By Qassem Naim (Data Strategy Director)
When the new EU-led privacy legislation GDPR went live last month, it seemed almost everyone was scrambling to update their privacy policies and ensure compliance. Adding fuel to the fire, it has become evident that the Cambridge Analytica scandal earlier this year has ushered a new age of digital vigilance, heightening public scrutiny and concern about how consumer data is being used.
Of course, it’s not just Europe that has been affected by the introduction of GDPR: as well as the overhauls required from New Zealand-based businesses that interact with EU citizens, many of the reactionary changes by major digital platforms are being rolled out globally, directly impacting our media capabilities here in New Zealand.
DoubleClick, Google’s flagship ad platform, has introduced a range of updates that affect what kind of data is available to advertisers and how it can be used. The ripples of these changes will be felt by advertisers, agencies, and marketing technology providers alike.
DoubleClick’s announced changes primarily impact three key areas:
– Log level exports
Log level data is the granular data that captures information about each individual impression, click and activity, including when and where it happened, how much it cost, and who was involved. The “who” noted in these files are expressed in the form of anonymised Google UserIDs, which play a central role in customer journey analytics, advanced attribution and high-value audience targeting.
With the proposed changes, these log level exports will be stripped of the anonymised userIDs, which will have significant impact for marketers and advanced measurement.
Reporting parameters have also been altered, changing the maximum lookback windows available for many DoubleClick reporting types, including Floodlight, Path to Conversion, Attribution, and Rich Media reports. In some instances, the data available in these reports has decreased from 180-days to 60-days, placing the onus of ongoing data storage (to support YoY analysis and the like) on marketers and agencies.
In Europe, advertisers are facing new challenges with their remarketing activity. Following the introduction of GDPR, advertisers must now acquire explicit consent in order to create remarketing pools. This has significant ramifications both for European inventory and audience match rates, as audiences were effectively drained overnight following GDPR’s roll-out. These will have to be rebuilt, with consent prioritised in the process, and will likely never reach the same volumes again. Google is currently referring publishers and advertisers to cookiechoices.org, a site which provides information about consent-gathering solutions from various vendors that can be incorporated into advertising tags to ensure user privacy is respected.
DoubleClick’s changes each involve the removal of key identifiers that are often central to the operation of many marketing technology platforms, particularly major DMP (Data Management Platform) providers. Salesforce and Adobe, among others, developed solutions that leveraged Google’s anonymized unique identifiers for device mapping, audience segmentation, and targeting. Some agency holding groups have also designed or acquired their own DMP-like solutions, leveraging learnings from their client data that also likely utilised these IDs.
To accommodate the changes, these providers will have to rely on directly tagging media to ensure they are able to crunch the data themselves, given that they are no longer able to ingest Google log files – and even this could be in jeopardy if third-party tagging is further limited, as it has recently been on YouTube.
These same anonymous IDs are what fuel advanced off-site attribution and audience segmentation performed by media and analytics agencies. With Google planning to remove these IDs, many businesses will need to revisit how they model and assess the performance of digital media tracked via DoubleClick.
In the meantime, there are alternative solutions to questions around digital attribution and effectiveness. DoubleClick’s Path-to-Conversion reports, for example, are one way of adopting a more holistic view of digital performance. (However, it is worth noting that this report type is limited to successful conversion pathways, and that only a certain number of touchpoints may be recorded, depending on your configuration.)
There’s also the promised roll-out of Google’s Ads Data Hub, though this tool is still in beta. This tool will leverage BigQuery and allow limited access to aggregate data in place of log level files. Data limits will prevent access to individual-level data, though, allowing only for a granular view of a minimum 50 users. Google’s Ads Data Hub is expected to be put on an “accelerated” roadmap to support custom modelling via common programming languages Python or R, which could both be run within the black box and still support those invested in developing custom multi-touch attribution models.
We know that the changes made by DoubleClick in reaction to GDPR will be coming for New Zealand and the rest of the world in due course. This is not wholly due to legislation, but rather due to proactive Google engineers who are either selfishly re-enforcing their garden walls, or taking an admirable step to protect consumer privacy (and themselves from future liability).
With a revenue-based penalty, those with the most to lose as a result of GDPR non-compliance are the large companies—particularly those that make the majority of their money brokering data to advertisers for increased CPMs. As a result, Facebook and Google have recently found themselves centre stage. Both companies came under fire on day one of the new GDPR regulations, with a combined $12.7B NZD in lawsuits filed against them for the ubiquitous practice of “all-or nothing” Terms of Service opt-ins.
Under GDPR, you cannot force users to give consent to collecting data in order to use your service, if the collecting of data is not necessary for the service, so Max Schrems, Austrian privacy advocate, has created a suit against Facebook and Google for “coercing” users into accepting policies that feed their databases.
It’s hard to gauge how difficult it will become to capture explicit consent from users, with a range of sources estimating that as little as 30% of consumers would opt-in for retargeting and personalised advertising content. Given the increasing limitations of audience targeting, some are predicting a revival of contextual messaging in the coming year.
Advertisers outside of Europe can still make the most of the data while it lasts, and should endeavour to learn all they can about their media performance to support future planning and segmentation.
For now, there’s no telling when exactly the changes will occur – Google has just said they will. In the meantime, it’s worthwhile for everyone who works with consumer data to pay attention to the first few GDPR lawsuits and how they fare not only in the actual courtroom, but in the court of public opinion.
If you are interested in discussing the impact of these changes to your own media and measurement capabilities, or in understanding the implications of GDPR for your business more broadly, we offer consultancy services for a small charge. Please contact your Group Business Director or Qassem.Naim@fcb.com directly for more information.