intelligent audience targeting systems, we offer ad tech software development services to help industry players maximize return on ad spend.

3. Alternative identifiers

In light of the imminent demise of third-party cookies, tech firms are rushing to bring in cookie replacements — alternative identifiers that would support adtech privacy needs. These alternative or universal IDs are mainly based on first-party cookies and permanent identifiers like email addresses, phone numbers, etc.

There are already a handful of universal ID solutions that publishers and programmatic vendors can use to support a better understanding of their audiences:

  • The Trade Desk Unified ID 2.0. The Trade Desk, a demand side platform (DSP), offers a solution that uses hashed and encrypted email addresses. Although the solution is built on personally identifiable information, it provides the necessary transparency and privacy controls for users. Also, some big name publishers like Buzzfeed, the Washington Post, the Los Angeles Times, have signed up for integration.
  • LiveRamp ATS. LiveRamp, a data enablement platform, has launched Authenticated Traffic Solution (ATS) that uses first-party data to help publishers recognize users in real time and enable data-driven targeting.
  • Google’s Privacy Sandbox. Google’s solution is basically a set of open standards — TURTLEDOVE, SPARROW, Dovekey, PARRROT, Fledge, and Topics — aimed to improve user privacy while maintaining an ad-supported web. The Privacy Sandbox is still in development and the jury is still out on long-term viability of the solution.

4. Contextual advertising

GDPR has also brought contextual advertising back on brands’ radar as a more privacy-friendly alternative. In fact, almost half of marketers in the USA and a third in the UK consider contextual targeting and advertising their preferred format.

Contextual advertising is pretty straightforward — it is about placing the most relevant ads in the most appropriate settings. And although the mechanism is simple, it yields great results because it allows you to reach consumers at the right moment in their journey. But to bring efficiency to the next level, contextual ad targeting solutions can be spiced up with machine learning. These algorithms analyze page content and extract meaning from text to find the optimal place for ad insertion, which helps to deliver an uninterrupted user experience and boost engagement.

The bottom line

At the end of the day, GDPR does not mean the end of adtech. What it means is that publishers and advertisers need to put customers first and find new, privacy-first strategies. In addition to a major comeback from contextual advertising, today we also see great interest in zero-party data, sophisticated consent management platforms, and universal ID solutions.