A new piece of legislation is going to change how advertisers can gather your online data.

New Legislation is Shaping the Future of Online Data

When browsing the web, it is likely you see ads relevant to your interests. These ads peak your curiosity because of the meaningful online data gathered about you through browsers, apps, and behavioral models. It may sound odd marketers have technology that can tell what your hobbies, household income, and family model looks like, but it’s not as personal as you may think. Most companies simply refer to people using online ids. You may be device ID 4996023 within the behavioral model of new home owners but is that such a bad thing if you get served an ad for 15 percent off the appliances you were looking to buy for your new home? Online information gathering is a win-win for marketers and consumers. Marketers are more likely to sell their products to target audiences, and customers get ads they’re more likely to buy instead of being inundated with irrelevant ads.

Online information gathering is about to make a 180-degree turn next year in Europe. The General Data Protection Regulation (GDPR) was data privacy legislation passed in the European Union in April 2016, and everyone who is involved in marketing, advertising, and big data are preparing for implementation on May 25, 2018. The changes and restrictions being passed by the GDPR are extensive and effect how data can be obtained from internet users, and how that data can be used, stored, sold, shared, protected, and deleted. This legislation was passed in Europe, but is it a prequel for America’s online data regulations?

The GDPR is an extensive document adding rules to every single part of big data collection, storage, usage, and protection. One of these changes is how personal data is defined. Personal data used to be specific personal attributes like names, pictures, email addresses, phone numbers, physical addresses, bank accounts, and social security numbers. Under GDPR, this list is extended to mean any information that could identify a person, including some encrypted data, geolocation data, and device IDs. These extensions of personal data are important because another GDPR policy requires companies to notify users about their intent to collect personal data. Once notified, users must give free and specific consent to the data collection before any can be gathered. Receiving consent is another policy that is changing the way data companies use cookies and the agreement boxes we see pop-up while browsing the web and downloading applications.

The second highlight of the GDPR is company stewardship of private information. Under GDPR, citizens have the right to ask exactly how their information is being used. Users also have the right to request information be completely deleted if usage is no longer deemed relevant or if they dislike how the information is being used. Stewardship extends from original data gatherers to third party vendors, which means anyone using GDPR legislation must be sure their vendors are buttoned-up on GDPR policies too. The stewardship of data is an important part of GDPR that stops blame from being passed from one company to another if there is a privacy breach. While that sounds like a nice sentiment, it remains to be seen if the punitive measurements of the GDPR will be enforced this way. Speaking of which, the punitive measures for each GDPR infraction can be monetary penalties up to 20 million euros (more than $23 million US dollars) or 4 percent of global annual turnover of the previous year – whichever amount is greater.

The quick notes of this legislation don’t stop here; there are more GDPR regulations needing put into effect for next year. To learn more, Adexchanger has written a great article outlining GDPR legislation.

As America watches what Europe and global companies are now going through, will we be next to put legislation like this in place in the wake of major security breaches like Wells Fargo and Equifax? While security and rights to personal data are good things, where does the legislation leave advertising best practices post-GDPR to create successful marketing campaigns online and offline? GDPR legislation might significantly cut the data people are willing to share with companies. With limited data being collected, it is likely the user ad experience will become much less personal. The irrelevant ad environment created from this experience may encourage a high rate of ad blockers to be installed leaving meaningful online advertising back at square one. At least for now, American marketers in nationwide companies have the luxury of sitting back to watch European tech companies make programmatic platforms compliant, data-reliant companies rewrite internal processes, and marketers strategize how to scale campaigns if (or when) less data is collected.

At Quantifi Digital, we believe innovation is one of our best marketing tools. By planning ahead, we can create effective, custom marketing strategies for your business. If you need help assessing future marketing goals and addressing pain points, give us a call.