I don’t think many people have been thinking much about how much is going to change in a couple of weeks.
“Sunrise day” for the GDPR is 25 May. That’s when the EU can start smacking fines on violators.
Simply put, your site or service is a violator if it extracts or processes personal data without personal permission. Real permission, that is. You know, where you specifically say “Hell yeah, I wanna be tracked everywhere.”
Advertisers are going to find it difficult to actually show that people gave them explicit permission to track them, or to start emailing them.
I kind of wish I was in the EU so I could file a complaint against every company that added my email address to their list without verifying that the person who registered using it was actually me. (Many times, it wasn’t) But, the reality is that those companies should be doing this, and more, if there’s even the possibility that one of them is in the EU.
There’s no way adtech, as Doc describes it, survives if it truly plays by the rules and asks specific permission. What comes next?