GDPR: Internet Company Ad Revenue at Stake

Collectively called “internet companies,” businesses within the Search Engines and Internet Publishing and Broadcasting industries are headed into uncharted territory. While these industries have been left largely unregulated, new privacy laws are expected to regulate the ability of tech companies, large and small, to tailor ads to specific users. Advertising revenue is extremely important to these two industries; search engine companies generate nearly all revenue from ad sales, while internet broadcasters, including Facebook, YouTube and Hulu, generate an estimated 55.8% of revenue through ads. New regulation is expected to affect companies operating within these two industries, though acting on loopholes may provide some relief.

gdpr privacy laws spending chart

Regulations Affecting the Industry

The General Data Protection Regulation (GDPR) is the European Union’s new privacy regulation, aimed at ensuring tech companies do not have all-encompassing powers over user data. In its simplest form, the regulation requires all companies—including US companies—to provide EU citizens with data-control methods and the ability to altogether delete data from companies’ servers. The GDPR, though affecting a larger population of more than 500.0 million people, was the model for California’s new Consumer Privacy Act (CPA), which requires companies to disclose a wide range on how they collect information on Californians. This includes the purpose of data collection, the type of data being collected and the identities of third parties receiving data. While California’s law is slated to go into effect in 2020, GDPR was implemented at the end of May; Google and Facebook were slapped with billion-dollar lawsuits on the first day of the law’s passage and some companies have even shut down entirely as a result of the new law. Almost all companies with an internet presence, both consumer- and business-facing, are affected by these regulations, but these internet companies will experience the brunt of the change.

In the wake of the Facebook-Cambridge Analytica scandal, the US federal government and state authorities have increasingly scrutinized companies that collect user data. While GDPR applies only to EU citizens, many US companies have publicly pledged to extend protections worldwide. By doing so, US companies are poised to potentially evade increased regulation—or at least elude scrutiny—by the US federal government and state authorities. Additionally, since the EU’s regulation only extends to EU citizens, companies can follow the general framework of GDPR rules worldwide but bypass laws where they see fit. For example, in his testimony to Congress, Facebook CEO Mark Zuckerberg said the “spirit” of GDPR regulations would be extended worldwide, indicating that the technicalities between GDPR and Facebook global policy may not completely match up. While Facebook reversed course and confirmed GDPR will be implemented worldwide, by adhering to the “spirit” or actual regulation of GDPR worldwide, large internet companies may be able to divert media and government focus away from US-imposed regulation, potentially avoiding further regulatory oversight.

gdpr privacy laws infographic

Finding Loopholes

Even as privacy advocates have hailed GDPR has a step in the right direction, since the implementation of the regulation, several tech companies have been accused of predatory behavior. In a June 2018 report, the Norwegian Consumer Council argued that Facebook, Google and Microsoft—the largest social network, search engine and computer software platform, respectively—used deceptive practices to make “privacy intrusive” decisions, even as GDPR was being followed. While this indicates companies can follow the law while still maintaining the status quo, it also points to the reliance on collecting data for advertising and other business practices. As much as the rhetoric signals acceptance of new privacy laws, companies and leaders are nevertheless well aware that, without exploiting loopholes, the GDPR (and laws that follow) will play a negative role in performance moving forward.

As internet companies continue to become more powerful, the calls for regulation will only grow. However, the current relationship between the tech industry and government bodies remains fragile. While laws are being implemented and many argue change is coming, internet companies are not bowing out without a fight; collecting customer data and using it for tailored ads has become an extremely lucrative business, and companies continue to search for ways to adhere to the technicalities of the law while maintaining revenue. Finally, even as large internet companies have been the focus of new privacy laws, the effects will be felt by all companies with an online presence, including those that advertise on the internet.

Edited and designed by Anam Baig.

Industry Impact: Search Engines; Internet Publishing and Broadcasting