The regulatory burdens of Europe’s General Data Protection Regulation (GDPR) have the advertising industry in a flurry. The industry press is rife with doomsday scenarios predicting the end of online advertising.
Is the regulation complex and in some instances, onerous? Yes.
Does it signal the end of online advertising? No.
GDPR does, however, force companies to examine the costs of collecting and using online behavioral data. Because GDPR increases the compliance costs associated with the collection of data, it becomes necessary to examine whether the collected data is worth the added compliance expense. Why absorb compliance costs for data that may or may not be valuable to clients and partners? While the industry has been talking about a “flight to quality” for years, GDPR has cemented Lotame’s commitment to data quality initiatives.
The Personal Approach
“Personal data” under the GDPR is broadly defined to include personally identifiable data points like name and email address, as well as less precise data points like cookies, device IDs, and IP address. The rationale is that modern technology allows marketers to identify individuals with one or more data points, even if those data points do not refer to each individual by name.
The problem with this broad definition of “personal information” is that GDPR treats anonymous data and personally identifiable information as similarly situated. A company that collects and uses cookie data has nearly the same compliance obligations as a bank that collects and stores highly sensitive financial data. The bank, and the consumers it serves, are all well aware of the risks inherent to the storage and processing of financial data. A breach has significant consequences for both the bank and the consumer. For this reason, the bank is able to pass some portion of its high compliance costs along to the consumer in the form of fees. These fees help to make banking one of the world’s most enduring, and lucrative, industries.
How the Cookie Crumbles
The potential loss or unauthorized disclosure of cookie data did not, until relatively recently, raise the ire of consumers or regulators. But now, with GDPR, cookie data is placed in the same category as financial data – meaning that a company like Lotame has the same compliance obligations with respect to its cookie data as does a bank that transacts in highly sensitive financial data. While regulators may view cookie data as having equal footing with consumer names and addresses, marketers do not, and they have not been willing to pay premium dollars for data that is viewed as less precise than personally identifiable information.
On the one hand, GDPR validates what Lotame has known and proselytized for years – that data is tremendously valuable – even when that data is not tied to personal information like name, email address, street address, or telephone number. On the other hand, GDPR makes it costly to collect, store and push large volumes of cookie and device data. There is substantial risk that compliance costs, relative to the earning potential of this data, are being driven too high. In order to drive revenue in the face of mounting regulatory burdens, Lotame and other players in online advertising must focus on quality.
Quality Over Quantity
Over the past year, we have invested heavily in technology and partnerships that emphasize quality over scale. Earlier this year, for example, we announced a partnership with Are You a Human, to provide advertisers and their agencies the ability to quickly and easily identify non-human traffic and create new bot-free audiences for ad targeting, analysis, content personalization, and more. This allows our clients to remove all profiles identified as bots, to reduce wasted ad spend, decrease bot traffic, and increase conversions. For Lotame, it also ensures that we are not absorbing compliance costs for data that offers minimal value to our clients and partners.
GDPR is a game changer for the online advertising industry, but it is not the death knell that many fear. With its emphasis on consumer transparency and consent, Lotame expects GDPR to produce higher quality data assets from more engaged consumers. We have embraced the regulations as an opportunity to review our business practices with fresh eyes and have encouraged our clients and partners to share in this approach.
Tiffany Morris is General Counsel & Vice President of Global Privacy at Lotame, overseeing all aspects of the company’s global legal strategy and operations. She brings more than 10 years of legal and business experience in the advertising, sports, and entertainment industries. Prior to joining Lotame, Tiffany held legal and business development roles at Vox Media, Inc., during a period of significant growth and acquisition activity. She previously served as Legal Counsel for The Kraft Group, where she handled a full range of legal matters for a private portfolio of companies, including the New England Patriots, Gillette Stadium, and Patriot Place. Tiffany started her career with the consulting firm McKinsey & Company. Tiffany has a BA from Wellesley College and a JD from Boston College Law School.