The Drum Awards Festival - Social Purpose

-d -h -min -sec

Marketing Ad Spend Data & Privacy

GDPR negatively impacted advertisers and web users suggests Canadian Marketing Association


By Chris Sutcliffe | Senior reporter

February 16, 2022 | 5 min read

GDPR was enacted in order to protect users’ rights online and minimize the amount of data companies can legally hold, but a study from the Canadian Marketing Association (CMA) has argued that it has inadvertently had a negative impact on all aspects of the online ecosystem.


The Canadian Marketing Association argues GDPR has negatively hit UK SMEs

While GDPR caused consternation among brands and marketers, it was widely seen as a beneficial change to user data rights online. The CMA report states that it is not just publishers and advertisers that have lost out, but that user experiences have been hit by a series of unintended consequences. It also claims that small to medium-sized enterprises (SMEs) have been disproportionately affected.

Smaller organizations, it says, have been unable to compete with larger companies, which can dedicate significant resources to effectively implementing GDPR: “In the online advertising world, businesses have opted to advertise or partner with larger technology firms as they have the means to fulfill the regulatory requirements of the GDPR more effectively.

“A week after GDPR implementation, a study found that market concentration increased by 17%, with websites deciding to no longer work with smaller vendors. In general, smaller online vendors face additional hurdles due to their reliance on data from various sources.”

In the UK, ad spending with SMEs typically returns far more to the economy than spending with their larger rivals. One unintended consequence of the regulations, then, is that it is slowing economic growth by stifling SMEs.

More importantly, it suggests that the cooling effect on advertising is behind the drive for organizations to launch subscription products or enact direct payments. The suggestion is that consumers are ultimately being denied free-to-access services that would once have been funded by advertising instead: “An additional impact – one that is just beginning to take shape in the online world – is that if consumers provide less personal information, companies are considering whether to introduce new charges or increase current prices to offset lost revenues. Many of the online services and content consumers have come to rely on are paid for, at least to some extent, by online advertising fueled by data collection techniques.”

The report authors cite a study from Vox, which claimed that a completely ad-free internet would cost users C$44 per month.

Lack of access

The report also cites the burden of adhering to GDPR laws as the reason behind some organizations blocking users from the EU from accessing their sites. It is most visible through the ongoing blocks to access for some US newspapers’ sites, with the implication that they do not think it worth the effort. The report states: “Faced with the burden of compliance, some organizations outside the EU have opted to localize their data flows, stop servicing the EU market or otherwise adjust their operations.

“This has impacted trade and investment in the EU. Privacy professionals reported that the GDPR’s requirements around cross-border data transfers are their most challenging task; 10% indicated these challenges led their firms to opt to localize data, discontinue service or stop data transfers to and from the EU altogether.”

Investing in GDPR compliance has also reportedly led to budget cuts elsewhere, with a survey of more than 400 European business leaders in 2019 finding that “a concerning number of businesses are cutting back in other areas, including plans to create innovative new products (23%) or to fuel growth through international expansion (22%).”

Those ongoing costs also do not reflect the time and money that organizations spent preparing and implementing GDPR in the first place.

Perhaps most depressingly of all, given those very visible impacts upon advertisers and consumers, the report suggests that very few consumers have noticed any tangible positive differences. The sole difference that internet users have noticed appears to be the omnipresent cookie permissions notices that sites employ upon user arrival, with none of the less obvious changes moving the needle.

GDPR was one potential solution to data creep and misuse – the report refers to its Canadian alternative PIPEDA as another, one without the unintended consequences. Data protection is vital and necessary; users are extremely concerned about privacy online but, as this study suggests, remain unclear about how exactly their data is collected, stored and used. Meanwhile, the trade-off for that lack of visible improvement appears to have been a cooling effect on innovation and small business growth.

For more articles like this, why not sign up to our weekly media newsletter here?

Marketing Ad Spend Data & Privacy

More from Marketing

View all


Industry insights

View all
Add your own content +