American Marketer

5 ways the GDPR has changed the ad tech

August 28, 2018

Karen Karalash is GDPR compliance officer at SmartyAds Karen Karalash is GDPR compliance officer of SmartyAds


By Karen Karalash

Even though General Data Protection Regulation legislation came into effect May 25, the discussions and speculations around how GDPR legislation will change ad tech are still on the radar.

The transformations have certainly begun and we can already measure the effect by the numbers and trends registered on the ad market.

Under the new GDPR framework being valid globally, all companies that deal with the personal data of European Union residents have to comply with the new requirements, strengthening information safety and giving the users the right to erase personal data.

Business response: Ready? Not really

As a matter of fact, the large ad market players were GDPR-ready long before the deadline.

Thus, for instance, Facebook launched a special toolset for personal data management to let users find, download and delete certain information.

Google updated its privacy policy, politics and products according to the legislation without much ado about changes. Likewise for many big-market players.

Many little and midsized companies at the time found themselves trapped between not-so positive scenarios. By April, only 10 percent of companies were able to report full compliance, including E.U.-based ones.

In July, many ad companies that could not afford to adjust their technical base to the new requirements decided to shut down their European servers or quit processing and gathering the data of E.U. citizens.

Some digital businesses decided to remove all digital ads from their Web sites and retain their E.U.-based users, just as USA Today did.

What happened to ad revenues?

The introduction of new GDPR realities has turned the ad market upside down in the first few months. European ad exchanges were hit the most as their ad shares dropped down 20 percent to 45 percent, on average.

Such a drop in the revenues was caused by the fact that the selling parties could not guarantee the GDPR compliance of their partners. That is why the buying parties could have restrained their ad campaigns from launching. Also doing the same were New York Times and other organizations when they stopped serving programmatic ads in Europe.

During the summer, the advertising volumes almost returned to their former level as the market finally adjusted to the new game rules. Still, certain advertisers decided to spend their ad budgets on promotion through alternative marketing channels instead.

It would be surprising if GDPR did not affect CPM rates, but so far it is too early to judge if the trends are permanent.

Ad earnings that come from programmatic advertising have shifted their focus. Now they have become more dependent on the geo-position of users to whom these ads are served. This way, previously highest E.U. CPM rates in the first months after GDPR were seized by U.S. location.

Long-term consequences

GDPR legislation entails long-term consequences for the ad tech market that the world will witness when 2018 comes to an end. So far, many companies are experiencing technological difficulties even when seeking basic consent for showing targeted ads to the users.

If this tendency continues and turns into the trend, that is when the ad revenues of publishers may drop in the long run, affecting the inventory of publishers for media placements.

However, in the new circumstances, high-quality, renowned publishers are seen in a rather beneficial light, and they are more likely to obtain consent from users than low-quality ones.

The new GDPR format prohibits scanning IPs, cookies and a whole set of other online user identifiers.

To avoid GDPR law-breaking risks and fines, advertisers might want to exclude their E.U.-based customers from campaigns till the moment ad companies figure out how to make all their partners GDPR-compliant.

Ad tech vendors and ad tech software providers will still keep afloat and bring their users revenue because only programmatic technology so far is able to generate a conversion rate varying from 1 percent to 5 percent during a retargeting campaign.

As was expected, GDPR has also influenced the quality of information provided by users.

Due to that fact, that the pool of information gathered from users has been restricted,

but the rest of the incoming data became more reliable and more useful for generating conversions.

Summarizing what is currently happening on the ad tech scene, it is safe to point out the following:

  • Ad revenues generally have become more geo-dependent
  • Certain digital businesses have changed the way they serve the ads to customers
  • Big publishers are gaining more recognition and obtaining more user consents
  • Advertisers keep serving ad campaigns using ad tech vendors
  • The E.U. customer data gets more restricted, but relevant

THE INITIAL AIM of the GDPR legislation was establishing a tighter control over users’ personal data, and how it is gathered, processed and used.

Right now we can see that the cost of compliance for some companies is too hard to lift, while for the others it provides additional trust dividends.

Even though the new legislation imposes a large number of requirements on every company, in the long run the market is expected to become more transparent and predictable.

Karen Karalash is GDPR compliance officer of SmartyAds LLC, Miami Beach, FL. Reach her at