Europe's new privacy regime is likely to disrupt global digital advertising by preventing companies from using an individual's data unless they have direct consent from the consumer.
The European Union's General Data Protection Regulation (GDPR) doesn't come into force until May 2018, but when it does it will have a profound effect on businesses. The regulation will apply to data about every one of the EU's 500 million citizens, wherever in the world it is processed or stored.
Stephan Loerke, CEO of the World Federation of Advertisers, said, "I'm surprised more marketers have not woken up to the implications of GDPR. The new regulations will be a significant challenge for the ecosystem and it's difficult to forecast how technology will adjust."
Put simply, targeting and tracking companies will need to get user consent somehow. Everything that invisibly follows a user across the internet will, from May 2018, have to pop up and make itself known in order to seek express permission from individuals.
How this will work in practice is unclear. Johnny Ryan, head of ecosystem at PageFair, an Ireland-based ad serving technology company, said, "Companies who create value only by using data and tracking people across the internet will have to find a way to build a relationship with the customer. They will have their businesses seriously disrupted."
Mr. Loerke said, "It will mostly affect companies who rely on third party data, and agency networks that serve ads on the basis of data but don't have a direct relationship with the public."
Driven not just by concerns about marketing behavior, but also by data breaches – such as Yahoo!'s recent admission that a hacker stole information from 500 million accounts – the EU has gone all-out to tackle online privacy with a 91,000-word document that was published in April but is still being digested by the industry.