Here to Stay or Gone in May? How GDPR Will Affect Programmatic Advertising

Becky Doles

This article relates to our Attribution Analytics product, which was acquired by Branch in September 2018 and is being integrated into Branch Universal Ads. To learn more about Branch Universal Ads, please visit


A woman looks at her phone in preparation for GDPR's affect on programmatic advertising.

With the General Data Privacy Regulation (GDPR) coming into effect soon, marketers are hustling to ensure their companies stack up. An uncertain consequence of this new regulation is its effect on programmatic advertising. Advertisers will have elevated expectations to ensure they’ve obtained proper permissions to use personal data for marketing purposes. So what does this mean for programmatic advertisers, who need lots of data for targeting?

Programmatic Advertising: It’s All About the Data

Programmatic advertising is the use of technology to buy and sell digital advertising, as opposed to human ad buyers or sales people. Because algorithms and real-time bidding automate the buying, placement, and optimization processes, this type of advertising is quick and usually cost-effective for advertisers and publishers. However, since programmatic advertising is all about serving the right ad to the right person at the right price, it’s only as good as the data it uses.

Today, programmatic accounts for 81% of total display ad spend. As of a few months ago, eMarketer projected that number to continue climbing. But that could change with the GDPR.

New Privacy Regulations Step Up Penalties

The GDPR will impact all companies that control or process the personal data of EU citizens, even if the company is not located in the EU. This legislation influences how marketers should obtain, store, manage, and process such personal data.

Companies must be explicit in how they plan to use information — and get customer consent to do so. Companies are only permitted to collect data that is “adequate, relevant and limited to what is necessary for the intended purpose of collection.” And companies aren’t allowed to use customer data in a way that’s incompatible with how it’s collected.

In other words, it’s no longer a game of opt-out; now, customers must be very clear on what they’re opting in to first, or companies will face fines of up to $24 million or 4% of annual global turnover — whichever is greater.

How the GDPR Will Impact Programmatic Advertising

In one word: massively.

Research by PageFair and several European organizations indicates that the percentage of users who would grant consent to requests such as “allowing third parties to track your online behavior for the targeting of relevant ads” is a mere 5-20%. And with the GDPR, no opt-in means no dice.

How GDPR will affect programmatic advertising, in a chart


In order to avoid targeting individuals, marketers will have to shift their efforts to focus on segments. For example, marketers could advertise to women who live in Seattle, shop at Nordstrom, and buy coffee at Starbucks, since there are thousands of women who fit that description. But under GDPR, they couldn’t legally add filters so specific that the target audience is narrowed down to an individual woman without explicit end user permissions.

The new regulations also have severe implications for re-targeting. Instead of remarketing to an individual woman, which isn’t allowed without consent under GDPR, marketers could simply track campaign identifiers alongside a counter on a user’s browser, where no personal information is involved.

Companies will also need to pay close attention to where they get information and which partners they trust to comply with the GDPR. If a breach happens, everyone involved is liable.

“In short, these changes show it’s more important than ever to know and trust your business partners.”

– Peter Hamilton, CEO, TUNE

Preparing for the GDPR

To learn more about how the GDPR will impact you and what you need to do to get prepared, attend our “TL;DR on GDPR” webinar this Wednesday, April 25 at 7 a.m. PT / 10 a.m. ET. Register here to save your spot.

In addition, TUNE offers several GDPR resources, such as this comprehensive GDPR summary on what TUNE is currently doing to prepare and how you can as well. If you’re a TUNE client or partner, be sure to review and sign the appropriate Data Processing Agreement. And rest assured that TUNE already meets, or is implementing product updates to more efficiently meet, our obligations as a data processor.

You can also hear what our CEO has to say about the GDPR in this blog post.

Becky Doles

Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.

Leave a Reply