GDPR - bet you thought that after May 25 you’d never have to hear those four letters again… or, at least, not as regularly. However, two weeks after the implementation of the EU’s new data rules and it seems we’re still stuck in a never-ending news cycle suggesting that GDPR is, in fact, the end of all time. 

Pack your bags folks, it seems the apocalypse did arrive! Or did it? Stick the kettle on and let’s try to make sense of the confusion before you start mindlessly stuffing your belongings into a bag...

Despite GDPR being talked about for two years before implementation, there continues to be a hell of a lot of uncertainty around the new laws, what is allowed, who is responsible, and what on earth businesses and agencies should be doing. 

You may be aware that several high-profile news websites in the US, such as the LA Times and New York Daily News, became unavailable to European countries as the clock struck midnight on May 25. Unsure of how they could or should comply with GDPR, the sites simply stopped access from European countries, BBC News explained. While it may be better than turning into a pumpkin, it is still, perhaps, the not the best solution. 

But it isn’t just the news sites that are shutting down. As Digiday reported, GDPR also resulted in ad exchanges seeing European ad demand volumes fall between 25 and 40% as US publishers pulled ads from European sites and Google adopted a strict consent-based approach. 

While a more recent Digiday article notes that some publishers have seen their programmatic ad revenues recover, others are continuing to see revenues fall. 

So, what has caused the programmatic mayhem?

It seems there are two key factors. Firstly, Google has caused some confusion for publishers and ad tech vendors.

In the days prior to May 25, Google warned ad tech vendors to expect some short-term disruption to European campaigns until it had fully integrated with the Interactive Advertising Bureau Europe’s GDPR framework, Digiday explained. What’s more, it warned people not to buy via its DoubleClick Bid Manager on third-party exchanges because it couldn’t verify if these partners were compliant. 

This has added to the uncertainty and fear that was already swirling around GDPR, especially for business in the US. Concerns about compliance and cookies are causing people to pull programmatic ads from European sites. 

But the truth is that impression and cookie data is anonymised. While you can track people and their activity on the web, sites don’t actually know who it is. They track a profile, rather than a person, and ad-related actions are based on assumptions of that profile.

For example, let’s say that a website user heads to the New York Times site. Cookies in this visitor’s browser inform the New York Times that this is Visitor 24568, an anonymous profile that was created for this unique visitor. Every time Visitor 24568 returns to the New York Times, it recognises this visitor and his activity is logged and added to his profile. 

It doesn’t know that the visitor is called John Smith and that he is an IT technician who is married with two kids, has a dog, pretends to love his wife’s potato salad, secretly loves watching The Crown, and dreams of having a holiday without the kids in the Bahamas. 

However, because John, AKA Visitor 24568, read an article about Olivia Colman taking over from Claire Foy in season three of The Crown, browsed for activities to keep the kids amused over the summer holidays, and spent a long time on travel sites reading about the best couple-only hotels in the Bahamas, it is inferred that Visitor 24568 has kids, likes The Crown, and wants a kid-free holiday to the Bahamas. As a result, the next time John, Visitor 24568, visits the New York Times, he is delivered related ads. 

Cookies and programmatic advertising primarily use behavioural targeting to deliver ads. If one of John’s kids uses his laptop to search for a new toy, John could be met with an advert for that toy when he’s next on the New York Times. John didn’t search for the toy but that behaviour is now part of Visitor 24568’s profile because that’s what the cookie recorded. 

As we’ve said from the very beginning, digital marketing and programmatic ads still have a place in GDPR and publishers, agencies, and advertisers can do all of these things while being GDPR-compliant. Everyone in the online ad industry now needs to come together to ensure there is consistency across the board and stop fuelling unnecessary confusion.