When the European Union Justice Commissioner traveled to California last fall to meet with Google and Facebook, she expected a reactionary situation from executives worried about the continent's new privacy laws. "They were more relaxed and I got more nervous," said the EU official.
"They have the money, an army of lawyers, an army of technicians, and so on."
With its new General Data Protection Regulation (GDPR) Brussels wants to prevent the technology giants and their partners from putting pressure on consumers in exchange for services. The EU wants to give an example of legislation around the world. However, some of the limitations have an unintended consequence: strengthening the duopoly of
On May 25, the EU will begin enforcing the new rules, which in many cases require companies to consent European Citizens' Information The shift has been shaking through the Digital Advertising Sector, from online publishers to analytics companies, data brokers and buying platforms that use personal information to target real-time ads to individuals.
Google and Facebook, however, use theirs They are looking for the approval of hundreds of millions of European users who visit their services on a daily basis. They apply a relatively strict interpretation of the new law, say competitors and set an industry standard that is difficult for smaller companies to meet.
Google told website owners and app publishers last month that they need to get approval for targeted ads on behalf of each digital ad provider or risk being disconnected from the Google Network.
At the same time, Google told digital signage publishers who use their products that they are not allowed to target a user who has not given explicit consent to the sellers and each of their affiliates, according to The Wall Journal reviewed by The Wall
Facebook has begun making detailed calls to its 277 million daily users across Europe to authorize Facebook's use of its personal information, including sensitive items such as religion. A pop-up window uses Facebook's permission to use data from other sites and advertisers to target ads to users in all its apps and other sites where ads are sold.
Digital advertising companies, so-called ad-tech companies, say Google and Facebook strict interpretation of the DSGVO expresses their business. The ad-tech companies embed their own technology in publisher websites and apps and compete with technology giants.
… and Facebook has 2.13 billion people using it at least once a month, including 370 million in Europe.
0  & # 39; 15
& # 39; 17
& # 39; 16
They collect masses of data about their users …  Top tracking companies, according to the pct. Web page loads they track over the Internet *
… and they are by far the biggest players in the digital advertising market.
Global net advertising revenue by corporation
100  Google
& # 39; 17
& # 39; 15
& # 39; 16
Unlike the giants, the ad-tech companies have no direct relationship with consumers. They say that Google's and Facebook's print publishers are forcing them to seek approval from dozens of ad-tech companies that people have never heard of.
Odd Internet users tend to click "No," say ad-tech companies. Or publishers may decide that it's easier to stop using smaller ad-tech companies.
A digital advertising company
has recently closed a service that has captured location data from people's smartphone apps to show them targeted ads, the CEO said
because his company had little hope of asking the users for approval. Instead, AdUX aggregates data from larger companies. He said the shift had translated into revenue.
"It's easy for them," he said. "The problem is, who knows AdUX?"
Some advertisers plan to move money from smaller providers to Google and Facebook, say the smaller companies. "They move their money to where there is clear, obvious approval, and the huge platforms really benefit," he said
Chief Operating Officer for Virtual Minds AG, which owns ad-tech companies in Germany.
"We are aware that our customers and partners … are making significant commitments under these new laws," Google said in a blog post released when the partners were notified of their policy changes.
Asked by the Journal for its policy, Google said, "Under current EU law, Google requires publishers and advertisers to seek their end users' consent to the use of our advertising services on their sites and how they consent to the use of Google services on their websites, in accordance with the DSGVO guidelines. "
A privacy and public policy manager said the company has created a website and holds workshops to help small and medium-sized businesses meet. CEO
Recently, the US Congress said, "By definition, by definition, there are rules that can easily be met by a larger company that has resources like ours, but that could be more difficult for a smaller startup."
EU Commissioner Jourová said she believes that the European national regulatory authorities entrusted with enforcing the law will focus on those who can most harm people's privacy, and I'm not talking about that here small businesses.
the big boys increase market share? I do not think that [the law] will have such a consequence, "said Ms. Jourová.
It's not that Facebook and Google could ever hope to have no problems with the law, activists have praised complaints against them
Following the March revelations, when Facebook will allow personal data of 87 million users without their consent to political data company Cambridge Analytica, the review will allow fines of up to $ 4 % of the total annual turnover of a violator, or € 20 million, whichever is greater.
The court disputes whether companies comply with the DSGVO's requirement that the consent "released" is likely to drag on for years, said
A privacy advocate at Hogan Lovells.
In the meantime, Google and Facebook are building their strong position in the digital advertising market. They have tons of information about hundreds of millions of people using their websites and apps in Europe. They also use "share" buttons and ad tools on millions of websites to collect data on how people use the Internet. This is important information to determine the interests of consumers before they place ads.
In a study of 850,000 internet users last year, mainly in the US and Europe, Google tracked 64% of all pages on mobile and web browsers, and Facebook tracks 29% – more than twice the size of the next largest tracker
That makes anti-tracking tools for consumers. According to eMarketer, the two giants in 2011 collect a total of 49% of all digital advertising spending worldwide.
This weight multiplies the benefits they have with obtaining approval. Even if a large number of users in Europe unsubscribe from targeted ads from Google and Facebook – something Facebook claims they have not seen – the two remain by far the biggest source of consumer approval.
"I'm at a loss as to how this will fundamentally change the advertising revenue of Facebook" or "Impact on the direction of Google search," said
RBC capital markets
The idea of requiring consent to use personal information dates back to the 1970s, when countries began to pass privacy laws. The German law of 1977 contributed to the design of the future European approach: it banned all personal data without the permission of the individual – only in writing.
With the advent of the Internet in the 1990s, the EU decided to harmonize privacy rules. The definition of consent remained somewhat open and referred to any "specific and informed indication of wishes". The new law states that consent must be "clear" and communicated "through a statement or clear positive action".
This is effective from the widespread practice of pre-tested boxes. EU approval will be opt-in rather than opt-out, regulators say.
Business job search groups howled as the text became final in 2015. Smaller companies soon sounded alarm bells.  "The politicians wanted to teach Google and Facebook a lesson, and yet they prefer it," said a Brussels lobbyist for a media company at the time.
When the law was passed in the spring of 2016, Google and Facebook threw people to the problem. Google involved lawyers in the US, Ireland, Brussels and elsewhere to chat about contracts and procedures, related parties said. Facebook mobilized hundreds of people in what it calls the largest interdepartmental team it has ever put together.
Facebook lawyers spent a year questioning the long text of the law. Designers and engineers struggled to figure out how to make changes
Stephen dead man,
Facebook's Global Deputy Chief Privacy Officer
During this process, Facebook received frequent access to regulators across Europe. It has hit
the Data Protection Officer in Ireland, where the company is setting up its European activities, and its staff to handle the changes planned by Facebook. Ms. Dixon's agency has given the company feedback on the wording of their informed consent, Facebook said.
"We got their guidance over many months," says Mr. Deadman. EU Justice Commissioner Jourová said the technology giants were scared when she met them a year ago in Washington. Google and Facebook then went from trying to combat the GDPR to the decision to use them to their advantage, said a person who was familiar with the meetings.
When she traveled to Silicon Valley in September, Ms. Jourová told Facebook officials to discuss privacy and met Facebook's Chief Operating Office
The following morning, at a Google headquarters meeting, employees spent much of the two-hour breakfast meeting, with Ms. Jourová following Google's compliance approach.
In the middle of April, just before the new opt – in consent pages were launched on Facebook Englisch: bio-pro.de/en/region/stern/magazine/…0/index.html To show ads where the new law means "better protection", and Facebook will ask users to "check how we can use your data"
Last week, they expect the opt-ins will have a low single-digit impact on Facebook sales, and may end up being intangible.
"We hit the target," says Mr. Deadman. "We will be completely compliant."
Some publishers and ad-tech companies, especially in Germany, took a different approach. Fearing that users would find detailed consent forms intrusive, they have introduced an exception in the GDPR called "legitimate interest".
It would allow companies to use personal information without obtaining consent, as long as they took other stringent privacy measures. Companies continued to be confident in the strategy, even after EU data protection officers asked in February questions about the validity of this marketing-related tracking exception across multiple devices or websites, as is the case with many companies.
Since Google is involved in so many layers of the ad business, some publishers say they have no choice but to comply, and others say they're not sure they will. "It's the classic Google approach: Either you take it or leave it," said
Chief Digital Officer of Media Impact,
Media sales department. "For a publisher like us, that's not a pleasant situation."
Third-party data collectors who rely on Web sites to reach consumers are concerned that Google's consent to their consent will break into their business.
"If you place the list of 120 companies on your homepage, how will a user make an informed decision?" Said Alain Levy, managing director of
a Paris-based ad technology company. "We are a B2B company, we have no relationship with the consumer."
Some ad-tech companies have decided to withdraw from Europe.
Marketers aim to target people with location – specific ads, said last week that they will close down their European offices, including offices in London and New York. Englisch: emagazine.credit-suisse.com/app/art … = 263 & lang = en Munich, because they feared that publishers would not receive the consent of sufficient consumers
Chief Marketing Officer
"This helps marketers track users when they move from one device to another, has also given up its advertising business in Europe and shut down its London office under the GDPR," said a spokesman for the California-based company.
A thriving third-party ecosystem of businesses that can help them sell targeted digital advertising will increasingly be forced to turn to Google and Facebook, who also compete with them to sell ads on their own websites. This would further increase the market share of large companies.
In order to pave the way for the smaller technology companies, online trading group IAB Europe has put together a standardized system for websites and apps to ask for users' permission on behalf of sometimes dozens of companies collecting or advertising data to place in a certain place. Providers pass on information to the system what they do with the users' data, and their lists are available to publishers in their consent form.
As of Friday, only 13 vendors were listed as available to seek approval through the system, according to a IAB Europe website
"It's paradoxical," said
Co-Founder and Chief Technology Officer of
Boston-based company that supports the purchase of targeted ads. "The DSGVO actually consolidates the control of consumer data on these technology giants."
Write to Sam Schechner at firstname.lastname@example.org and Nick Kostov to Nick.Kostov@wsj.com  Published in the printed edition of April 24, 2018 as "Europe's New Law on the protection of consumer privacy ".
Tags Europe39s Facebook Google Privacy rules