By Neil Patrick
GDPR isn’t over; it has only just begun. GDPR may lighten your mailbox of spam, but it also has huge repercussions for business that no-one is talking about...
Yes I know. Data protection regulation is a dull topic. But I'm writing about it anyway in this post, because GDPR has some profound and far reaching consequences for everyone.
For the last few months, just about every post about GDPR has been about what businesses need to do satisfy this new set of data protection regulations. And the enormous fines that can be levied upon those who fail to comply.
As the deadline approached, we all had our mailboxes filled with emails desperately begging us to give consent to receive communications from firms we bought things from possibly years ago, or maybe never. Some even from firms that we never knew had retained our email address for their own use.
I am not unhappy about GDPR. It kills the abuse of email for a start. It will force businesses to take a hard look at their marketing, which has been a race to the bottom for far too long. Why would I or anyone else who bought a wheel barrow, tennis racket or dining table want to get emails about more wheel barrows or tennis rackets or dining tables every week for the rest of our lives?
This sort of marketing might get a few takers, but it alienates many more. So most people have ignored these last ditch pleas. The result will inevitably be that our mailboxes will revert to a more modest overloading especially if you are in Europe.
Finally on 25 May, the regulations came into force. There are big repercussions for business and this post outlines some of them. It will change digital marketing activities for the better I hope. It will force brands to invest more sensibly in building real customer relationships. It will also deliver even more power into to a handful of huge global digital businesses.
First it will decimate a huge business sector which almost no-one has heard of
Behind the scenes, GDPR has caused the decimation of a huge industry sector which almost no-one knows about.
The sector is called ad-tech. LUMAscape has made it their business to map this vast and sprawling network of firms who have built their businesses to provide personalised data to those who want to sell us stuff online. And it looks like this (or rather it used to):
Ad-tech businesses mushroomed because the internet’s default business model is advertising. Advertising works on the principle that targeting specific ads at the right people is more cost effective than randomly advertising to everyone. And because our internet browsing data in aggregate is so much richer and more detailed than any other form of data, the people in ad-tech anticipated there was huge money to be made by delivering the data and tools to assist this targeting.
And at first they were right; VC investment and revenues poured into these firms until 2011, since when it has declined. It is absolutely no co-incidence that it was 2012 when the EU announced that GDPR was coming:
The whole ad-tech sector was predicated upon one massively flawed assumption. The ad industry thought that consumers would welcome ‘relevant’ and targeted ads. They forgot or at least ignored that hardly anyone actually likes advertising. We just hate targeted advertising a little less than we hate untargeted advertising.
But pre-GDPR, this dislike of advertising was not enough to stop the exponential growth of the sector. Which ironically gave rise to another high growth sector – ad-blocking software.
Some ad-tech companies have pulled out of Europe altogether. All have effectively had their oxygen of data cut off because post-GDPR, they require positive consent from us to hold and process our data. And almost no-one in their right mind will knowingly grant this consent. According to independent research by PageFair, only around 3% of people give this willingly and many of these are not eager customers, they are competitors, regulators and other snoopers. Suddenly around 97% of firms ‘prospects’ are reduced to zero or as close as makes no difference.
Without active consent, the value of an email address is zero
The targeting data created by ad-tech firms brought about a transformation that no-one liked. Coupled to an email address, this became gold dust in online marketing. Combined with the ability to send emails to millions of people and almost free, the floodgates were opened. It didn’t matter if only 1 in 10,000 people actually took up an offer, because the costs of communicating it were almost zero; it created a free for all and our mailboxes groaned under the strain. Email open and click rates have unsurprisingly been in free fall for years.
This was because many businesses adopted more or less the same flawed model in approaching online marketing. Email addresses appended to other data were key to this. It’s what marketers call the ‘top of the funnel’. This metaphorical funnel has personal data tipped into the top. And prime amongst this data is the email address. This was the data that would enable a business to send us emails to buy more of their stuff. And opting out of retailers’ email lists wouldn’t solve the problem if even one retailer was unscrupulous enough to pass on our details to someone else. Everyone knows this but no-one likes it.
GDPR will change this (at least amongst companies that care about acting within the law). They will be forced to completely rethink how they market themselves online.
Why GDPR will fill Google, Amazon and Facebook’s pockets
These changes will confer even greater power to the tech giants such as Amazon, Google and Facebook. These firms have secured their positions because they have an entirely legitimate reason and our consent to hold our personal data. And because targeted ads are not their primary form of ad revenue. Just look at Amazon's share price surge post the advent of GDPR:
The collapse of the ad-tech sector will create growth at least initially in other forms of online advertising, less emails and less targeted advertising. It will also I suspect lead to less scrupulous firms adopting devious tactics to secure consent to receive emails. The model for this is that at every step of engaging with a business online, we will be faced with craftily hidden email consents. This is in breach of GDPR which prohibits ‘implied consent’, but it won’t stop some people trying to work around it.
An unintended consequence of GDPR is that it has ensured the recovery of Facebook’s share price is complete. A combination of the weakness of the governmental interrogations from the US and EU and the impact of GDPR has enabled Zuckerberg to make a full recovery from the Cambridge Analytica crisis:
This is the unforeseen consequence of GDPR. It has comprehensively disarmed some enfant terribles of the advertising world only to confer more power to a handful of giant tech firms and those who for whatever reason will flaunt the rules.
I still think GDPR is actually good news for business
Most businesses are sitting back now breathing a big sigh of relief that they have completed their GDPR compliance project. Thank god that’s done. But it’s not. It’s not even started really, because now the challenge is how to grow businesses online in a post-GDPR world, where suddenly they have consent to email just a tiny fraction of the people they used to.
Businesses need now to take a hard look at their online strategies. The lazy marketers’ fall back of emailing thousands of people with offers is finally dead. Now it’s time to get back to real marketing and figuring out how to make your customers really love you online.