LONDON (Reuters) – Europe’s new data privacy law has put a small army of tech firms that track people online in jeopardy and is strengthening the hand of giants such as Google and Facebook in the $200 billion global digital advertising industry.
The General Data Protection Regulation (GDPR) brought in by the European Union in May is designed to protect personal information in the age of the internet and requires websites to seek consent to use personal data, among other measures.
The ability to track internet users has attracted hundreds of companies that harvest and crunch user data from websites – with or without the consent of the site owner – to form very specific individual consumer profiles.
GDPR poses a challenge to those groups because they all need consent to use the data. While sites often request consent on behalf of the ad tech firms they use directly, uncertainty over whether every link in the supply chain is GDPR-compliant is pushing some to leave Europe altogether.
Concerns about GDPR should, however, benefit Alphabet’s Google and Facebook as their loyal customers are more likely to give consent to carry on using sites, allowing the US giants to keep amassing and analysing vast amounts of GDPR-compliant data that advertisers will pay to use.
Big publishers such as national newspapers are also likely to keep their readers and believe they can benefit by eventually charging advertisers more for online slots in the knowledge they are compliant with the new EU rules.
Personal data can then pass through a dozen or more ad tech firms before a company or ad agency bids at an auction for space on the website and an advert is loaded. It is that spread of personal data that risks breaking the new EU privacy law.