Impact of GDPR legislation on PPC Advertising in the UK and Europe
The GDPR legislation comes into effect in May 2018 and this will have a big impact on both Facebook and Google AdWords in terms of how much personal data they can store and use for personalised advertising.
A GDPR scale has been created by PageFair (August 2017) that maps the levels of risk that companies face from the GDPR legislation.
The scale ranges from zero to five.
At Zero on the scale are activities outside the scope of the Regulation, because they use no personal data. In terms of AdWords advertising this would include “placement targeted ads” as these make no use of personal data.
The next lowest, at 1 are activities that can easily be made out of scope of the regulation if the business is modified. Most advertising lies here - it uses personalised data but does not need to. Google Maps with no location or personalisation turned on is an example of this.
Risk score no 2 is classed as “can show opt out before using the data.” Location targeting in Google maps as currently implemented is an example of this.
Risk score no 3 is classed as “needs opt-in and may get it”; most email marketing already works on this principle, providing useful information that users are prepared to give away personal information to obtain. Loyalty schemes will sit here – there is an incentive to allow access to personal data.
Risk score no 4 is classed as “needs opt-in but users has little incentive to agree”; most email marketing already works on this principle. Some of the recent features of personalised advertising by Facebook, DoubleClick and AdWords are included here. Marketers are worried. Gmail was included in this category. Why would anyone want to give Gmail permission to use their personal data for targeted advertising? This is clearly what Google thought and back in June 2017 they announced they will stop mining emails for personal data.
The highest risk score of five is “needs opt-in consent but unable to communicate with users”. Some AdTech companies that have no direct relationship with Internet users are is this category. They have no way of getting consent from their end users.
The biggest risk for personalised (or well targeted advertising) is that users will not “opt-in”.
Exactly the same was said when data protection laws changed and email marketing had to request permission. Many pundits in the industry predicted the total demise of email marketing. Yet what actually happened was a better service and an ongoing thriving email marketing industry, providing better content (content that users want). Genuine businesses with a product to offer still had a way of email marketing.
What will Google and Facebook do?
Again, we should look at email marketing for the answers; they will be forced to adapt their product offering to be legal but still give some degree of personalisation.
What should companies using AdWords and Facebook advertising do?
Continue to make as much use of personalised search whilst you can. Some of this activity will be reduced in ten months’ time, but not all. Location based personalisation is least likely to be impacted at all.
In the longer term, a stricter set of laws on what can be tracked may lead to a better quality of personalised data that can be used and quality personalisation will be appreciated.
Companies advertising online should also recheck other requirements of GDPR, such as encrypted data transfer of contact form data on websites.
