Roy Jeans: why GDPR is a clear and present danger for the media agency holding companies

Those of us old enough will remember the damp squib that was the Y2K scare. At midnight on New Year’s Eve 1999 every computer in the world was apparently going to crash, unprepared for the year 2000 and its row of zeroes in each computer’s programming. The pre-Y2K run-in spawned a mini-industry of consultants – focused on compliance, re-programming, and disaster management.

As the New Year’s Eve seconds ticked away we all waited – some with more interest than others, as certain organisations were more forceful in ensuring that their senior executives were well prepared. The Chinese government, assured by the confident head of China State Airlines that all was ready, insisted that at midnight December 31st 1999 he was flying on one of their planes – by way of demonstrating his Y2K leadership.

Thankfully Y2K passed without incident, no planes fell from the skies, and we all quickly moved on, wondering what the fuss was about and whether we had wasted all the money that we had spent on the army of expensive consultants.

Fast forward to 2018, and we now have a new media industry version of Y2K, the General Data Protection Regulation (GDPR), which kicks in on May 25th. Over the past few months the trickle of mentions of GDPR in the trade press has turned into a mini-torrent, as an increasing number of “experts” and consultants have emerged to tell us how to prepare for this moment. Despite the recent burst of pieces discussing the likely effects of GDPR, it does feel though that it has crept up on some parts of our industry.

For, unlike Y2K, it will have a profound ongoing influence – on how the media industry accesses, stores and uses personal data. It will also allow the EU, for this is a piece of EU legislation years in the making, to wage a proxy war on the Silicon Valley tech giants.

GDPR ostensibly ignores the wholesale tax avoidance that has characterised the tech giants’ international tax planning. Instead, it focuses on how they use or might misuse the data that they have amassed. However, the fines for the most egregious misuse of this data can be as high as £17m, or four per cent of global turnover, whichever is the higher (almost certainly the latter). While the general tenor of the GDPR legislation is more carrot than stick, the stick is a very big one indeed should it be used.

GDPR may be focused very much on the rights of individuals to control their personal data, and to require consent from marketers before it is used, but it follows reasonably quickly on from the other battles that the EU has had with the usual tech giant suspects. These previous encounters have one thing in common that Silicon Valley values above all else – money.

Under GDPR there will be six lawful grounds for processing personal data, and from the marketers’ perspective the two most relevant are probably “consent” and “legitimate interest.” Unfortunately, the UK appears once more to have gold-plated a piece of European legislation in the form of the Information Commission’s Office (ICO), a new UK regulatory body with responsibility for enforcement of this new law. (In the UK GDPR replaces the 1998 Data Protection Act). As with all bureaucrats, merely touching the tiller at odd moments will not sufficiently demonstrate their power, or their ability to further complicate an already complicated issue. For example – the ICO has currently interpreted the GDPR ban on pre-ticked boxes as a means of obtaining consent to also include opt-out boxes as well. This is a tough, and understandably, disputed interpretation of the GDPR intentions, however tough the EU wants to be with Silicon Valley.

The months following on from the May 25 start date will be therefore be a lawyer’s dream, as the twin interpretations of UK versus EU law will be tested. These issues are not theoretical either – to put these potential fines in perspective, the recent Talk Talk data breach fine was £400K, while under GDPR it could have been as high as £59m. When a new piece of legislation potentially increases the financial punishment by a factor of 150, it will naturally create a short-term conservatism in accessing and using personal data – despite what the more bullish companies might be saying publicly.

This, of course, is not the only challenge that media planners and buyers face as the year unfolds. P&G, the world’s largest advertiser, reduced its spend in digital media last year by about $200m, circa ten per cent of its overall digital spend. The main losers here would appear to be precisely the same tech companies in the sights of the EU commissioners who framed GDPR, as well as the agencies planning and buying these campaigns. P&G discovered that ads appearing on social media viewed on a mobile platform were seen for about 1.7 seconds on average. As I client I would not be too impressed if my agency recommended this as a core strand of any media investment.

There is also the related issue of how one creates a piece of copy that works in such short bursts. P&G’s Marc Pritchard (left) has called for greater alignment between creative and media at holding company level to try and solve this problem – amongst others.

Rather like the sub-prime mortgage parcels sold in the mid-2000’s that bundled good mortgages with bad, were then sold on and further diluted with even worse mortgages, there is extreme danger in agencies continuing to buy programmatically using the twenty first century data equivalents of a sub-prime mortgage. Despite all the promises that they are ready, as a client I would reframe my media planning to focus on areas that delivered with more immediate certainty and more measurable ROI. I would focus on out of home, radio, local newspapers and direct mail. I would focus on geography as much as demography, and I would require both clarity in the planning process and transparency in the delivery – of both data, and where precisely the money is spent. In fact, this is what we are seeing as advertisers increasingly focus on the local rather than the general. Again, P&G has led the way in moving away from basic age/gender target audience definitions.

In much the same way that hard copy book sales have increased, and vinyl records sales are again growing, local media offers a genuine and valuable alternative in a world overwhelmed with data concerns. Locally-focused media offers a dual analogue and digital solution that is trackable and measurable. From the bigger media agency perspective though they do not appear to be remotely prepared for this new order – either structurally or intellectually. They also face the twin pressures of potentially being the data principals in law, as well as working out how this relates to their trading strategies with the retargeting industry.

The large media buying groups have placed most of their planning and buying chips on Big Tech, and now face the triple threat of being disintermediated by larger clients going directly to Silicon valley; the legacy of recommending and wasting huge amounts of digital media spend (did P&G‘s sales go down last year?); and now the clear and present danger of bundling tranches of data through third party sellers of this data – opening up the holding companies to potentially massive EU penalties.

The reality of the current pre-GDPR phoney war is that nobody really knows how it will all play out – but the share prices of the larger marketing services companies demonstrates that they are not in particularly great shape to deal with this new landscape. In a battle between the EU, Big Tech and the holding companies the holding companies marshal the least resources. GDPR may well be a proxy war by other means, but it is the holding companies that will suffer the most collateral damage.

Roy Jeans is commercial director of UK local media platform Pintarget.

You May Also Like

About Stephen Foster

Avatar
Stephen is a former editor of Marketing Week and London Evening Standard advertising columnist. He wrote City Republic for Brand Republic and is a partner in communications consultancy The Editorial Partnership.