Alphabet Inc (NASDAQ:GOOG)
Historical Stock Chart
1 Month : From Jun 2019 to Jul 2019
By Nick Kostov and Sam Schechner
Europe's new privacy law appears to be helping tech giants -- for now.
The General Data Protection Regulation, or GDPR, which went into effect across the European Union last year, has pushed marketers to spend more of their ad dollars with the biggest players, in particular Alphabet Inc.'s Google and Facebook Inc., ad-tech companies and media buyers say.
One year on, how different countries will enforce the regulation is still being determined, and experts say that a uniform standard for the use of data in digital advertising is unlikely to materialize for a number of years. That's pushing some firms to concentrate their digital ad budgets with fewer tech giants, whom they trust not to run afoul of the rules. Violators of GDPR face fines of up to EUR20 million (about $23 million), or 4% of their global revenue, whichever is higher.
The rules have also made it harder for third parties to collect lucrative personal information like location data in Europe to target ads. This gives the tech giants another advantage: They have direct relationships with consumers that use their products, allowing them to ask for consent directly from a much larger pool of individuals.
"GDPR has tended to hand power to the big platforms because they have the ability to collect and process the data," says Mark Read, CEO of advertising giant WPP PLC. It has "entrenched the interests of the incumbent, and made it harder for smaller ad-tech companies, who ironically tend to be European."
In the longer term, however, it remains to be seen whether the law is going to force a substantial change in Google's or Facebook's business model in a way that could loosen their grip on the digital ad market, such as by restricting their ability to collect or employ their users' personal data. A series of cases filed against Google and Facebook in Ireland and in other EU countries could result in rulings that portions of their core advertising businesses are in violation of the EU law.
French data regulator CNIL fined Google EUR50 million -- the biggest penalty so far under the new EU privacy law -- charging the company with "lack of transparency, inadequate information and lack of valid consent regarding ads personalization." Google is appealing the decision. Ireland's Data Protection Commission, which says it now has 11 investigations open into Facebook Inc. units, last month also opened an investigation into Google over how it handles personal data for the purpose of advertising.
A Facebook spokesman declines to address GDPR's impact on the company's market position. But Facebook Chief Operating Officer Sheryl Sandberg at a conference in February, said: "The truth is it's actually easier for big companies like Facebook, or other big competitors, to put in place things that adhere to regulation than it is for startups. If I think back to Facebook 10 years ago, GDPR would have been much harder for us then than it was now."
A spokesman for Google declines to comment. In the past, the company has said it has invested significantly to comply with the GDPR.
Specific data on the impact of GDPR are hard to come by, but some analysts point to Google and Facebook's revenue as a reference point. In 2018, both appeared to have outgrown the digital advertising market in the region, according to a comparison of company filings with regional estimates, suggesting they continued to gain share. Facebook's revenue from ads shown in Europe rose 40% in 2018. Google's revenue in Europe, the Middle East and Africa -- the vast majority of which comes from advertising -- rose 20% last year.
By comparison, Europe's digital advertising market grew by only 14% over the same period, according to estimates from IAB Europe, an online-ad trade group.
"Anecdotally, Facebook and Google benefited, and what we see in the data reinforces that," says Brian Wieser, strategy chief at WPP's media-agency conglomerate GroupM.
Meanwhile, some smaller firms have faced obstacles in the EU. Before the GDPR went into effect last year, Los Angeles-based location-data firm Factual Inc. stopped offering some of its services in Europe because executives didn't think the company would be able to gather data with proper consent from individuals. A year later, those products are still on pause in Europe, while Google and Facebook -- which have direct consumer relationships -- offer location-based advertising services.
"GDPR put more power and more control into the hands of the duopoly," says Brian Czarny, Factual's chief marketing officer, who says his company is only now preparing to reintroduce suspended services in some EU countries. "They have the ability to collect a lot of data from their apps and the ability to weather the legal side of things as well."
Paris-based Teemo, which uses location data to help marketers target their ads, was one of the first companies to be rebuked under the GDPR. France's privacy regulator ordered the company to stop processing individuals' location data without their informed consent. The company has been rebuilding its business to be compliant with GDPR. While it is growing, revenue from its data business isn't expected to reach its pre-GDPR level until this summer, says CEO Benoit Grouchko.
"If you work with a small data company, it's not as reassuring," Mr. Grouchko says. "With Google and Facebook you know you're not taking a risk as an advertiser."
The marketplace is still waiting on a set of high-stakes decisions by regulators that will show how they plan to interpret the GDPR -- and how courts will handle likely appeals. A new series of complaints by privacy activists allege the machinery that drives real-time bidding for online ads based on users' behavior is a violation of the law. Other complaints allege that the consent users are giving to some big companies isn't "freely given" as the law requires. If regulators and courts agree, that could lead to much broader impact.
Alessandro Acquisti, a professor of information technology and public policy at Carnegie Mellon University in Pittsburgh, says it is too early to tell whether the GDPR will end up favoring big players -- or whether it will weaken their businesses, making them easier to topple.
"We should be extremely cautious about distinguishing between short-term effects and long-term effects," he says. "Until we see how cases will be litigated and their outcomes, and until we do empirical studies about downstream impacts, there is no way to resolve these opposing claims."
Regardless of the impact, it is likely that U.S. advertisers will have to contend with similar rules soon. The California Consumer Privacy Act is set to take effect next year, and lawmakers in other states have proposed enacting similar regulations. Tech companies and a growing number of legislators have expressed support for federal legislation, too.
L'Oréal SA's chief digital officer, Lubomira Rochet, says the cosmetics company has decided to focus its ad spending on Google, Facebook and Amazon.com Inc. because "those guys have the capabilities to really treat the data in the way that it should be treated."
"It's not perfect for them -- so imagine the others," Ms. Rochet says.
Mr. Kostov and Mr. Schechner are Wall Street Journal reporters in Paris. Email firstname.lastname@example.org and email@example.com.
(END) Dow Jones Newswires
June 17, 2019 12:48 ET (16:48 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.