Radical Transparency: Straight Talk About GDPR’s Impact on Mobile Marketing in Europe
Verve CEO Tom Kenney assesses what GDPR means for the major data players -- i.e., Google and Facebook -- and the smaller ones.
One of the ways to think about radical transparency, and this comes from Ray Dalio, is that you take the stuff that we usually don’t talk about and you put it right on the table and you look at it together — as an industry, in our case — and you talk about it and you address the problems that you find.
For example, let’s talk about what’s happened in Europe, now that GDPR is in full effect and enforcement is underway. And, when we talk about it, I fully know that there’s a ton of changes happening on the ground, daily, as I write, but we’ll focus on just one element of the complications that have developed and that I’ve observed.
The upshot is that the giant players — Facebook and Google being their names — have deep enough pockets to take the penalties for instances of noncompliance, should they trigger one, while they figure out the massively complicated compliance landscape. They can in a sense buy the time they need to sort it all out … all the while a ton of the little guys will get smashed by massive compliance fines while they’re still figuring out the complications. Remember, most of us are not organizations of the size that, even if we could budget the estimated $1 million to $10 million it takes to prepare for compliance, are able to then absorb a €10-million or 2 percent-of-worldwide-annual-revenue fine per ding (whichever is higher, and the first examples are already in the billions, as the first filed lawsuits show).
Many will exit the European market before that happens. Or they’ve already left.
This part of the GDPR outcome is pretty close to the definition of ironic: Facebook and Google are among the primary offenders, and they’re also primary targets, when it comes to the data mishandling and breach-reporting that the regulation is intended to control; however, in a very real sense, the duopoly is now setting the pace and tone when it comes to how compliance will play out over time. They can essentially learn, fail, and improve until they get to an acceptable spot while the smaller guys get dinged and fall away.
Looking at the truth about GDPR in Europe, here’s what a little radical transparency can tell us:
GDPR, which is a pro-consumer law — and is totally aimed at doing the right thing by European consumers around personal-data protection — is a law that turns into a broom, and that broom is threatening to sweep away an important part of Europe’s non-duopoly digital marketing contingent. There will be less competition over time and fewer contrarian voices in the marketplace, fewer innovators, fewer consumer-friendly game changers.
Compliance is important and it’s hugely challenging. And even when you’re doing everything right, data and consumer protection is a complicated space. I am an evangelist for first-party data because, unlike, say, third-party exchanges, you start with an ecosystem that is accountable, verifiable, and in almost every way free of the potential for fraud. Even then, unwinding all the various ways that something could go wrong is a huge part of what we have to do, being on the responsible and accountable side of the ad-tech, premium-level programmatic, and mobile marketing fence. The stakes have always been high.
And so, when you think about the multimillion-dollar fines GDPR now dangles over the heads of every upright and pro-consumer company on the European continent, and you add to that the certain knowledge that monopoly players such as Google and Facebook have the bucks to take their time — and their knocks — when your own organization can’t … it’s easy to see why the anti-competitive reality of GDPR, at least in the near term, tempers some of the excitement and promise digital marketing has always associated with the European opportunity. Let’s hope that we can change the conversation and build a better space for competition and, more importantly, innovation, next time we have to navigate a GDPR-like implementation, someplace else.