Bench’s Commercial Director, Esther Carlsen, sat down with IAB Australia’s CEO, Gai Le-Roy, for an insightful conversation this week. We dive into what’s at the heart of all the privacy and data changes happening in the industry and what it means for marketers, publishers and tech platforms.
Esther Carlsen: Let’s start at the very beginning – why has consumer privacy and all of the data reforms that we’ve seen globally, happened in the industry? How did it start and what were the triggers?
Gai LeRoy: In my opinion there were two main triggers. One was the fact that globally, different governments’ privacy policies were not built for the digital age. By that I mean they were not built for an age where so much personal consumer data is being collected and shared, not just in advertising, but across many different sectors. At the same time there were a number of incidents that alerted the importance of data governance. The most famous being the Cambridge Analytica data breach. This alerted both regulators and consumers to the amount of data being collected, the type of data and the ease in which it can be shared. Scrutiny really came to the fore, particularly around the protection of consumer data. The time was right for regulatory reform.
Esther Carlsen: Who led the charge? And why? What has Australia’s reaction been to that?
Gai Le Roy: Europe led the charge. They’re often the most assertive when it comes to different types of regulation. This hasn’t been simple, even though there is one European policy that has been implemented, each country has its own privacy authority who interprets it differently.
The way Australia has reacted has been a little bit slower than we probably initially thought. We have been watching what’s happening around the world, which is a good thing for the Australian market, because we can learn from what’s worked and what hasn’t in other markets. The current status is that there has been an issues paper released by the Attorney General’s department that asked questions of the industry and interested parties: What’s going to work, what doesn’t work, what’s broken, what’s not working? And they are posing these questions to any interested parties, so that is likely to include both industry and consumer advocacy groups.
I would say that our regulators probably do look at GDPR as the primary piece of legislation to reference at least initially. We still have a way to go in terms of seeing any of the privacy legislation change so it’s really important for marketers to still be very aware of the current privacy regime, which is the Australian Privacy Act. And our privacy principles, which were updated a few years ago. Even though there’s a lot of talk in the market that we don’t have to do anything until there is a policy in place, there are still a lot of people who collect, sell, handle and access consumer data, who are not necessarily across all the details of our current regulations.
Esther Carlsen: How quickly do you think before it’s going to start impacting in Australia? What are your predictions?
Gai Le Roy: I think we still have a couple of years until anything is actually legislation. It’s still very much in the consulting phase and we’re not at the point where there are hard recommendations from the government. Even when we get to the point where the government designs the legislation, most governments give the industry a period of time to prepare. But the one lesson we did learn from GDPR is, and I guess it’s human nature, is to not leave everything to the last minute.
Esther Carlsen: Is it safe to say then that whilst it’s not here yet, and it’s not something that is mandatory in Australia, that because many businesses here are global operators it’s something they should be preparing for now?
Gai Le Roy: Absolutely! The reality for many local businesses that some of their customers are outside of Australia. There’s a myriad of different markets with nuances in the ways in which they are approaching privacy reform and regulation. California at the moment has gone live with CCPA, which is quite different from GDPR, whereas India for example looks like it is going to surpass GDPR. If you are a business collecting first party data, I think it’s about being aware and staying across the different markets that are relevant to you.
If you are less hands on with data, it is important to make sure that you’re working with vendors that have an understanding of the nuances and developments globally.
Even though GDPR is probably the most referenced policy and the one that’s been in market the longest, you can’t just assume that it’s going to work for every market. In Australia one good thing about going later is hopefully we can design the consumer experience a little bit better. I think everyone visiting a European site, which has an opt-in policy, would agree that the myriad of cookie announcements that you have to manage is generally not a great consumer experience. Whereas in the States, they have gone with an opt-out strategy. So it’s basically, a “do not sell my data” notification, which could be quite attractive for a lot of consumers if the value exchange is not clear.
Designing clear consumer messages, gaining consumer trust, and working with partners that have a strong knowledge of data tech, governance and commercialisation.
Esther Carlsen: That leads me into the next question. A lot of the changes that are happening in our industry are driven by big tech. And so from that perspective, what has been their response? And what’s your view on the changes that they’re implementing?
Gai Le Roy: Obviously the larger the company the more resources they have to change and get on the front foot. So there’s a reason why big tech is leading the charge.
However it’s really different for Google and Apple. For Apple – their primary source of revenue is hardware, not ad revenue, and they’ve developed consumer privacy as a USP. Consumers feel like they’re in their court and they’ve done a very good job of positioning themselves this way. They still need data but are able to adopt the changing rules around privacy with less impact to their core business. Google is different. Advertising is the main source of revenue for Google, whether that be their own properties – search, YouTube, etc, or their relationships they have with pretty much everyone else in the industry from a marketing technology point of view. They therefore have a lot to lose and need to still consider industry needs while still implementing a privacy first regime.
They have to be very much on the front foot in terms of consumer privacy when managing data and identity, and have recently made some pretty big announcements in relation to targeting and measurement once third party cookies are blocked in the Chrome browser.
Google is at the heart of digital marketing campaigns for many organisations. So the changes will affect how campaigns are managed from a targeting point of view as well as managing frequency, reach and assessing effectiveness.
Esther Carlsen: This brings us on to how, as an industry, we deal with that. From a media publisher point of view, it’s quite interesting. Publishers who have great content and great 1PD are in a strong position.
It’s going to be tougher on the agencies and advertisers who are trying to pull together all the pieces of the puzzle. What do you think that will all mean?
Gai Le Roy: I think it’ll do a few things. The major platforms will continue to have a very strong position as they’ve got first party data and they have got broad reach. A lot of publishers have refocused on a first party data strategy and identifying strategic partnerships. We may see groups of like minded publishers come together, as they have done in the UK through Project Ozone. The smaller publishers and niche players will really have to clearly articulate their position and help marketers understand the impact of their environment as we see context becoming increasingly important.
Mid and small publishers who offer amazing consumer value need to be easy to access , as well as offering advertisers a way to assess that investment. That’s top of mind for me to make sure that there is still diversity in voices from a content point of view and how we make it easier for agencies and publishers to measure across, without it being too onerous for them to buy.
Esther Carlsen: From an IAB perspective, you responded last year (although it feels a lot longer than a year ago) with Project REARC. With everything that’s happened since, can you explain REARC and how your response has evolved?
Gai Le Roy: The philosophy hasn’t changed. Project REARC was set up 12 months ago to try to help the industry navigate a post third party cookie work. I think the project got misunderstood early on in that it was going to be the IAB leading the charge in creating a new identity solution. It was really never intended to be that – it was a project to work out what was needed in the market,what was technically possible and what would suit a privacy first world . It brings together the tech guys, the policy people and the businesses and focuses on the open web.
Esther Carlsen: It was never a ONE solution. It was a “let’s all get together and start working on the solution. Right?”
Gai Le Roy: The people at Tech Lab at the moment are basically kicking the tires on a whole lot of different identity solutions that have been brought to them, including probably the most high profile ones – The Trade desk with the Unified ID 2.0 and of course the Google solutions and approaches
Overall, we’re rolling with the punches at the moment. There are a lot of people busily working away on various different solutions and Tech Lab has developed a framework that they will use when assessing different solutions.
Esther Carlsen: So what would your message to our local marketers be?
Gai Le Roy: It’s still all in play, and solutions are still in development, and everything’s being tweaked for the new announcements that come out. The industry will solve for some of this, and not all of it.
It’s important as a marketer to start understanding the things we’ve talked about. Namely:
I’d recommend that you make sure you’re across the current regulation. Charges for data breaches were increased a couple of years ago, don’t just wait for a tougher regulation. So don’t just presume that you’re doing all the right stuff. Talk to a range of vendors. And ask them the questions of how they’re dealing with this. And what their mitigation plan is if something changes. How well resourced are they to pivot?
And finally if you are dealing directly with consumers, understand what your brands’ trust levels are with them and work out how to improve this.
Consumer trust will be imperative for success.
Esther Carlsen: So everyone’s asking what’s next?
Gai Le Roy: There are three key changes in regards to timing:
I’d add that the measurement piece from a marketer’s point of view will be trickier but it does offer opportunities for new cross channel marketing and measurement. I’m hoping there’ll be some really smart data companies / research companies that build attribution models for a new world that have old school thinking in a much more flexible and affordable way. There’s a real opportunity here.