At the beginning of 2022, big news came from Belgium: the Belgian Data Protection Authority (GBA) determined that the IAB Europe is held responsible for the Transparency & Consent Framework (TCF) that violates European privacy rules. This then led to conclusions from various quarters: is this the end of personalized advertising? What did IAB Europe actually do wrong and more importantly: what else is possible?
To understand what's actually going on, it's good to know what the Transparency & Consent Framework (TCF) actually is. The TCF (version 2.0) was launched in 2019 published by IAB Europe. IAB Europe is the trade association for European parties that are active in digital marketing and advertising. The goal of TCF is to help advertising parties comply with applicable privacy obligations, such as transparency and consent under the GDPR. All this in the context of personalized advertising, which often involves multiple parties.
Thanks to the TCF, for example, with a cookie consent banner such as Cookiebot's, you have the option to add this clearly. Indeed, part of the TCF is that all of a party's advertising partners must be transparent. This is because many advertising networks use many partners, not all of whom name the display network, for example. That sounds like a good, transparent development. But what would be wrong with it?
The GBA has judged that the TCF is at various points in conflict with European privacy legislation (the General Data Protection Regulation) or AVG). The most important point the GBA makes here is that the GDPR requires that information be provided in a”transparent, understandable and easily accessible form”. According to the GBA, the information in the cookie banners (based on TCD) does not comply with this. In addition, the information provided is too general. As a result, it is impossible for internet users to know which parties the personal data is all shared with and for what purposes this is. This is particularly problematic because there are so many parties in the ad network ecosystem that it is difficult for an internet user to comprehend.
The cookie banners under TCF do contain a list of all advertising partners, but at most an average internet user will recognize “big” parties such as Google or Amazon. A display party like Criteo is already less known. Especially because, like many, Criteo uses several, sometimes dozens to hundreds, of other advertising partners with different names. The question, however, is whether such a long list could be made more transparent or understandable in any way. The IAB obviously disagreed with the GBA's opinion and is therefore appealed against the fine.
Soon after the GBA ruling, the Dutch Data Protection Authority (AP) with the Declaration that the advertising industry must stop following internet users online immediately. This announcement also led directly to critique from the industry. To say the least, it's amazing that the AP announced its position via the media, but there's nothing about it on their own website. That is why it is strange that the AP is “immediately” demanding a stop to follow Internet users online, while the GBA gave two more months in the ruling to draw up an action plan to implement measures. As part of the appeal against the ruling, the IAB also asked for the two months to be suspended. So it may take a while before there is clarity. The outcome of the appeal is still awaiting, but should the IAB be right, it could theoretically go on for years.
Although a final ruling may take a while, the above does fit into the picture of our time. In the fight that is currently being waged against the large-scale sharing of data for advertising purposes, as it is currently happening. In 2018, for example, the GDPR tightened the information and consent requirements, but it seems that this has not had much effect yet. Although it led to many pop-ups and cookie banners, that mainly has the effect that users click on the button they are being sent to: the big green button with “I give consent”.
Overall, the current structure of retargeting ad parties is difficult for many internet users (many different partners in a network) to understand. This also makes it difficult for websites to clearly inform about what will happen to the data. In short: although the IAB is appealing against the GBA's ruling, structures that are both difficult to understand and explain will be critically examined.
In recent months/years, there has been more going on in the world of personalized advertising. For example, it increasingly looks like third-party cookies (which many advertising platforms use) are going to disappear altogether (we have had one before) blog published about). In addition, in recent months, it has also been increasingly asked what should be done with Google Analytics. It would also not comply with European rules and should even be banned. This' problem 'may also provide the solution with the final announcement of Google Analytics 4. This can cause more parties to ignore Google (Analytics) and go for other analytics tools. But there is a good chance that companies like Google will make adjustments to remain compliant with European rules, instead of web shops adapting (read: no longer using Google Analytics), and they will lose many users.
Those who read this story may not see a bright future in attracting visitors to the webshop with online advertisements. But there is still plenty possible to stand out in the market and thus get visitors to your website who can eventually convert.
At Yellowgrape, we have been happy to work with a Customer Data Platform (CDP) for our customers for years. Looking to the future, we believe that the use of a CDP is crucial. In addition to onsite personalization, a good CDP (such as Squeezely) also offers a good option for cross-channel personalization through a good audience builder.
With a CDP, you can not only log and deploy the data of your website visitors, but also add your existing customer and order history. This creates a good data base for personalization, for example. If it will be made more difficult to target visitors elsewhere on the web in the future, you can do this on your own site with a CDP. For example, you can use personalized offers or recommended products. Of course, you can also provide logged in customers with a personal approach. You should not force a login to your site, but rather make it attractive, for example by letting customers save their favorite products or settings. This allows you to know who is visiting your site, so you can also target your own site in a targeted manner.
Based on your first party data (for example your own customer/order data), you can also easily create segments or audiences using a CDP. For example, you can segment all customers who viewed a certain product group but haven't converted yet. You can still sync this data to other advertising platforms, but this 1-on-1 targeting will disappear. With these audiences, however, you can create a look-a-like segment based on the general characteristics of the group. You can then use these segments in various advertising platforms. So you no longer use a visitor's individual data, but you can target general characteristics.
In addition, in the world of online advertising, we are already seeing a shift towards contextual targeting. Among others Critero is working on this. With contextual targeting, you no longer use data from individual visitors, but focus on content on pages or sites that match the ad. For example, promoting smartphones on a site about smartphones. Or an ad for snow chains on a page about winter sports or winter tires. So you can still advertise in a targeted manner without using user data.
As described earlier in this blog: it may be a while before a final ruling on the use of TCF will follow, but it is important not to wait for this. After all, you can already get started with a first-party data strategy and use look-a-like segments for ads, for example. If you want to know more about this, please contact us.
