With the upcoming GDPR changes coming into play soon, our CTO, Dan de Sybel asks, will the industry be compliant in time?N.B. This is an edited version of an article that originally appeared in The Drum.
Time is ticking for adtech vendors when it comes to data consent in GDPR.
But with little to no guidance from regulators and no direct relationship with the consumer, are adtech players being set up for failure when it comes to hitting the May 2018 deadline?
There is little clarity as to what approach third parties will/can take when it comes to gaining consent.
It isn't coming from the adtech players themselves, the publishers who will likely be responsible for gathering consent for all their partners, the digital media agencies, or even the Internet Advertising Bureau (IAB) who represent the digital ad ecosystem in the UK.
GDPR could also lead to "better, more accurate tracking", and a reduction in the amount of advertising dollars wasted on people that don't want to be tracked, who "arguably don't respond to advertising in general".
Dan de Sybel believes that given the lateness of guidelines, it is “extremely unlikely” that any company that uses personal data will be fully compliant when GDPR is enforced in May.
“I expect a transition period of at least six to 12 months where companies demonstrate they have made changes to prepare for the GDPR and wait to see who gets taken to court first, making further adaptations once the court rulings are announced,” he said.
With little guidance from the regulators, the industry has formed consortiums like the non-profit DigiTrust, with a view to creating a single standardised ID/ login to make it easier for participating partners to gain permission to use consumer data in a way that does not destroy the customer experience.
These consortiums “are necessary to start the kinds of dialogue between partners that will enable more upfront and transparent data sharing with end users”, claims de Sybel.
“It's worth noting that these consortiums don't provide solutions to all the rules outlined in the GDPR, but the key point is that individual adtech companies can no longer unilaterally address them, as is the case with cookie tracking technologies. If they try, end users will be faced with a myriad of pop up boxes asking them to agree to this data sharing or that data sharing, destroying customer experience and driving people towards Google and Facebook as being single points of consent for all their online needs,” de Sybel added.