It seems that whenever GDPR is brought up at events, there’s a notable, collective shifting in seats, usually accompanied by tight, tense laughter.
Ask if people were ready for the California Consumer Privacy Act (CCPA) and you get a similar response. Legislation around the world continues to loom on the horizon – and issues centred around consumer privacy are not going to fade away anytime soon.
Why regulations for data protection matter
Wave after wave of data regulation have landed, yet many companies haven’t been ready when the deadline arrives. CCPA is a perfect example: According to eMarketer, 52% of US security professionals reported that their companies would not be compliant with CCPA on January 1, 2020.
And it isn’t just an issue of being a few months behind schedule. We’re almost two years on from GDPR and the web is full of sites without GDPR-compliant consent forms.
This was mentioned at LiveRamp’s breakfast briefing for publishers in the United Kingdom. David Hayter, Head of Digital at The Stylist Group said, “I had a quick scoot around the internet yesterday and most publishers I came across still weren’t compliant with GDPR. Most were still firing cookies before the Consent Management Platform (CMP) launched or before anything had been accepted.”
There’s an interesting parallel when looking at the current ‘third-party cookie’ situation. Because the changes so far have only impacted Firefox and Safari, no matter how significant the effects at a browser-level, the overall effect on a publisher’s bottom line hasn’t been huge.
And as the changes needed to prepare for a post-cookie world are fairly fundamental, many have been slow to jump to action and make the shift.
This means that, both in terms of compliance and cookies, massive issues aren’t really registering on the radar of the C-suite, and this is dangerous. Failure to be proactive could mean huge revenue losses come 2022, and could also sever trust with publishers’ readers – collateral damage not to be overlooked or minimised.
Additionally, both existing and incoming legislation on this topic can bring a wealth of benefits, particularly to those who take a positive, proactive stance.
Let’s look at how you might be able to convince the C-suite that these issues need action, and need action now.
Preparedness in the long-haul
Now obviously, no one wants to be non-compliant. Everyone knows that compliance is the goal, and we should all be motivated towards compliance because it’s the ethical way forward. But it’s a complicated issue, and ethical motivations are only a part of the equation.
The good news is that there’s a decent amount of overlap with regulations such as GDPR and CCPA, so it’s likely that being proactive will only ensure preparedness for future legislation.
It will help to recognise that compliance is not one mammoth undertaking that happens in three months, but an ongoing process that happens step by step. And that by partnering with the right vendors you can make sure the way you collect and manage data is safe and compliant.
Projected losses from Chrome third-party cookie deprecation
In terms of the changes in Chrome, it’s a maths issue. Talking at a recent LiveRamp publisher’s breakfast briefing in the United Kingdom, David advised fellow publishers in the room to look back at Safari to build a model of the potential damages Chrome could cause, “We should all have logs going back long enough that we can measure what happened with Safari. And if you take that across 60% of your inventory, it will save a difficult conversation in two years time when Google does pull the plug and you have to explain why revenue dropped through the floor.”
Not only will revenue take a hit, but without an alternative method to deliver programmatic or a first-party data strategy, publishers will lose their ability to compete with the walled gardens on targeted ads.
And if your numbers are anything like the publishers speaking at the breakfast, you will have seen significant drops in eCPM performance. Take those numbers, apply them to your current Chrome inventory, and you’ve got a compelling argument right there.
The bigger issue is what to do about it. There are solutions that require building relationships, and leveraging first-party data to not just replace the third-party cookie but move to an upgraded identifier. But they’re solutions that require action now.
Third-party cookie deprecation is a major issue that requires action not only internally, but externally on an industry scale. There’s no point trying to simplify it or make it sound easy.
But it is significant, which means now is the time to be having these conversations and putting plans in action.