Criteo, arguably the most successful adtech company to have listed on the public markets, expects Q2 revenue to remain flat or dip 1% as the media industry acclimatizes to the upcoming General Data Protection Regulations (GDPR).
The France-based adtech outfit yesterday (May 2) reported total revenues of $564m for the first quarter, representing 9% growth year-over-year, with client retention rates of over 90%, but management expects “friction” over GDPR.
In its guidance notes, it forecast that revenues for the second quarter of the year (excluding traffic acquisition costs) would be in the range of $226m-$230m. “This implies constant currency growth of minus 1% to plus 1%,” explained Criteo chief financial officer Benoit Fouilland.
On the company’s subsequent earnings call Criteo’s leadership were upbeat about its prospects, advising that full-year revenue growth would be in the range of 3% to 8%, and underlined its assertion that its own consent policies were in compliance with GDPR which comes into effect on May 25.
Facing repeated questions from analysts as to the expected impact of both GDPR plus the further upcoming ePrivacy regulations, recently returned Criteo chief executive JB Rudelle spoke of his outlook about turning such “challenges into opportunities”.
Rudelle further detailed how the company was looking to future-proof offering such as reducing its reliance on cookies when it comes to strengthening the coverage of its 1.4bn strong Shopper Graph.
'Friction' is ahead
However, he further spoke of an anticipated friction in the upcoming quarter from sell-side parties, including publishers, that may not be as confident in their preparations for GDPR compliance.
Answering questions about how the upcoming regulation impacted its guidance statement, Fouilland observed that many advertisers were still adapting to GDPR, but the company has not seen a “strong reaction” from many at this point. However, when it comes to publishers, Criteo is a little more cautious when it comes to how media owners will react.
“That being said, we want to be relatively cautious on the supply side, where there are still a certain number of question marks as to how large players are going to implement the consent management,” said Fouilland, according to a SeekingAlpha transcript.
GDPR requires specific opt-in from consumers before their data can be used for the purposes of targeted advertising leaving many publishers anxious over managing consent on behalf of third-party adtech parties.
According to conservative interpretations of GDPR, this means that every company in a publisher’s programmatic supply chain will have to obtain consent for the data they hold for the purposes of ad targeting.
Speaking separately on the "spirit of the upcoming laws, Rudelle explained his view that it “is not about is bothering users” and shared his opinion that bombarding users with consent messages would result in a poor browsing experience.
“This said, there might be some publishers that decide that they want to implement a very interruptive, hard obtained thing, where you cannot do anything before obtaining to their consent,” said Rudelle.
“Now this said, we don't control how many of those publishers might decide to implement this kind of interruptive, hard opt-in,” he added. “And those that would decide to do this could create some friction, friction for the end-user because it's going to damage their browsing experience, and friction for the ecosystem because it would create more difficulties in terms of connectivity across the players.”
Criteo's compliance education drive
For its part, Criteo is now mounting a charm offensive to promote its interpretation of GDPR, which it maintains is backed by France’s privacy watchdog the CNIL, arguably one of the most influential such body in the Article 29 Working Party.
“In a way, we think our expertise in consent management may offer us some opportunity to even re-engage with some publishers we're not working with today directly,” said Rudelle, acknowledging that a “long battle” is ahead.
Earlier this week Google made public its GDPR compliance policy classifying itself as a “data controller” thus requiring publishers using its DoubleClick suite of adtech tools to obtain consent in order to use them.
This angered many, prompting four trade bodies representing publishers on either side of the Atlantic to co-sign an open letter to Google chief Sundhar Pichai that questioned “the legality or fairness” of policy, especially the timing of its publication.
According to research by data management platform Ensighten, published earlier this week just 26% of brands and agency staff feel “very confident” that their data governance procedures were robust enough to be classified as compliant by the looming 25 May deadline with almost half setting funds aside for potential fines for GDPR infringement.