As GDPR approaches, marketers are moving away from their reliance on third-party data

With the General Data Protection Regulation (GDPR) soon to be in full force, marketers are looking to move away from their reliance on third-party data.

GDPR is a set of sweeping rules that govern the handling of European Union users’ data, no matter where they are located. The deadline for enforcement of the legislation is May 25.

What is third-party data?

First, let’s define what we’re talking about. Every business uses some form of customer data, mostly first-party, which means that the company has collected and stored the data itself. This data is used to manage current customers. But when companies want to find new customers, they use third-party cookies to target and retarget prospective customers across multiple touch points — a practice that some marketers say is already dying.

Omer Artun, CEO and founder of customer data platform provider AgilOne, explains.

“The idea of third-party data basically pulls from two areas,” Artun said. “First, there is the original reason third-party data became important to marketers, which is that they wanted to buy categories of potential buyers based on socioeconomic status, age, income, etc.; in other words, third-party data became important for data append use cases. The second reason third-party data became important was because ad systems became dependent on it. Their business model relies on cookie sharing across the board.”

A definite shift

Mike Herrick, senior vice president of product and engineering at mobile engagement platform Urban Airship, said he’s observed a shift in brands.

“We are starting to see brands turn away from third-party data as consumer concerns for data privacy rise,” Herrick said. “We expect to see that shift continue as companies are forced to rethink their engagement channels and begin to look toward direct engagement tools to reach their customers.”

“The third-party data ecosystem is in danger. We can expect to see smaller ad-tech companies that depend on third-party data go out of business as they struggle to keep up with policy changes or be forced to make major changes to their core business model. The demise of these smaller companies and third-party ad networks will further elevate the Facebook/Google duopoly within the ad ecosystem,” Herrick said.

Alex Krylov, senior privacy analyst at cross-channel solutions provider Cheetah Digital, also recognized the trend.

“[Moving away from third-party data] is certainly a trend that has been snowballing, starting in the B2C arena, over the past 10 years,” Krylov said. “There are many reasons for B2B marketers to focus on organic data collection and engagement. They have enough to worry about: being filtered out of inboxes, wasting marketing spend and missing out on more personal connections, and tarnishing their reputation when the world focused on privacy abuses. GDPR does not need to be a bogeyman for marketers, B2B and B2C, to choose quality over quantity,” Krylov said.

So is it only GDPR driving this change?

Herrick said it was a major motivator.

“This movement was spurred by GDPR, which has played a massive role in how global brands think about and collect data about their customers, and we can expect it to continue as similar regulations are put into place in the US,” Herrick said.

Artun agreed.

“So yes, this is in part due to GDPR. GDPR is binary — a customer deletion request must be honored; there is no wiggle-room,” Artun said. “With an anonymous cookie pooling approach to data, there is no way to be certain a customer’s request will forever be honored. The future will be about controlling data in a way where marketers can be flexible — and first-party data holds the key to this.”

And Krylov said that consent requirements under GDPR will be one of the biggest reasons companies will reconsider use of third-party data.

“If by third-party data, we mean email list brokering and postal-to-email appending services, then we need to look at the interplay of the GDPR and the ePrivacy Directive (ePD) when GDPR comes into effect later this month, “Krylov said. “At minimum, this Batman and Robin duo is expected to increase friction (and stakes) for all parties benefiting from non-organic email acquisition techniques.”

GDPR will replace the EU Data Protection Directive, which is the basis for EU’s current data privacy laws. Later this year, the EU will start to enforce the EU ePrivacy Directive, which focuses on the electronic transmission of data. The ePrivacy Regulation will be finalized later this year, and that includes even stricter rules for consent.

Some third-party data will always be used

Most marketers I talked to, formally for this story and informally for background, agreed that third-party data will remain in some way.

“There will always be a role for third-party data, and the first scenario (data append) isn’t going anywhere. But due to the GDPR, recent Facebook scandals, and the general climate around customer data privacy, ownership, and control, brands are looking for alternatives to cookie sharing, and they’re looking to first-party data to perhaps become this alternative,” Artun said.