No More EU Fines? Google Races to Comply with GDPR

After more than two years of saying very little about its preparations for GDPR, Google has now made several changes that reveal how things will change for the rest of the ecosystem. During a call with the IAB Europe GDPR Transparency and Consent Steering Committee, Google disclosed that it has a new tool in beta with some DFP and AdSense customers called Funding Choices. Funding Choices limits the partners a publisher can share consent with to a dozen.

This is a similar consent tool to other Consent Management Platforms like Admiral and Sourcepoint. A full list of IAB-registered CMPs is here.

The Google consent interface greets site visitors with a request to use data to tailor advertising, with equally prominent “no” and “yes” buttons. If a reader declines to be tracked, he or she sees a notice saying the ads will be less relevant and asking to “agree” or go back to the previous page. According to a source, one research study on this type of opt-out mechanism led to opt-out rates of more than 70%.

Google’s and other consent-gathering solutions are basically a series of pop-up notifications that provide a mechanism for publishers to provide clear disclosure and consent in accordance with data regulations.

As a company that began its life as an ad server, we have been struggling to find out whether we play at all in this full-employment scheme for lawyers, since we do not hold data or sell it. The situation is made more fluid because publishers do not have to accept the Google solution, and large publishers like Axel Springer have developed their own CMP technology.

Another announcement made by Google last week seems to have made multi-touch attribution attribution much more difficult, because as of May 25 google will no longer provide DoubleClick IDs for data from its had server and DSP, or Cookie IDs and IP addresses from its exchange.

According to Martin Kihn, Research Vice President for Gartner,

Without these IDs, exported DCM log files can’t be used to determine true reach and frequency or to build MTA models, which are by definition user-level. MTA is not the only way to measure the true impact of ads but is theoretically the most accurate and provides by far the most detailed results.

Of course marketers are scrambling. But didn’t everyone in the industry expect this? This, after all, is the objective of GDPR, to preserve the consumer’s privacy. The consumer does not care about the accuracy of Multi Touch Attribution customer campaigns, and for Google especially there is no other alternative. Google doesn’t really have to care about its ad-serving business (DFP), which it acquired over a decade ago and which is responsible for a very small part of Google’s revenue.

And it’s not as though a company the size of Google can slip under the radar of the GDPR, because it has already been fined and I’m guessing that other than Facebook, Google’s going to be under the greatest scrutiny by GDPR enforcers.

Remember, not everybody has to use Google as an ad server.