Will GDPR Kill Our Data-Driven Future?
*This blog was originally published on thedma.org blog on May 2, 2018.
Data has reinvented marketing. At a time when industries have been disrupted, the media landscape is fractured, and advertising is either the answer to building strong brands or the penalty paid by weak ones, data is the one thing all marketers can agree on: We dream of an addressable, efficient future.
In 2006, Chris Anderson wrote the book “The Long Tail” and, with it, the data dream was born. Marketers salivated at the idea that they could discretely target their customers and aggregate reach by serving ads across the thousands of niche hyper-focused publishers rather than rely exclusively on premium sites with broad reach.
Around about the same time, digital ad networks started to emerge, making it easier for marketers to scale media buys among new micro-segments. Soon thereafter, programmatic buying was born, divorcing media from context and enabling marketers to use automation to buy inventory based on third-party categories. Ad tech had arrived!
It didn’t take long until marketers realized that third-party data had a tendency to be rife with inaccuracies. This was the year I rather infamously declared the majority of third-party data to be crap.
The reverence for first-party data took hold shortly thereafter. Marketers realized they could augment syndicated data they were buying with their own CRM data and for the first time, martech joined forces with adtech.
People-based marketing and addressable became the true north. Marketers embraced the idea of moving from one-to-some to one-to-one across digital touchpoints and even television. New forms of data and ad serving suggested this addressable future was within our grasp. Purchase-based targeting, omnichannel remarketing, dynamic creative optimization, and programmatic buying combined to paint a picture of person-based marketing with no waste. The ultimate efficiency. Total personalization.
And then came 2018 and in walked GDPR along with some rather well-publicized questions about how data is collected, shared, and used.
After data breaches, privacy and security concerns, and let’s be honest, bad actors, the EU has said “enough” to the endless collection of personal data. On May 25, companies that do business in the EU will either need to make sure that their collection and processing of personal data is legitimate and proportionate to fundamental privacy rights or, otherwise, obtain proper – affirmative – consent.
Whether you rely on data subject consent or the legitimate interests balancing test (or both, depending on the situation), the ball is in each company’s court to document compliance with GDPR requirements. And keep in mind, personal data includes the obvious stuff like name, address, email addresses (demand generation), but also includes persistent identifiers like cookies and device IDs, location data, IP addresses, and phone numbers. In order to process these data points and identifiers, marketers will need to acquire their customer’s informed consent reflected in some affirmative action.
Failure to comply can result in fines of 4% of annual sales or €20 million, whichever is higher.
And it’s not just companies based the EU. In the first instance, U.S. (and other) companies that conduct business in the EU need to comply as well. Over time, we expect additional countries to amend their data protection laws to follow the EU’s lead. And while we don’t see any short-term prospects for privacy legislation in the U.S., it’s hard to justify a combination of headline-grabbing data meltdowns at home.
Adtech providers and agencies are running scared. Retroactive consent will be nearly impossible to obtain, and data that wasn’t collected, maintained, and managed with privacy by design principles at the start is suspect. Compliance officers are banning phrases like one-to-one and people-based marketing. In such a vastly distributed ecosystem, with so many partners and intermediaries, the risk of running afoul of the new law is sky high.
So is that it? Has the data-driven dream died?
I’d argue it has not. In fact, it will be stronger than ever, built on a foundation of integrity.
Consumer expectations have increased exponentially on a rising tide of frictionless experiences, enhanced convenience, and personalized service. So long as the value exchange is worthwhile, people will continue to provide their personal data in exchange for avoiding wait times, skipping lines, single swipe payments, voice ordering, video doorbells, curated on-demand wardrobes, personalized playlists, and the like.
Marketers who understand the power of connected experiences will build their brands around first-party data. First-party data will provide a roadmap not only to new sticky products and services, but also to targeted, addressable, personalized, waste-free media. A strong foundational data strategy fuels the dream and arguably drives greater advantage than before. When data is scarce and true, it has greater power.
The key to salvaging the data-driven dream is not to shrink it, but to expand it. Data must not settle for simply providing better media experiences. Companies must redefine their entire business model around data. GDPR is an opportunity. We must all dream bigger.