The GDPR hasn’t even been the law of the land in Europe for a full week and it is already causing confusion and chaos in parts of the digital economy.
Here are the headlines you need to know about as the impact of the GDPR starts being felt.
Complaints have already been filed against tech’s biggest names
As we reported separately, an organization called None Of Your Business (NOYB), which is run by Austrian attorney and privacy advocate Max Schrems, has already lodged complaints against Google and Facebook, as well as Facebook-owned Instagram and WhatsApp, with four different European authorities.
The complaints, which are based on the argument that these companies are violating Article 7(4) of the GDPR by forcing users to give consent, are likely the first of many complaints that will be filed to test the GDPR.
ICANN has filed a suit against a domain registrar
ICANN, the organization that runs the internet domain name system, has filed a legal action in Europe against a German domain name registrar, EPAG, which decided not to collect administrative and technical contact details when its customers register domains in the belief that doing so might not be permitted by the GDPR.
Domain Name Wire notes that the legal action looks to be welcomed on both sides, as it will provide clarity on how the GDPR’s rules are interpreted.
The stakes could be significant. If registrars like EPAG stop collecting contact information, it could effectively be the end of the WHOIS system that makes domain registration information publicly accessible. That could be of consequence to a number of interests, such as luxury brands who use WHOIS data to identify and shut down sellers of counterfeit products.
Programmatic ad buying has plummeted in Europe
According to a report published by Digiday, in the early hours of May 25, ad exchanges in Europe saw ad demand plummet by amounts as high as 25-40% in some instances.
The disruption in programmatic markets looks to have been driven in large part by Google, which has told DoubleClick Bid Manager clients to expect “short-term disruption” until it has completed its integration of the Interactive Advertising Bureau (IAB) Europe and IAB Tech Lab’s GDPR Transparency & Consent Framework.
That “short-term disruption” could last weeks if not months, and be painful. Digiday’s sources indicated that “ad tech vendors scrambled to inform clients that they predict steep drops in demand coming through their platforms from Google” and one publishing executive stated, “Revenues and [ad demand] volumes [are] expected to fall dramatically across the board.”
Some publishers have cut off EU ads and users altogether
Due to the hefty fines that are possible under the GDPR and the fact that there’s still uncertainty about how it will be enforced, some publishers have decided to play it safe by not serving certain ads to EU users. USA Today, for instance, removed ad-related tracking code from its site, reportedly resulting in a dramatic decrease in the size of pages served to EU users as compared to non-EU users.
@USATODAY launched a lightweight version of their site for the EU to comply with #GDPR. The US site is 5.5MB and contains 835 requests loaded from 188 hosts. When loaded from France it's 297KB, 36 requests and contains no 3rd party content. And it's a lot faster! #perfmatters pic.twitter.com/2EZTIlGsPd
— Paul Calvano (@paulcalvano) May 25, 2018
Other publishers went a step further by cutting off access to EU users altogether. For example, days into the GDPR’s life, websites operated by Tronc, an American publisher, are still displaying a message to EU users that reads:
Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.
Tronc properties that bear this message include the Chicago Tribune, Los Angeles Times, New York Daily News, Orlando Sentinel and Baltimore Sun.
Not surprisingly, such moves have been met with criticism, particularly from EU regulators. “Everyone had plenty of time to prepare,” Andrea Jelinek, the head of the EU Data Protection Board, told Bloomberg.
While technically true, the chaos and confusion in the days following the GDPR going into effect demonstrate, among other things, just how critical tracking and third-party data is in the digital economy and just how complex it is for publishers to move forward with a diminished ability to use these.