With the introduction of the General Data Protection Regulation (GDPR), search marketers targeting the European Union (EU) have had performance ad capabilities ripped right out from under their feet.
Given technical and privacy limitations existing before GDPR, performance marketers may have already felt they were doing their jobs with one hand tied behind their backs. Now, those marketing to customers or prospects in the EU, regardless of where the brand lives, have lost their other hand.
How does this change impact search marketers? GDPR requires EU-bound marketing to solicit freely given consent to track any personal data of those individuals. This includes cookies, Internet Protocol (IP) addresses, email addresses and, yes, conversion tracking.
What is the fallout? Early impacts to paid search marketers are telling. In some instances, companies have seen anywhere from 20-40 percent of all site traffic actively opting into tracking. This means only 20-40 percent of all conversions and revenue generated from these campaigns are attributable back to the dollar that drove the action.
While search marketers working only in North America may think this won’t have a big impact on them, there is reason to believe the United States and Canada may be headed down a similar path. Colossal missteps and high-profile public relations disasters for digital channels (think Cambridge Analytica) create a lot of pressure on lawmakers to strengthen privacy regulations here as well.
Whether we adopt similar regulations this side of the pond, it’s not out of the realm of possibility that there will be some implications. Let’s explore why stateside marketers should stay sharp on GDPR.
Guaranteeing EU site traffic vs. everyone else
Although it is technically possible to only serve opt-in messages to those visiting a website from the EU, there is no foolproof way to ensure all EU visitors see a requisite opt-in prompt, especially if a user is spoofing their IP.
Although paid search practitioners can geotarget users prior to their visit, there is no way of knowing if there is an EU citizen visiting your website from a US hotel, for example. Unfortunately, at this point, the law is so broadly written that it’s not yet certain whether this type of traffic segmentation would be penalized.
Brands everywhere are weighing the potential risks in waters that are still murky, at best. This is likely why we are seeing some companies like Bing/Microsoft apply the opt-in worldwide, no matter what geo the visitor originates from, to mitigate the risk of violating GDPR.
I recently overheard someone say, “The law is so ridiculously broadly written. I think it’s Europe’s first shot across the bow for world domination again.”
Regression in tracking, not in marketing creativity
Marketers in the US may stand to learn a thing or two from those in the EU. These marketers will need to be creative in how they quantify results, as in many cases, they may be directional at best.
While it’s easy to look at the overt downsides of GDPR, some industry veterans like Aimclear (my company) founder Marty Weintraub see opportunity in what he terms the “greatest tech regression” of our time.
Increased privacy policies by big mobile players
Apple is priding itself on user privacy and has strengthened its position on anti-tracking. There is a chance Google gets more stringent with Android tracking. Within hours of the GDPR switch being flipped, Google and Facebook faced near-immediate lawsuits for allegedly not living up to the letter of the law — likely a clear indicator that certain factions will use GDPR to advance strict data privacy viewpoints.
Auction place competitiveness
In the event performance-based marketers shift media dollars to the US based on strict EU regulations, this could mean an increase in auction competitiveness and, as a result, prices.
US adoption demand regardless of the law
Law or no law, GDPR may well reset expectations among privacy rights advocates and wary consumers outside the EU. Market forces could conceivably force businesses to adapt faster than lawmakers can write proposed legislation and get it through partisan-fueled gridlock in Washington, DC.
The General Data Protection Regulation is still in its infancy as a real live set of regulations. Privacy advocates, marketers and big brands alike are sure to poke around the edges and test boundaries. The real impact of GDPR will become clearer once the regs bare their teeth in reality and initial tests run through judicial processes.
That said, anyone who feels GDPR is isolated only to European entities may want to think again. Market forces, lawyers, big brands, privacy advocates, marketers and consumers may well see recalibrations of when, how and where data is gathered and used for marketing.
The reality is that we are seeing a discussion — difficult, frustrating, healthy and important — that will likely establish new terms by which we all operate.
If you’re unsure how your website stacks up when it comes to GDPR standards, take a pass through a free compliance tool like CookieBot.
Opinions expressed in this article are those of the guest author and not necessarily Marketing Land. Staff authors are listed here.