Get our latest news by signing up below for follow us on Twitter



Making sense of audience data in a GDPR and Cambridge Analytica world

In recent weeks, marketing strategies that rely on data have come under fire as a wave of scandals has simultaneously hit Facebook.

From accusations of the Russian Government using Facebook ads to meddle with the election to privacy concerns around the collection of behavioral data by Facebook, the company’s CEO, Mark Zuckerberg has had a lot to answer for in his testimony to Congress.

These allegations have occurred at the same time that the European Union have initiated sweeping reforms to data use under the General Data Protection Regulation (“GDPR”), due to come into force on May 25, 2018.

The issue for marketers

The primary issues marketers will be faced with as a result of the GDPR (and potentially in any similar legislation brought into force by Congress) is that the business model of third-party data is now essentially, unlawful – at least in Europe.

Why is this unlawful? What is third-party data?

The reason this is the case is that third-party audiences are large, segmented audiences (typically with millions of users) which are populated largely without the express consent of users who fall within them. Instead, the audiences are formed through aggregated data sets of various sources and then mapped together to existing cookies and device IDs – amongst other strategies. As it is no longer the case that personal information can be disclosed to third parties without consent, and that consent must be expressly collected in the use of cookies, the lawful circumstances under which third-party data may be collected is severely limited.

How reliant are marketers on third-party data?

Third-party data fuels a reasonable portion of the Facebook targeting audiences – from affluence levels based on credit card transaction history to B2B demographics based on Bluekai data. Additionally, third-party data is very heavily used in display advertising through Demand-Side Platforms such as Doubleclick, the industry leading platform in programmatic buying.

Does the GDPR grandfather the use of previously collected data?

The GDPR does not grandfather the use of previously collected data before the date of collection. Companies are going to entirely reset all audience collection data on this date which is why most organizations have moved to become GDPR compliant well beforehand.

What is the solution for marketers who need to scale display and social advertising?

There is really only one solution – first-party data. Of course any first-party data must be collected with consent. Moreover within ecosystems such as Facebook and LinkedIn where users expressly opt-in to having their activity tracked for advertising by various advertisers on the platform, many audiences (that do not rely on third-party data) should be continuously available. A practical example is remarketing audiences.

The business of third-party data brokerage may change to move toward a more GDPR compliant model however this remains to be seen.

Written by Matthew Hammon, Digital Marketing Manager at Sentient Technologies