GDPR Sharpens Search Marketers’ Focus On Cross-Device Tracking, EU Site Visitors
Google began working on the European Union’s General Data Protection Regulation (GDPR) compliance more than 18 months ago.
“It’s really important, and we care about getting it right,” Sundar Pichai, chief executive officer at Google, said during the company’s first-quarter earnings calls.
Pichai said Google updated its privacy policies and is committed to meeting long-term requirements on May 25, and the company is working “very closely with advertisers, publishers and our partners.”
When RBC Capital Markets Analyst Mark Mahaney asked whether Google sees GDPR as materially impacting advertisers’ targeting capabilities on Google, Sundar said:
“It’s important to understand that most of our ad business is Search, where we rely on very limited information, essentially what is in the keywords to show a relevant ad or product,” — suggesting that the law will have limited impact for advertisers and publishers.
Gary Kibel, partner at Davis & Gilbert LLP, suggests a slightly different approach. During the MediaPost Search Insider Summit on Thursday, Kibel pointed to cross-device tracking and site visitors from European Union countries as two areas that should be a greater focus for search marketers in terms of GDPR — all because of the data.
Kibel compared and contrasted some of the U.S. laws with GDPR during a presentation at the summit. He said that iin the U.S., privacy, in general, is regulated by the Federal Trade Commission. Privacy law is governed by one concept in the U.S. — unfair or deceptive acts, which have been declared unlawful.
In the U.S., some data is only considered personal information for those who are under 13 years of age. In the EU, it’s all considered personal data.
The GDPR has 99 articles that govern privacy. While the law is in effect now, enforcement begins May 25, 2018. And the penalties for not respecting personal privacy are huge. “There will be some serious teeth if you mess up if the regulators choose to come after you,’ he said.
The GDPR also applies to companies not established in the EU when companies process EU citizen data, such as email service providers and companies that target ads and sell goods.
Much of what Kibel spoke about is also applicable to search marketers. The video of Kibel’s presentation can be found here.