The European Union's General Data Protection Regulation is a gnarly hairball of regulation; on the one hand, it makes it virtually impossible to collect mountains of data and buy/sell/trade/mine it to a corporation's heart's content; on the other hand, it imposes a ton of expensive compliance steps on its targets like high-cost record-keeping, and it apportions liability to website operators whose advertisers are out of compliance with the regulation.
Here's what that means: obeying the GDPR is hard and expensive; if you use an ad service that screws up its GDPR systems, you can end up on the hook financially for very large damages.
These twin factors -- expensive compliance and liability for publishers with out-of-compliance ad-brokers -- has enhanced Google's business at the expense of its smaller competitors. The massively profitable, dominant Google can easily afford best-of-breed compliance, while the little competitors (including the scrappy Made-in-Europe competitors to Google) don't have the same kind of resources. Some of these little guys just go out of business (or exit the EU market), and the remainder struggle to drum up business as publishers ask themselves whether they're willing to risk costly penalties if their little-guy ad-broker turns out to be out-of-compliance.
But there's good news, too: the amount of tracking in the EU has fallen off a cliff!Making web publishers responsible for the behavior of their ad partners has radically reduced the number of companies a publisher can vet, and thus how many trackers will appear on any given page.
It's an important and timely parable about the way that regulation works in a highly concentrated market. Read the rest
