It seems that whenever GDPR is brought up at events, there’s a notable, collective shifting in seats, usually accompanied by tight, tense laughter.
Ask if people were ready for CCPA and you get a similar response. And now TCF 2.0 is looming on the horizon.
Why regulations for data protection matter
Wave after wave of data regulation have landed, yet many companies haven’t been ready when the deadline arrives. CCPA is a perfect example: According to eMarketer, 52% of US security professionals reported that their companies would not be compliant with CCPA on January 1, 2020.
And it isn’t just an issue of being a few months behind schedule. We’re almost two years on from GDPR and the web is full of sites without GDPR-compliant consent forms.
This was mentioned at LiveRamp’s breakfast briefing for publishers. David Hayter, Head Of Digital at The Stylist Group said, “I had a quick scoot around the internet yesterday and most publishers I came across still weren’t compliant with GDPR. Most were still firing cookies before the Consent Management Platform (CMP) launched or before anything had been accepted.”
There’s an interesting parallel when looking at the current ‘third-party cookie’ situation. Because the changes so far have only impacted Firefox and Safari, no matter how significant the effects at a browser-level, the overall effect on a publisher’s bottom line hasn’t been huge.
And as the changes needed to prepare for a post-cookie world are fairly fundamental, many have been slow to jump to action and make the shift.
This means that, both in terms of compliance and cookies, massive issues aren’t really registering on the radar of the C-suite, and this is dangerous. Failure to be proactive could mean huge revenue losses come 2022, and could also sever trust with publishers’ readers – collateral damage not to be overlooked or minimised.
Additionally, both existing and incoming legislation on this topic can bring a wealth of benefits, particularly to those who take a positive, proactive stance.
Let’s look at how you might be able to convince the C-suite that these issues need action, and need action now.
The ICO deadline looms
Someone’s getting fined.
The Information Commissioner’s Office (ICO) is taking compliance seriously and the general feeling across the industry is that it’s now simply a matter of who it’s going to be.
When asked about this at our breakfast, David said, “I don’t think anyone wants to be the first one to be caught out, and it does sound like the ICO are going to go after somebody. And I don’t disagree with them in their approach.
“They gave us two years and we didn’t do anything, they gave us another 18 months and we still, for the most part, have done nothing. At some point, fine somebody for it, and everyone will sit up.”
One audience member at RampUp London 2019 summed it up pretty well when they said that it was like the saying, “You don’t have to run faster than the lion, you just have to run faster than everyone else.”
In this case, you don’t want to risk being anywhere near the back of the pack.
Now obviously, no one wants to be non-compliant. Everyone knows that compliance is the goal, and we should all be motivated towards compliance because it’s the ethical way forward. But it’s a complicated issue, and ethical motivations are only a part of the equation.
The good news is that there’s a decent amount of overlap with GDPR, CCPA and TCF 2.0, so it’s likely that being proactive now will not only help avoid penalties but also ensure preparedness for future legislation.
It will help to recognise that compliance is not one mammoth undertaking that happens in three months, but an ongoing process that happens step by step. And that by partnering with the right vendors you can make sure the way you collect and manage data is safe and compliant.
Projected losses from Chrome third-party cookie deprecation
In terms of the changes in Chrome, it’s a maths issue. Talking at the publisher’s breakfast briefing, David advised fellow publishers in the room to look back at Safari to build a model of the potential damages Chrome could cause, “We should all have logs going back long enough that we can measure what happened with Safari. And if you take that across 60% of your inventory, it will save a difficult conversation in two years time when Google does pull the plug and you have to explain why revenue dropped through the floor.”
Not only will revenue take a hit, but without an alternative method to deliver programmatic or a first-party data strategy, publishers will lose their ability to compete with the walled gardens on targeted ads.
And if your numbers are anything like the publishers speaking at the breakfast, you will have seen significant drops in eCPM performance. Take those numbers, apply them to your current Chrome inventory, and you’ve got a compelling argument right there.
The bigger issue is what to do about it. There are solutions that require building relationships, and leveraging first-party data to not just replace the third-party cookie but move to an upgraded identifier. But they’re solutions that require action now.
The ICO deadline and third-party cookie deprecation are both major issues that require action not only internally, but externally on an industry scale. There’s no point trying to simplify them or make them sound easy.
But they are significant, which means now is the time to be having these conversations and putting plans in action.