SAN FRANCISCO: Businesses engaged in online advertising are taking divergent approaches to a new European data protection law, with some shutting services to ensure compliance while others test the limits of what regulators will allow, a Reuters review shows.
Some major websites continue to deliver targeted advertisements to users in Europe who have not given consent for their personal information to be used, according to advertising industry sources, owners of major websites and a Reuters review of about 10 websites.
Such consent is a central element of the new General Data Protection Regulation (GDPR), but some websites and
advertising software vendors contend that consent can be bypassed legally – and with the law only a month old, regulators have yet to weigh in.
Gabriel Voisin, a London-based attorney following GDPR at international law firm Bird & Bird, said that limited enforcement of consent requirements is enabling companies to push the line.
“Saying 100 percent of ad inventory is properly obtained at the moment is a massive overstatement,” he said, referring to advertising space for sale.
Somewhere between 10 percent and 30 percent of European consumers are refusing to consent to personalized ads when given the choice, four advertising industry executives told Reuters, citing their companies’ internal data.
The stakes are high in Europe’s $22 billion online display advertising market because websites and apps can charge advertisers as much as 10 times more when ads can be targeted using factors such as an individual’s browsing history or precise location.
Companies risk fines of as much as 4 percent of their revenue for GDPR violations.