G-day is looming! On May 25, the EU’s General Data Protection Regulation (GDPR) will kick in and – despite the hype – many publishers aren’t ready for it.

Over the course of Advertising Week Europe, held March 19-22 in London, several panels grappled with the issues surrounding GDPR. It became clear that, while marketers are focused on new ways to reach consumers, publishers are faced with the challenge of understanding consumer consent, and if necessary de-personalizing the message, while maintaining trust and keeping revenue streams flowing.

During the Digital Content Next seminar, I had the opportunity to ask DCN CEO Jason Kint, Anthony Hitchings, Digital Advertising Operations Director for the Financial Times, and Jo Coombs CEO of Ogilvy One UK, whether GDPR (referred to in some circles as the God Damn Privacy Rules) represents a massive headache or a huge opportunity.

Headache or Opportunity

Trust is the number one priority explained Kint. “Trusted relationships and transparency become key as publishers work with vendors and with consumers to ensure satisfaction. Premium publishers could see user loyalty rise, if intrusive messages become standard on all other sites. Premium publishers, with trusted and recognizable brands, stand to come out ahead as the industry experiments.”

“It’s certainly keeping us busy, but I wouldn’t say it’s a headache,” said Hitchings. “For months now, we’ve been doing supplier reviews — due diligence with all our suppliers. We’ve been doing system audits, we’ve been practicing system access requests based on our own platform, and looking at the length of time we hold data for.” Even though this might seem like more than a bit of a headache to many, Hitchings said he’s optimistic, because the FT has a “direct relationship with users.”

The Relationship Business

All the panelists agreed that the nature of the relationship with users is key. Publishers need to be open and honest about data collection. However, it poses a serious threat if the industry at large thinks it’s just fine to grab profiles or take surfing data. “When you know how consumers feel, you start to feel slightly more concerned about what the industry does,” Hitchings added.

“Every single piece of data represents a person, and that person obviously needs to be protected and respected by the brands. We are talking to brands about, not just the media they are purchasing and how they are using consumer data. This is every single touchpoint with a customer. It is their data and they need to be in control of it,” said Coombs.

However, she added that while a lot of work is being done on GDPR from the business side, consumers are not being educated. They need to better understand what they are giving up when they click on a box to agree to get rid of a cookie use banner she explained. “We need to help consumers understand what they are ticking and what they are saying yes to,” she added.

Hitchings pointed out that trying to convey the complexities of ad exchanges to users is “not going to be an easy job.”

“The biggest concern that publishers have right now is the actual execution of how to have that very discussion,” said Kint.

“Publishers that have a trusted relationship [with users] can decide what to put in front of that user. Typically, if a user is visiting a site like the Financial Times, or even a search engine like Google, they have a general idea that their data is being collected and used in certain ways. And they are probably okay with their data being used for personalization of the page, or posting on the message board, or fraud protection, etc. But for a data broker to be watching what they’re doing and then reusing their data across the web is probably outside their expectations,” he continued.

Data Dilemma

“Google currently collects data from about 80% of the top one million sites and uses that data however it wants to maximize its own value. The very notion that Google can continue to do that after GDPR is a concern. Users do not want Google watching the web,” Kint continued.

“There’s a fine line between being personalized, useful and relevant, and being a useful value exchange, and actually being just too creepy,” agreed Coombs.

The issue that hasn’t really been addressed by the industry is third-party risk, said Hitchings. “We’re trying to understand what adtech is doing with data and one piece of due diligence took more than a year! So, I don’t think publishers are going to have the bandwidth to assess the risk for more than a handful of partners,” he explained.

This aligned with Kint’s view that only trusted publishers and partners can be successful post-GDPR. And that’s going to be a good thing for consumers as well. Hitchings pointed out a couple of thousand trackers on every page is just daft — and creepy.

Better known as Brusselsgeek, Jennifer Baker has been a journalist for 20 years, the last  8+ specializing in EU tech policy and digital rights. A member of the Expert Council of the Good Technology Collective, Jennifer is on the editorial advisory board of the Journal of Data Protection and Privacy, and was named by Onalytica as one of the world’s Top 100 Influencers on Data Security 2016. She was also listed by Politico as one of the Top 20 Women Shaping Brussels 2017.

Jennifer writes for some of the biggest names in media, including ArsTechnica, Computerweekly, TheNextWeb, Macworld, PCworld, and The Register. She regularly features as an EU policy expert on BBC radio.