CCPA and GDPR Effects: A Chat with Kåre Stenild, Head of Product at Semasio
Online users have been getting more conscious about their personal data and how data about them is being collected or shared. In the recent past, several global brands like Facebook have been in the limelight surrounding concerns of how they collect and use their customer’s data.
The newly passed California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. While today’s sales and marketing teams are embracing the need to protect user data, CCPA and GDPR regulations are in place to help maintain user interest. What are the future implications of this? Kåre Stenild, Head of Product at Semasio shares some thoughts.
Welcome to SalesTechStar Kare, tell us a little about yourself and a little about Semasio?
I’ve been in ad-tech since 2008 where I started working for Wunderloop, one of the pioneers of behavioral targeting, with Semasio’s CEO Kasper Skou (Wunderloops’s Chief Product Officer at the time). Privacy in behavioral targeting was already an important topic back then with cookie opt-out, and as GDPR matured, we made an effort not to handle any personal data like emails, names, home addresses, phone numbers or full IP addresses. Wunderloop was then acquired by AudienceScience, where I started working. The focus on privacy was well received in the American company as they worked with global customers like P&G that also took user privacy seriously. With this background, we designed Semasio’s technology with user privacy thought in from the beginning.
Founded in 2010 in Hamburg, today Semasio is active in more than 40 countries and 20 languages, with offices across Europe and in New York, and partners with leading agencies, advertisers and publishers. We are the first and only Unified Semantic Targeting provider offering Semantic Audience, Contextual and Brand Fit Targeting solutions globally that allows brands to seamlessly combine user- and page-level targeting, without depending exclusively on personal user data, thus gaining resilience toward what is happening on the user level.
What are some of the biggest benefits of the new CCPA and what would you say are the top most disadvantages?
Having standards across states is beneficial for the industry and for the key players that take user privacy seriously. CCPA is a little more pragmatic than GDPR and more straightforward to implement. However, I think it’s a disadvantage that CCPA requires us to specifically track Californian opt-out users as we don’t collect that detailed geographical information on users. This requirement made it more cumbersome to implement and is in my mind not that relevant.
How have regulations like GDPR helped both businesses and users, also, what were some of the impacts that were feared by the majority that didn’t really affect things once it was enforced? Given the same sentiment, what would you say here about the new CCPA regulation?
As a precursor to CCPA, privacy measures like GDPR and TCF have helped businesses think twice about what information they really need to store in order to conduct their business. These privacy initiatives have helped ensure transparency of what is collected. Published articles were never really free. If a user was not paying for the product, it is because they paid with their data. However, this transaction was often not clearly communicated to the user and, therefore, data collection got a very negative ring to it. For example, early fears were that B2C databases were about to become obsolete, which is not the case, but now the user is more aware of what is ending up in the database. First-party data is still collected and the added transparency enables the user acceptance of the data transaction as a means of payment for content. The broader awareness of data collection is good, as many publishers depend on this income to keep providing quality content.
A few future implications according to you of this regulation?
We are currently preparing for the new version of IAB Europe’s Transparency and Consent Framework called TCF 2.0, which is the only GDPR consent solution built by the industry for the industry. With the new framework, providers of programmatic advertising solutions (i.e., those who process personal data) are more dependent than ever on the consent of users to process data. This is because in the future they will have to give their consent to the use of their data for various purposes. We predict a decline in the number of users to whom we can deliver personalized advertising and measure success accordingly. How high this decline will be and how it will develop in the coming months after the switch to version 2.0 depends on how the framework establishes itself in the market, what legal requirements we will receive in the future for the design of the query banner and how these will be implemented by the publishers. Initial experiences of our customers from countries where guidelines for the design of the banner already exist show that, for example, consensus rates can drop to as low as 50% if the possibility of rejecting the data usage is designed as prominently as the approval. In the future, a user who has not given consent to the use of his or her data can no longer be included in many scenarios of digital advertising.
Any other thoughts for us before we wrap up?
Being a German-based company, with privacy by design in our DNA, Semasio has always aimed to stay ahead of the game. None of our user profiles contain personally identifiable information (PII) and we are following and complying with the highest privacy requirements of GDPR, TCF 2.0, CCPA, DAA, NAI and others.
This year we went one step further and introduced a Unified Semantic Targeting approach that allows brands to seamlessly combine user- and page-level targeting to react flexibly to any market development.
We analyze the context of a page to understand both the page and the user who consumes it. This means that users who have given their consent for their personal data to be processed can be assigned to different target groups based on their surfing history, and campaigns can be launched accordingly. Users from whom we do not have their consent can be reached directly via the content they are consuming at the time of the advertising playout. Furthermore, the surfing behavior of users who have given their consent can be used as a learning basis to identify pages and content on which the desired target groups can be found, which is a first-of-a-kind Cookieless Audience Extension.
With all this flexibility, audience and contextual targeting is no longer an either-or approach, but rather two sides of the same coin that can be used to target as much on the user level as possible and supplement with page-level as required.