We used to be OK with and even appreciate our local grocer for remembering our preferences as loyal customers. We had the roast trimmed just as we liked it, with fresh bread rolls that he put aside especially for us, coupled with our favorite red, and of course, the free lollypops for the kids. It was comforting to be recognized and treated as special. It was also good business.
We were OK with the grocer knowing how we liked our order and that we had little kids, even chatting about our special diet and heart condition. He knew what he needed to know to give us excellent service, no more and no less.
Fast forward 50 years to 2017… at what point did it become OK for that grocer to:
- Keep track and log every item we purchased, or considered to purchase
- Have people we don’t know follow us in the store to track our behavior
- Keep track of the amount of liquor and ice-cream we consume
- Make assumptions about our medical condition based on our purchase behavior
- Sell our shopping behavior to people we don’t know
- Partner with insurance companies and share with them things we told him in confidence
Since when did that nice guy with the lollypop turn his grocery store into a business that brokers our behavioral data under the guise of better customer experience? Why was this done without our knowledge and permission? How did we allow our personal behavior to become a multibillion-dollar industry?
The words that come to my mind are greed, disrespect, and abuse, not efficiency, relevance, or value.
Privacy regulations, and rules around the use of personal data have been in existence for a long time in the offline world. Financial information, employment history, criminal records, medical records, etc. all had (and still have) rules regarding use and disclosure. But online commerce moves much faster than regulations, and rules around behavior tracking online simply did not exist. The regulation around data use on the internet was left in the hands of the business world, which has the tendency to put a buck ahead of Chuck. Publishers realized they could make more money selling behavioral data than original content. The internet was flooded by millions of sites that aggregated poor quality content cladded with a plethora of ad glut. Many brand publishers who had relationship with agencies started buying media from those low-quality sites and sold them as audience extensions, because who cares about content quality when you can arbitrage cheap media that runs on quality data, right? It was like making money out of thin air.
But why bother producing content, or arbitraging junk media at all, when you can just sell the data straight up? At some point, publishers started allowing anybody who was willing to pay to place pixels on their site, that included every advertiser, agency, DSP, DMP, SSP, CDP, and any random data aggregation brokerage. The latter was a new business model that was based exclusively on collecting behavioral data and packaging it into heuristic/probabilistic segments in every shade and color.
I am not getting into the topic of data quality here, but when the price of media crashed because all buyers wanted to buy was audience instead of direct placement on relevant contextual media, the budgets fueled a behavioral data frenzy. And when data started costing more than media… I will leave it to your imagination to fill the gap of how the data supply side responded to the demand.
All the above happened very fast (about 15 years), but just like many things in our economy, when there’s an easy opportunity to make money, there’s an exuberant frenzy followed by poor decisions and a painful hangover. I’m talking about a high school kid coming home to find that the parents are gone for the weekend, immediately smashes the piggy bank, calls a bunch of friends (one of whom has a beard and fake ID) for a pool party. Before you know it, the entire school is over along with the pizza guy and few cases of vodka. Hours later, someone starts a fire, someone gets pregnant, someone drowns in the pool, someone calls 911, the neighbors call the fire department for the fire, the police for the noise, and the kid’s parents. And just as quickly as everything got out of hand, it’s all over and everyone is scratching their heads wondering what just happened.
When something becomes very valuable it also becomes vulnerable. The world started waking up to the issue around privacy and data security when the industry started getting hit with repeated breaches at massive scale. Adobe, eBay, Equifax, Marriott, Target, Yahoo, Zynga… just to name a few, there were many more. The scale of those breaches affected millions of people who started expressing concern, not only for the fact that private data was stolen, but also to what kind of information was stolen and why it was there in the first place. The class action machine started smelling blood in the water, but the judiciary arm found an environment that was barren from rules and regulations and the early cases were dismissed with a warning. European regulators were the first to impose rules against data collection, storage, sharing and security. You may not know, but Europe had data security laws before the famous GDPR. What the landmark legislation of 2018 did besides imposing incredibly severe penalties, was to specify in detail how data may be collected, what disclosures must be made, what can be done with data, how personal data can or cannot be shared and how it must be kept.
Like it or not, the US federal government is not as quick to impose regulations on business and to date they have not done so. On a state level, however, attorney generals were more active at seeking some regulations, led by the California CCPA. There are now more than a dozen states in advance stages of online privacy legislation, with New York recently getting into the arena. It is reasonable to assume that the feds will also release a common standard under the Biden administration.
A couple very important points to note:
- Neither of the recent laws were written specifically for digital marketing, but rather to provide broad terms for personal data management, coupled with severe penalties. It is left for the courts to interpret the law given the cases in front of them.
- Many companies that conduct business online, including retailers, publishers, apps makers and tech firms, smelled the danger scrambled to develop solutions that would mitigate their risk, should they be sued under the new law. However, there is no provision in the laws that states that clicking the ‘Accept’ button for cookies, location tracking, or camera use, would take the site/app off the hook for using that data in any way they see fit. It is merely a mitigation maneuver. The validity of that assumption on users’ consent will need to eventually be contested in court.
We are still at the early days of privacy control. To use the school party analogy, the police just arrived at the scene, the firefighters are putting out the flames, the EMS is performing CPR on the drowned kid and the parents of the rich kids are on the phone with their family lawyers. Over the horizon, the kids are bracing for the looming hangover.
European lawmakers are way ahead of the US in terms of privacy litigations and dozens of lawsuits have already been filed against companies for data abuse. One story that has recently surfaced was Norway vs. Grindr, who allegedly was selling its users behavioral data without adequate disclosure or consent. But as this AdExchanger article states, Grindr’s story only made it to the news due to the nature of the app itself, the data practices employed by Grindr are actually the common standard amongst many “free” apps.
Put in that context, it is perhaps more evident why companies like Google, Amazon, Facebook and Apple are slowly pulling their hands out of the cookie jar and raising the walls of their walled gardens, but those companies have diverse and thriving businesses to fall back on. For many companies who built their entire business on data arbitrage, the restriction imposed by the giants who hold our online identity along with all our secrets would mean the end of the party.
Here’s what I believe is reasonable to expect in the upcoming years:
- Some sort of federal level legislation that’s based on the principals of the GDPR
- A rain of class actions against major offenders
- The walled gardens of media will safeguard their data tightly, mainly because that is truly their most valuable asset, but also in compliance with regulations.
- Fair amount of consolidation in AdTech
- New privacy and data security tech solutions for businesses and individuals
- A lot more opt-in requests on sites and apps, that less people will just blindly
- More quality editorial will go behind paywalls
- A lot of speculative data will go away and the value of deterministic legal data will rise
As a consumer and a father, I rejoice and applaud the restrictions. I believe that there should be full disclosure and transparency around the value exchange between the business and the individual. I want to have control over what businesses know about me and I want to know everything they do with my data.
As a marketing professional, I revel in the past successes and wait in expectation for the changes we will need to make to connect B2B buyers and sellers programmatically. It will be different. But I am hopeful that this reckoning will alert media buyers back to the value of high-quality contextual media and start working at building their own 1st party database.
For additional insight on third-party cookies and the impact data privacy laws will have on the industry, watch this video of Multiview’s Chief Strategy Officer, Yariv Drori, discuss the future of targeted digital advertising and why marketers shouldn't cry over an empty cookie jar.
Multiview connects brands to their target audiences through digital media. As a leading digital publisher and marketing company for more than 20 years, Multiview helps over 1,200 associations and 11,000 companies find and connect with millions of professionals every day. By leveraging our first party data on over 10 million B2B professionals across 30 industries, we deliver targeted advertisements to unique market segments thereby helping brands to maximize their advertising budgets and achieve their growth goals.