One Year Later: Understanding the Impact of the GDPR

Industry Trends

One Year Later: Understanding the Impact of the GDPR

4 Minute Read |

Courtney Reich

Courtney Reich
Content Marketing Manager

This past year has been all about consumer empowerment. Internet users are advocating for more control over the use of their personal data, and regulations are being put in place to give them just that. It was one year ago that the General Data Protection Regulation (GDPR) went into effect, requiring data collectors to clearly inform users on how their data is collected, used, and shared. Most importantly, this regulation requires data collectors to obtain a clear opt-in from consumers to share data. Now, one year after the initial implementation, we are taking a look at how the GDPR has changed the mobile advertising industry.

What Was the GDPR Again?

The GDPR was created to give users in the European Economic Area (EEA) more control over their data. Under this regulation, companies that collect user data must acquire informed consent from their users. This means gaining clear opt-in consent from their users in order to collect, use, and share their data. For a clearer understanding of which companies this regulation applies to and which are exempt, check out the flowchart below.

What’s Happened Over the Past Year?

Severe violations of the GDPR could result in a fine of up to €10 million or 2% of the company’s global annual revenue from the preceding financial year, whichever is higher. The first news of fines being levied against non-compliant businesses came in early 2019, the largest and most notable of which was when the French supervisory authority, CNIL, identified infringements by Google. The main themes of these infringements came down to Google’s insufficient transparency and vague consent agreements. Currently, Google is appealing the fine.

Other key facts:

  • 76,000: Number of complaints submitted to Data Protection Authorities (DPAs)
  • UK: Country with the most GDPR complaints filed with national DPAs
  • Ireland: Country with the most complaints filed per capita
  • 29,000: Number of data breach notifications submitted to DPAs

How Did This Affect Mobile Advertising?

When the GDPR went into effect in May 2018, it set off a whirlwind of confusion as many companies scrambled last-minute to achieve compliance with this strict regulation. Although achieving GDPR compliance is a huge hurdle, app publishers that have taken the appropriate steps to achieve compliance have benefited greatly in the post-GDPR landscape.

In our H1 2018 Global Trends in Mobile Advertising report, we noted a steady increase in GDPR-compliant ad impressions as more and more publishers gained consent for their mobile inventory. In the first month following implementation of this regulation, mobile ad spending for compliant inventory increased 6.5X. Then, as reported in our H2 2018 Global Trends in Mobile Advertising report, the level of mobile ad spending for compliant inventory rose to over 20X six months after the GDPR went into effect.

Another post-GDPR trend observed on the Smaato platform was the rise of eCPMs month-over-month within the EEA. This is a classic example of supply and demand: After the volume of compliant inventory dipped post- GDPR, the demand for this inventory greatly increased — resulting in rising eCPMs.

According to a recent survey, the majority of UK internet users (65%) consider the GDPR to have not affected their experience with brands. 27% of users said that the GDPR has positively impacted their experience with brands. This is because the GDPR has motivated companies to reevaluate their processes for collecting and processing data, and this has built additional trust between companies and users.

What’s Coming Next?

With new data laws such as the ePrivacy Regulation and the California Consumer Privacy Act (CCPA) on the horizon, transparency and privacy will continue to be key themes in the mobile advertising industry.

Restrictions to user tracking are already happening with Apple’s Intelligent Tracking Prevention (ITP) and Firefox’s Enhanced Tracking Prevention (ETP). And as announced at Google I/O, the Chrome browser will also be adding cookie controls to make it easier for users to block and clear third-party cookies.

Luckily, in-app advertising is already immune to these new restrictions. And as Smaato president Arndt Groth wrote in VentureBeat, artificial intelligence (AI) has the power to more effectively target advertising and reduce the reliance on personal data. “If an advertiser can reliably identify a consumer type based on online behavior, then the advertiser does not even have to know who that person is in order to deliver the optimal ad,” writes Groth, “That’s the power of AI and its next-gen learning capabilities. It will be able to determine tendencies and recommendations from users’ online behavior, thereby generating ads that are perfectly created and placed.”

The good news is that giving consumers more control over their data builds trust between consumers and companies. Those within the ad supply chain that took the steps to early GPDR compliance and are staying on top of new regulations will come out on top in this new advertising landscape.


For further information, please visit our GDPR webpage.

Disclaimer: The information on this webpage is for general information only and does not constitute legal advice. Please consult your own legal professionals if you seek advice on specific interpretations and requirements of the GDPR.

Recent Blog Posts

Interview about CTV and addressability with Davide Rosamilia, ID5 Addressability

Addressability in CTV: In conversation with Davide Rosamilia, ID5’s Director of Product Management

Demand Side Platforms

Ad Tech Privacy: How DSPs are Navigating the Evolving Landscape

Smaato - DMEXCO 2023 Company News and Events

6 reasons to connect with Smaato at DMEXCO 2023

Audience targeting and target audiences are not the same thing. Audiences

All About Audience Targeting: Big Wins for Marketers, Consumers, and Publishers