If one key story comes out of the last decade’s history of technology is that devices, and the platforms we access through them, have become central to our lives; the next decade will see both consumers and governments turn to privacy as more questions are asked what platforms are doing with our data.

2019 saw the first year of the GDPR, which came into force across the European Union in May 2018. Just one month later, the California State Legislature signed into law the California Consumer Privacy Act (CCPA), which came into force yesterday, limiting how companies can collect, store, use and share customer data.

In a process that echoes the complacency followed by a mad scramble to the finish line that characterised the months running up to GDPR’s introduction, the ANA’s Dan Jaffe, EVP/government relations, noted how the advertising/marketing/data ecosystem is largely unprepared for an inevitable change in the way consumer data is to be handled in the Golden State.

Criticising the law itself, Jaffe pointed to the act’s ambiguity and complexity, and the resulting impacts that it would have on third party data providers. It’s true that the subject matter is extremely complex, nuanced, and ever changing, but the typical argument that data protection laws will hit companies has some notable detractors.

In the UK, the Financial Times’s digital ads strategy following the introduction of the General Data Protection Regulation appears to have been a formula for success, bringing about a healthy spike in programmatic ad revenue. The risk of data leakage was lessened by removing inventory from the open exchange, and instead selling through private deals.

Demand for guaranteed deals, which allow advertisers to automatically match their data with a publisher’s relevant audience data, but at a pre-agreed fixed price, has been boosted by GDPR.

Though it has meant serious changes in the way of doing business for many companies, consumer attitudes remain hazy. Just 8% of Europeans feel they better understand how their data is used. Meanwhile, according to Pew research, while most US adults (77%) have heard something about how companies use the personal data they collect and most (81%) think the potential risks outweigh the benefits, very few respondents (6%) claimed to understand a good deal of how their data was used. The majority of 59% knew little to nothing.

Nevertheless, privacy will only climb up the list of regulators’ priorities, as many marketers told WARC as part of the research for the Marketer’s Toolkit 2020. For most marketers, however, data privacy measures in their processes remain a work in progress, with 52% of respondents planning further provisions in future. Worryingly, there is still more to do – 14% have no data protection strategy in place, rising to 23% in Asia.

Finally, in March, Facebook CEO Mark Zuckerberg outlined how his company was reacting to the privacy criticisms that have dogged the company over the last few years. Candidly, he writes, “we don’t currently have a strong reputation for building privacy protective services”. WARC reviewed his comments here. This next decade will indicate whether the company is able to adapt to the coming tide.

Sourced from WARC