GDPR And Consent: Calm Before The Storm?

- September 21, 2018

A few days ago, I read an interesting exchange on Twitter. A well-respected newspaper editor-in-chief advocated for digital news being free, like the newspaper he had, until recently, edited for 20 years. He argued that paywalls, while saving journalism, would deprive the public of quality news, and fake content would be free for the multitudes who can’t afford (or be bothered) to subscribe.

The managing director of one of the world’s most prestigious, subscription-only publishers jumped in and disagreed: Weren’t his subscribers considered “the public”?

They both have a point. I do believe that a world with only news paywalls might prevent most of the masses from accessing quality news, but who says that it has to be a black and white approach? A publisher’s business model should be tailored to the target audience and not developed in a vacuum.

What these two publishers have in common is that neither could survive on display advertising alone.

Media brands with mono-strategies based solely on advertising are struggling, looking at the very short term rather than strategically planning for the future. They are effectively focused on “managing decline,” a horrible yet accurate expression describing passive acceptance of the status quo, which benefits almost everybody in the mostly programmatic advertising ecosystem other than publishers, yet heavily relies on the monetization of publishers’ audiences.

Is “passive acceptance” a harsh definition?

I used to be excited at the thought of GDPR triggering a “publishers’ renaissance,” an opportunity for them to reinvent their business models and monetization strategies by regaining ownership of the relationship with their audiences.

Almost four months since the regulation went into force, it’s evident that a huge number of publishers interpreted GDPR merely and reductively as a compliance exercise, a legal obstacle to be overcome so that they could continue doing what many have been doing for the last 10 years: being a cog in the programmatic advertising ecosystem.

Even in this scenario, with low ambitions, the approach and the level of compliance are distressing. GDPR might be vague in certain areas, but others are pretty clear.

Here’s one basic example from the preparation checklist from the UK Information Commissioner’s Office (ICO): “We don’t use pre-ticked boxes or any other type of default consent.” But a huge number of publishers are pre-ticking opt-ins, or worse: burying dozens of pre-opted-in settings down three to four navigation levels, where only someone in the advertising industry would take the time and have the curiosity to find and amend.

It’s revealing when even a publisher that helped uncover the world’s biggest privacy scandals and positions itself as an advocate for trust and transparency is implementing this sort of opt-in mechanism. Some publishers don’t give readers any options beyond accepting and providing consent, while others take a minimalist approach, providing accept-and-reject buttons, an effectively a nuclear option that allows users to reject every nonessential cookie with a single click, without attempting to educate and inform them about the meaning of their choice.

It is infuriating to realize that those who predicted that GDPR would benefit Google and Facebook – lawsuits permitting – have been right so far, but I never imagined that most publishers’ strategic approach to the new privacy regime would be “try to look compliant and do nothing,” not to mention those who are pursuing “non-compliant compliance.”

GDPR could and should be the trigger for renewed audience and monetization strategies, bold statements about the importance of quality media brands in the advertising and marketing ecosystems. But it requires a long-term, strategic approach and definitely not just the tick of a box, which, ironically, should be unticked.

I have always been enthusiastic and positive about the future of media brands, but the latest developments have been really depressing. The opportunity to change the destiny of most publishers and restore their role in advertising, marketing and society as a whole is shrinking.

At the same time, ad tech companies celebrate multimillion- or billion-dollar acquisitions built on publishers’ audiences, highlighting once again the unsustainable imbalance within the programmatic ecosystem. The gap between the few distinctive and differentiated publishers and the many trapped in a programmatic monoculture is widening.

Despite recent industry opinions that the data emergency that started with GDPR is over (Why should it be over when we are still within a grace period and the national bodies haven’t yet started to systematically tackle GDPR compliance issues?), many, myself included, forecast the ICO to act by the end of 2018 or beginning of 2019 with fines aimed at companies and publishers that do not comply with GDPR’s consent requirements.

Everyone else will run for cover, creating more bad news, because the fines will trigger tactical rather than strategic approaches.

What next, then?

The bigger danger remains in media brands’ lack of GDPR strategies, causing the adoption of ad-tech-driven compliance solutions and frameworks which, unsurprisingly, maintain the status quo. Most publishers will remain in a (increasingly rusty, definitely not gilded) cage, laying eggs (producing inventory) for the farmers (ad tech) to monetize.

The clock is ticking. Will media brands finally take the bull by the horns and work together for an advertising ecosystem where they’ll have the influence and voice they deserve? Who will do it for them otherwise?

Some say that the ad tech sector is lobbying the EU to soften GDPR’s interpretation. If I were a publisher, I would be careful with what I wish for.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *