Grapeshot GDPR Programmatic Punch

Let’s look at GDPR as a ‘global’ data protection regulation: Grapeshot


By Dani Gibson, Senior Writer

March 27, 2018 | 6 min read

Sponsored by:

What's this?

Sponsored content is created for and in partnership with an advertiser and produced by the Drum Studios team.

Find out more

As GDPR hits the UK this May, how will it affect the US? According to Grapeshot’s vice president of strategic markets , Mike Hemmings, it’s not just a ‘general’ data protection regulation but a ‘global’ data protection regulation. GDPR will set global standards and see a move towards basic principles of data regulation.

Mike H

Let’s look at GDPR as ‘Global’ Data Protection Regulation: Grapeshot

Ahead of their appearance as a sponsor for Programmatic Punch New York on March 28, on ‘The evolution of programmatic’ panel, Hemmings talks to The Drum.

What do you think of the latest IAB framework?

The IAB have got a near impossible balance to find – the principle of taking a 100% GDPR compliant approach of transparency across all data use cases and partners, while balancing the publisher’s own agendas of usability and monetization. All this, combined with the understanding of humans’ rather lackadaisical approach to completing forms, means the framework still needs review and reiterations before it will work for the industry and consumers.

That being said, the motive of GDPR is to bring simplicity and protection for consumers when it comes to decisions around their personal data. But if publishers don’t provide enough information to consumers around what they are signing up for, then it will be deemed noncompliant. On the flip side, an over-communication of data compliance at the point of opt-in, may cause confusion. In either scenario, it may result in the user clicking blanket “yes” or “no” responses to opt-ins– especially with recent high profile ‘untrustworthy publisher headlines very much front of mind.

However, there should be really one metric to measure this by, and that’s its ability to both serve the consumer and meet criteria of active consent. After all, if it’s not “freely given, specific, informed and unambiguous way”, then it’s not doing its job and won’t cut it with the relevant supervising body.

What has been the reaction from publishers?

Mixed. Many publishers want to define their own rules when it comes user engagement, as well as how they communicate with and monetize audience data. Part of the problem is that the framework is built with the objective of maintaining an entire ad-tech ecosystem— but with the understanding that the publishers are ultimately the gatekeepers. So, this leads to a view that publishers should be calling the shots if the bulk of the liability falls on them.

Publishers have not been the only entities to voice concerns. There are also more general objections as to its compliance. For example, in simplifying the user experience, the IAB are looking to group a number of data uses, which of course is not in the spirit of complete transparency and clarity.

Is Grapeshot part of the IAB consent framework?

Grapeshot is a contextual intelligence platform, therefore we are not part of the IAB consent framework as we do not collect personal data, and therefore do not require consent for its use

In short, GDPR does not represent a shift in our solutions, as we don’t use cookie-based behavioral insights or personal data. Instead, our solutions evaluate on-page content in real-time to understand its relevancy to the audience and advertiser. By understanding the nature of the content (which is ultimately driving traffic and readership), we can then understand the context of it and help advertisers both serve more relevant content and discover new audiences.

The beauty of this is the GDPR is all about delivering value and relevance for the consumer, which is why contextual providers are now a crucial means to not only avoid breaching these new regulations, but reach and discover new users that may have otherwise been unknown to the brand prior.

Will the framework make the ad ecosystem better?

Absolutely. Data leakage remains an issue and by bringing new, more transparent, and regulated processes across the ecosystem, organizations will be reviewing both internal processes and partners. This practice will naturally weed out those who can’t and won’t comply, while also bringing giving consumers more control and say over their data. In the end, it actively encourages everyone to focus on what matters—which is delivering value and relevance to their customers in the moments they want them.

Will the US want to follow?

Because top tier brands and digital businesses operate on a global stage, the data walls reach far beyond EU borders. So while GDPR might specify EU based geography and residents, in reality, GDPR is not a ‘general’ data protection regulation as the name suggest but a ‘global’ data protection regulation. It's really setting global standards, and therefore inevitably all countries will be moving more towards these basic and fair principles of data regulation.

Are marketers looking for a fall-back plan for personalising online campaigns after the recent data scandal?

Right now, many marketers are simply checking their exposure. The need today might be compliance or liability checking, but as May 25th gets closer, this will change rapidly. We’ve had agencies specifically asking more about safer ways to do their jobs, and we are confident contextual intelligence based targeting solutions will be one of these solutions.

Grapeshot will be appearing at Programmatic Punch New York on March 28, looking at where the industry is as of 2018 and what to expect from the future.

Tickets are available to purchase online, with the event taking place at Ogilvy & Mather, New York.

Grapeshot GDPR Programmatic Punch

More from Grapeshot

View all


Industry insights

View all
Add your own content +