The GDPR, one year on

Last week, to mark one year since the GDPR came into force, the IAB UK hosted Quantcast’s Evolution of Data Privacy event and our Product Compliance Director, Kelly Jacobson Collins, went along.

It was really interesting to hear the range of approaches that companies had taken to tackle the GDPR and to hear everyone’s plans going forward.

Quantcast invited me to speak on ‘The Consented Ad Tech Space’ and I’d like to share some of my thoughts from this talk with you as I think it’s really important that we continue to collaborate and learn from the changes that are impacting the ad tech industry and beyond.

What has the GDPR changed?

I believe the GDPR has been really positive for the ad tech industry. For a long time, people have talked about data being the new oil. The introduction of the GDPR served as a crucial reminder to our industry that isn’t something inanimate, but information about people.

On a positive note, the GDPR has made us, as an industry, put more consideration on value, trust and how we innovate.

Unruly is in a good position as trust and transparency have been built into the company from day one by our founders, and they continue to be two of our core values.

Programmatic and data exchanges

The GDPR has also placed a higher value on first-party data, which is a key component of our business offering. We have our UnrulyEQ emotional data, and access to our parent company data from News Corp. Bringing this data together allows us to offer some really unique capabilities, and we’ve just launched a new product in the form of UnrulyEQ+ in Australia which does exactly that!

When it comes to programmatic we’ve found that, contrary to what the industry thought might happen, the GDPR hasn’t put businesses off. At Unruly, we’ve seen programmatic revenue pick up since the GDPR was introduced, and grow steadily month on month.

I joined Unruly in a post-GDPR world, however, my observation is that we are all working on the same supply and demand chain and we all want to grow and nurture our businesses. But only if we work together to flow this data accurately through the chain to advertisers does it work. We have to collaborate together to ensure that the privacy rights of individuals are protected and respected throughout the chain.

The GDPR has reminded us to consider what data needs to be collected and shared (and with whom). It’s made us all more considered and I think we now work together better as an industry with shared goals.

A look forward

Looking ahead, we’re gearing up for the next iteration of data privacy regulation in the US, the CCPA (California Consumer Privacy Act). Our preparation for the GDPR has put us in a good starting position and we plan to build on that and work with our US teams to share best practice and learnings.

Having tried and tested processes and systems for the GDPR makes you more prepared for the CCPA, and many global companies will have a better idea of what they need to put in place.

Although the nuances of the law are different to the GDPR, and the precise wording of the law hasn’t been finalised, the way it will be implemented into an organisation in terms of training, privacy by design, processes, and responsibilities will be similar. Data security is also the same – you need physical controls, access controls, cloud security, transmission controls, input controls, education and policies.

I expect over time, and with their need to adapt for the CCPA, US publishers will reach a comfort level that the CCPA isn’t the menace they feared. As with any of these things, it just needs a few key players to move in that direction, and the rest will feel confident enough to follow suit.