"Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by David Raab, principal at Raab Associates.
When online marketers get tired of worrying about Google and Facebook taking over their world, they may instead fret over whether the EU’s upcoming General Data Protection Regulation (GDPR) will destroy it entirely.
Unfortunately, the tougher privacy regulations may have the unanticipated consequence of making the duopoly even more powerful.
The reason is quite simple. Facebook and Google have built their empires on their ability to give consumers the services they really, really want. Short of banning the internet altogether, regulators will not be able to prevent consumers from agreeing to share whatever data they must to continue using those services. So the idea that consent requirements will hurt Google and Facebook by cutting off their supply of customer data is wishful thinking for anyone who hopes to see them lose power.
This is not to say that consent and other GDPR requirements are toothless – it’s just that their bite will be felt by other lesser businesses. Companies whose products are not as compelling as Facebook or Google will have a harder time convincing consumers to trade away their data, and new companies in particular will face a much steeper climb to mass acceptance.
Moreover, the investments needed to create and maintain GDPR-compliant systems will add considerable cost to new online products. Those costs will be rounding errors for Google, Facebook, Apple, Amazon and other giants, but they’ll be significant for small companies. And the risks of noncompliance will give investors one more reason for caution about funding new startups.
Stricter data regulations also will give the big companies even more reason to be cautious about sharing data they’ve gathered – data that marketers want to access in as much detail as possible for their own purposes. The result will be even greater reliance on the giant firms to select the audiences for advertisements because marketers will have less data to do the targeting themselves.
Smaller publishers will also need to be more careful about what they share, further diminishing marketers’ ability to make their own choices. So if anyone is really likely to suffer grave injury from new privacy regulations, it’s ad tech vendors whose businesses are premised on large amounts of consumer data being freely available.
Of course, the new regulations will create some opportunities. The more complicated, demanding and volatile the requirements – and the more they vary by jurisdiction – the more companies will rely on outside experts, such as customer database developers, marketing agencies and consultancies, whose primary business is paying attention to the rules and building systems within them.
Internally, corporate IT departments that have been happy to let marketers manage their own technology will be pulled back into the process, as it becomes clear that the risks of noncompliance require closer review of privacy and security issues than marketers can provide.
US companies might feel less worried about all this. But despite the anti-regulation attitude of the current US administration and Congress, US companies must still comply with GDPR for any data they hold on EU residents. This means many will need to make the same investments as their EU-based counterparts.
And even companies that deal only with US consumers will find those consumers are more aware of privacy issues and notice, if just subconsciously, that some companies are much more privacy-safe than others. So, there will pressures on all firms to meet rising privacy expectations even when they’re not required to do so by law.
Indeed, you can expect Google, Facebook and the other big companies to actually help generate those pressures, positioning their own well-publicized compliance as a competitive advantage over firms with looser standards.