As part of The Drum’s Deep Dive on Data & Privacy, Christian Eustermann (legal counsel, Remerge) explains how the ever-changing landscape of data regulation has impacted mobile advertising campaigns and the way that online marketers are adapting their approaches towards a privacy-compliant future.
The shift towards data privacy has led to operational changes that impact both data-rich companies & their advertising partners
From shopping and socializing to work and entertainment, our day-to-day activities are increasingly fulfilled online. The pandemic has only accelerated the growth and influence of the digital economy, and with it our online footprints have become deeper and more valuable than ever. For marketers, consumer data plays an essential role in improving the effectiveness of online advertising campaigns, but it’s also a highly sensitive topic. Misuse of consumer insights can pose a major privacy risk and a whole host of legal implications that marketers need to be aware of.
How does regulation and user privacy affect in-app advertising?
In recent years, consumers have become more conscious of how their data is collected and used across the internet. Along with the introduction of stringent new data privacy regulations, (such as GDPR in Europe), businesses have also been forced to rethink the way they process their customer’s data. For owners of iPhones running on iOS 14.5 and beyond, Apple has taken things a step further. Users are now asked to choose whether or not they wish to opt into the sharing of their personal data every time they download an app. Those who opt out no longer have their unique device ID shared with advertisers, which anonymizes their data and makes them impossible to retarget with personalized ads.
With consent back in the hands of consumers, a sizable portion of iPhone app users are unsurprisingly opting out of sharing their personal data. However, statistics from October 2022 show that of the available in-app ad placements for iOS devices, 65% were still ID-enabled, meaning that a substantial number of iOS users remain identifiable for in-app retargeting campaigns. While such prompts to opt in or out of data sharing do not yet apply to Android users, the overall shift towards data privacy has led to major operational changes that not only impact data-rich companies, but also the advertising partners they work with.
How do mobile advertising partners help you advertise and what are the risks?
Mobile advertising partners continue to play an important role in helping businesses navigate the nuances of in-app advertising, from user targeting to optimized bidding processes that ensure your ads engage the right people, for the best possible price. To execute these campaigns, however, mobile advertising partners rely on the first party data of their clients, which makes it incredibly important for both parties to comply with data privacy regulations. The clients who are the first touchpoint for collecting their customer’s data are (according to GDPR) ‘data controllers’ because they determine how and to what extent the data is used.
Mobile advertising partners can also be data controllers, but they too require consent from their clients’ customers. Whether they become a ‘joint controller’ is ultimately established with the client in the ‘data processing agreement’. However, allowing a third party (such as an advertising partner) to take control of a clients’ first party data comes with its own risks. Doing so would allow the advertising partner to determine how the data is used, which could be done to further their own agendas rather than those of their clients. An example would be if the advertising partner used one client’s customer data to improve another client’s campaigns.
What should you look for in a mobile advertising partner?
In today’s landscape, one of the safest options is still to work with a privacy-safe mobile advertising partner who takes on the role of a ‘data processor’. GDPR defines this as the authority that processes user data on behalf of the controller, and actions upon the data only under the controller’s instruction. When an advertising partner acts as a data processor, they are no longer allowed to determine what the data is used for. This guarantees the controller, (or rather the client), greater operational transparency and tighter protection of their customer’s data because the advertising partner cannot leverage the data for personal benefit.
Few know this better than Pan Katsukis, founder and CEO of Remerge, a Berlin-based adtech company focusing on in-app advertising and ranked as the top retargeting player after Google and Meta. Speaking on the latest industry attitudes towards privacy, he explains:
“It’s a huge opportunity for disruption in the marketing world and I’m super excited to be a part of it. At Remerge we are data processors which is the highest privacy class under GDPR. We never mix data between customers or create user ID graphs. Nor do we use or store data with third party cloud services. We have our own bare-metal server infrastructure to maintain control of the data and serve that privacy need for our customers. With Google also changing its framework to privacy-friendly solutions in 2024, privacy-first processes and infrastructure will be essential to creating value for brands and their mobile advertising efforts.”
For more on how the world of data-driven advertising and marketing is evolving, check out The Drum’s Data & Privacy Deep Dive.