Market Trends

Written by The Marketing Team August 6, 2018

The GDPR 2 months on: what has changed?

Back to articles

We are over 2 months into this new GDPR world – but what has changed? Sure, we all received a barrage of opt-in emails around the 25th of May…but what has practically changed since then?

To get a vision of the online advertising market as a whole, we spoke to Matthias Matthiesen of IAB Europe, in our podcast episode below. Matthias is Director of Privacy & Public Policy at IAB Europe, and has been living and breathing the GDPR for several years now!

Listen to the episode and read some excerpts of the transcript below.

If you’re a loyal listener to our ‘Hello Social Ad-dicts’ podcast, you’ll know that we spoke to Matthias a few months ago about the GDPR, prior to it coming in to force. To re-listen to that interview, click here.


IAB Europe

The Interactive Advertising Bureau Europe (IAB Europe) is the leading European-level industry association for the online advertising ecosystem. Its mission is to promote the development of this innovative sector and ensure its sustainability by shaping the regulatory environment.

The organisation recently released a new framework aimed at standardizing the process of gaining consent to collect and use consumer data.

Text previews of this episode



Would you say the GDPR has made much of a difference in online advertising yet?


It should have made a difference. And I think it’s fair to say that many companies have invested significant resources in adapting privacy policies and their products and services, to make sure they comply with the GDPR. Perhaps many of those changes are not directly visible to consumers. There are exceptions to that – some websites and apps have changed the way they provide information to you, how they request consent from you and ensure that you have control over how your data is used. Some services are no longer even available in Europe, presumably because the benefits of being accessible from Europe do not outweigh the costs of achieving compliance. On the business side, the GDPR reportedly resulted in programmatic ad buying plummeting overnight on May 25th, and by now it has made a rather miraculous recovery. And I think the jury is still out on whether, between that plummeting and recovery, the necessary changed have happened, or buyers are taking a little bit of a risk.



What examples are you seeing of changes in advertising practice?


I think the biggest one is that companies are trying to have more in hand to know that transparency has been provided and that consents have been obtained – the kinds of things that the IAB Europe Transparency and Consents Framework was intended to address. I think that is one of the biggest changes that is overtly visible. You can see across the market that consent is being requested and information is being provided in a little bit more of a standardized way. But if you look ‘under the hood’ you will be able to see a lot more standardization than before.



EuropeLooking specifically at foreign businesses with operations in Europe, there have been examples of some ceasing operations in Europe, and citing the GDPR as the major reason. Is that an over-reaction, or a fair reaction, to this new legislation?


It is really difficult to say whether it is an over-reaction or a decision that is justified. In many cases that might just be a simple, cold, hard economic decision. If you are a service like the LA Times for example – I believe that is an example of a website that is no longer accessible from Europe. If you just look at your audience and there is an extremely tiny minority of your total audience that accesses your service from Europe, and the revenue from that audience is just in no relation to the cost of achieving compliance, then I can absolutely understand why you would make the decision to no longer be available in Europe. If the decision to stay out of Europe is because the business practices make it too difficult to comply, or because they have concerns over their ability to comply, it’s very hard to say whether that is right because a lot of it would depend on enforcement. And it is anybody’s guess what that is going to be. Perhaps we will see that it was a very good idea to stay out because enforcement is very rigorous, but perhaps you could have just continued and figured things out as you go.



Facebook_logoWe’ve seen some of the big social media networks removing some targeting options in the lead up to GDPR (for example, Facebook with Partner Categories). For online advertisers out there, in this new GDPR world, do they just need to get used to having less targeting options? 


Fundamentally, I don’t believe that there is anything that was happening before 25th of May, lawfully, that could no longer be done under the GDPR lawfully as well. The difference is going to be how difficult it is to do it. So, perhaps the standard and the hoops you need to jump through are going to be a little bit more difficult, but it should be impossible or outright illegal to do so now, if it was legal before. But that could translate, in the short-term, until we have figured out the best way of jumping through those new hoops, into less targeting options. Or it could also mean less targeting options in the longer term because certain categories of data are just considered to be a little bit too risky.

Subscribe to our Blog

Receive a summary of our new articles once a week