Don’t cry for Facebook.
Sure, the social media platform said it lost one million active users from Europe after the General Data Protection Regulation (GDPR) took effect on May 25, tightening privacy regulations and making it more difficult for online advertisers to target consumers.
But a new report — one that echoes earlier signals about the early aftermath of GDPR — suggests that Facebook will be alright, even as the company warns about lower revenue because of boosted spending on privacy and security. Google, too, should weather the storm in pretty good shape.
But, the smaller players in the online advertising ecosystem are hurting. They are retrenching and regrouping and hoping to eventually find an edge or niche that enables them to stand tall and profitable in this emerging GDPR world, where the data needed to reach consumers with precision marketing is more difficult to obtain than it was before May 25.
Too Much Uncertainty
U.S.-based Kargo is among the online and mobile ad firms that told Reuters it has temporarily shuttered its European activities because of questions about how the new privacy landscape will play out. “There is too much uncertainty,” said company founder Harry Kargman. “And I don’t think [that will change] until they apply [GDPR] in specific cases.”
GDPR promises to thin the online and mobile advertising herd, the report said, basing that on interviews with more than 20 executives involved in that industry.
That’s not to say everyone is against that, as website publishers could move into a position where they end up gaining more revenue. “There are too many middlemen and they’ve been eating the cake,” said Ryan Skeggs, general manager of GiveMeSport, a news and opinion site. “We’re hoping GDPR will help weed them out. The sites that do well, theoretically speaking, should then make more money.”
Three major U.K. newspaper publishers, in fact — News UK, The Guardian and The Telegraph — have launched a shared online ad network called The Ozone Project, offering marketers access to some 39 million consumers. The network is scheduled to debut this fall, and one if its main goals is to attract ad spending that might otherwise go to Facebook or Google.
Inherent Edge
In the wake of GDPR, both Facebook and Google have taken steps to make sure they win the proper consent from consumers to use and share their data, among other steps designed to make those platforms as appealing as possible to advertisers while also complying with GDPR. Those larger companies, of course, have an inherent advantage over the smaller players: Massive workforces with technical and legal expertise (backed by mountains of cash) that can do the often complex toil that underlies GDPR compliance efforts.
Right after GPDR kicked in, Google was benefiting from spending by marketers who worried that smaller firms would not be compliant. Additionally, Google was able to gain the needed consents at a higher rate than any competitors.
The drive to gain consent also benefits from the larger online worlds created by both Google and Facebook, according to Kargman. “The two companies are likely to receive a high ratio of user consent, given their loyal customer base while both own high-quality data because users post likes, dislikes and location, or search for areas of interest on Google or YouTube.”
That GDPR would apparently favor the biggest firms hardly comes as a surprise. A PYMNTS column from Karen Webster criticized the logic behind the European data privacy rule and anticipated that European Union (EU) regulators who support the GDPR might instead have created a landscape that, over time, will leave the continent with “only the largest of global players to serve the needs of its citizens, which is precisely the type of company EU regulators seem to loathe.”
Compliance Trends
That said, the post-GDPR world is still taking shape.
Only 21 percent of U.K. and U.S. firms are compliant with the rules, according to a new report from the Business Information Industry Association. More than 90 percent of businesses surveyed by Dimensional Research said they plan to be fully GDPR-compliant by the end of 2019. On a more optimistic note, the number of companies reporting progress in their GDPR implementation efforts jumped significantly from 38 percent to 66 percent in the U.S., and from 37 percent to 73 percent in the U.K., compared to this time last year.
It is hard not to imagine a post-GDPR world in which Facebook and Google are dominant — and some weaker, smaller companies fail to survive — but compliance still has a long way to go, and that means more disruption and opportunity.