Europe Deals Blow to Location-Based Advertising
June 19, 2018
Location-specific advertisements delivered to mobile devices have been described as the Holy Grail of the advertising industry. But serving those ads just became more difficult, at least in Europe, thanks to more stringent data-privacy rules recently implemented by the European Union. The new EU rules, which took effect May 25, mean that businesses must now often get a person’s “unambiguous” consent before collecting and processing precise location data from that person’s mobile device. (In most cases, unambiguous permission requires a clear, affirmative action on the part of the user, such as saying “yes, I agree” or ticking an unchecked box that says “I consent.”) To avoid running afoul of the law, which privacy activists say is aimed at helping individuals take back control of their personal information, some companies are tweaking the way they collect and store location data to make it less precise. Others have stopped collecting location data in Europe while they work to comply with the new law, or have exited the region entirely. “There’s certainly going to be a chilling effect on the amount of money that can be spent on location-based campaigns,” says Gil Elbaz, chief executive of Factual Inc., a Los Angeles firm that helps marketers target ads to specific audiences.
More in leadership
Location-based ads have taken off in recent years, as more web traffic shifts to mobile devices. Popular smartphone apps harvest location data from users’ cellphones and sell it to marketers, who then use it to send tailored ads to people, depending on where they are. The new rules, however, will sap suppliers of much of that lucrative location data, which is now classified as personal information under European law and must be handled as such.
Ad-tech firms that help marketers deliver ads to consumers with whom they have no direct relationship, as well as data-warehouse firms that buy location data that may have been collected for different purposes, are expected to feel the most impact from the new rules, which also give consumers the right to know when and where their location data is being processed and for what purpose.
Factual Inc., for instance, relies on streams of location data supplied by smartphone apps to group people into audiences of mobile-device users based on patterns of behavior—early-morning commuter, fast-food enthusiast. Marketers can use those audiences to decide what ads to show people. In preparation for the new rules, Factual audited its data suppliers and concluded that most of them didn’t have systems in place to get the consent needed to comply with the new rules. So Factual stopped collecting location data from users in Europe and plans to rebuild its database from scratch with information from users who have given their “unambiguous” consent, Mr. Elbaz says. “At the end of the day, the only correct decision was just to stop a lot of that business,” he says. U.S. publishers can add controls to their apps that detect whether a user is in Europe and allow them to turn off tracking that would violate the new rules.
Marketers also track people through their mobile devices to determine whether an ad campaign is driving users to specific locations, such as stores, restaurants and movie theaters.
Under the new law, collecting data for this purpose and passing it on to third parties also will require user consent in many cases. “When you’re sharing precise location data, you’re sharing information about a specific individual that could be used to identify them,” says Ari Levenfeld, chief privacy officer of ad-tech firm Sizmek Inc. “We’ll need to muddle location a bit, so that it’s less precise.” In recent years, businesses have poured resources into location-based ads, encouraged by the premise that, eventually, they might even be able to beam coupons to people as they walk by certain stores or restaurants. While that level of precision has proved difficult to achieve, companies spent $17.1 billion on location-targeted ads served to mobile devices in the U.S. in 2017. That represented 38% of all mobile ad spending, according to research firm BIA/Kelsey, which expects spending on such ads to double by 2021. Supporters of Europe’s General Data Protection Regulation, or GDPR, say the new rules are much needed to rein in companies that ping consumer cellphones dozens of times a day to determine their location, and then sell that information to third parties that want it.
They also say the rules close myriad data loopholes that companies have exploited. For example, consumers who download an app and then consent to let that app use their location often agree unknowingly to share that information with third-party data providers working with the app’s publisher.
Lobbyists and ad-tech firms say precise location information, when properly anonymized and stored responsibly, can be more generic than information such as birth dates, salary and IP addresses that companies also mine to target ads, and therefore shouldn’t require the same level of protection. While some companies are temporarily halting operations or pulling out of Europe because of the new data-privacy rules, some plan to test an exception in the GDPR called “legitimate interest,” which lets companies use personal information without asking for consent ifthey can demonstrate they’ve taken other strict privacy measures. But what qualifies as strict is open to interpretation, and regulators have said relying on legitimate interest for online tracking for marketing purposes may not pass legal muster. Violators of GDPR face fines of €20 million (about $23 million), or 4% of their global revenue, whichever is higher. Many questions remain, says Cyril Zimmermann, chief executive officer of French ad-tech firm AdUX, which closed a service that collected users’ location data ahead of the GDPR’s implementation. “Am I allowed to ask for information about your whereabouts every 10 minutes? Every hour? Once a day?” Ad-tech firms, he says, may have to ask themselves, “What is strictly necessary to provide our service?” Ultimately, marketers will be able to reach smaller groups of consumers who have consented to having their location data harvested, which will make that information even more valuable, executives say.
While the new rules also apply to tech giants like Alphabet Inc.’s Google and Facebook Inc.,they are in a relatively stronger position because they have direct relationships with large numbers of consumers, which makes it easier for them to get user consent. They also don’t have to buy location data from third parties because they can get it from their own apps. “Location-based advertising will now have to take place in location-based apps,” says Brian O’Kelley, CEO of ad-tech company AppNexus Inc. “There will be a transition, but it helps keep third parties from abusing that data, which I think is a very healthy thing.”
Mr. Kostov is a Wall Street Journal reporter in Paris.