It is officially May. So much going on this month: Mother’s Day, Memorial Day, May Flowers and Oh, GDPR goes live! It is the moment we have been dreading for the longest time but you can’t stop time and you won’t be able to escape it. GDPR is here to stay.

Since our last post, we have seen many vendors take action to prepare for GDPR. While attending Adobe Summit back in March, GDPR was even mentioned on main stage during keynote. Technology companies like Adobe understands the impact this regulation will have on the ecosystem, although it has a milder effect on them in comparison to the data controllers, aka the brands.

In this post, I want to highlight some vendors that have already taken action to be GDPR ready. I hope we see more follow lead and announce their plans in the weeks to come.


In the past month, Google has taken actions on both sides of the house: Advertiser and Publisher.


Just few days ago, Google informed its partners that it will no longer allow the buyers to leverage the Doubeclick (DCM) ID via its data transfer services. This will impact Youtube Impressions, any DCM Ad Server Impressions as well as Doubleclick’s Bid Manager (DBM). The DCM ID, although encrypted for every client, is a powerful identifier that can be used to stitch a consumer’s activity across different properties. It is this powerful because Google runs the Advertising ecosystem from every angle: buyers, sellers and brokers.

Google is trying to limit vendors and buyers from stitching data based on this ID in attempt to protect user privacy, especially after what happened to Facebook recently. This will have a drastic impact on analysis, attribution and customer journey tools. This will limit these tools from measuring the reach and frequency of the campaigns run via DCM, which is almost every campaign out there. Moreover, Google is removing IP addresses and encrypted cookie IDs from the feed. This means that partners like Adobe Audience Manager, Tapad and others will be impacted big time. I am interested in knowing how these partners will react to such changes.


In an interesting move, Google has asked Publishers to be a co-controller of data. Initially, you might think that this is a brave move by Google to take action but then looking further into this you will notice that this is a Publisher’s worst nightmare. Google is stepping up to become a decision maker when it comes to a Publisher’s first party data. No Publisher wants to share this data with Google. Needless to say, Publishers are not too thrilled about this announcement especially that it came too late into the game and only few weeks away from May 25th.

Salesforce DMP (Krux)

I have been paying close attention to what Data Management Platforms, DMPs, are doing to prepare for it. Surprisingly, not much has been announced yet except for Krux who has been vocal about the tools they are enabling in the platform to allow their clients to have more control over the data.

One of the tools that was particularly interesting to me was Consent Management. As a data processor, Krux is recognizing the different ways to import data into its platform and defining the rules for consent for each one of them: API, Javascript Consent Tag, SDK, Inside the DMP and via File. Another one is Consumer Rights Management which introduces four new actions within the DMP:

  1. Provide Consent: sets consent information for a given user input.
  2. Get Current Consent Status: gets consent information for a given user input. This status can be provided to the requester (regulators)
  3. Delete Data: used to request data deletion for a user. This will wipe out all the user’s data within the DMP
  4. Get User Data: used to request all data for a given user. This data will be delivered to a customer via s3.

Finally, Krux is giving the clients control to apply these consent rules on first party, second party or third-party level where it is all configured from within the UI.


You can’t discuss privacy laws these days without mentioning Facebook. Facebook has been the center of the news lately after the data breach they had in the 2016 Presidential Elections. They are under tremendous pressure to make things right and GDPR is their chance although it doesn’t seem that way. As part of GDPR, Facebook is rolling out some new and old features that are raising some eyebrows:

  1. Consent forms on Sensitive Info are still very vague. Although Facebook claims that this data is not used by Advertisers, they are making it a lot easier to accept these forms rather than reject them.
  2. Facial Recognition is back in the US, EU and the world. Although banned in EU in 2012, Facebook is bringing back this feature and asking its users’ consent to enable it.
  3. Data Collection outside of Facebook Walls. This data is collected via the Facebook pixel and mainly used to connect the advertiser with the consumer offsite and on Facebook. Facebook is allowing consumers to block this feature although this will only impact advertisers and not Facebook’s newsfeed.
  4. Parental Consent: This mainly applies for users between the age of 13 and 15 where they require a parent to give consent to collect sensitive data about the teenager.
  5. Data Download: This feature always existed within Facebook but it recently got an upgrade. Mainly from a portability and customization point of view.

These were the top vendors that are taking action in preparation for GDPR. I am sure we will see more vendors announcing their plans in the weeks leading to GDPR. In the meantime, if you need help with GDPR, schedule a free 30 min consultation by contacting me at

Jerry Helou, Ph.D.

Linkedin Icon

Jerry Helou, Ph.D.

Jerry Helou leads the Digital Experience Architecture practice at Softcrylic. He helps our clients accomplish advanced digital experiences and strategic business goals by implementing and leveraging multi-solution architecture.

Start typing and press Enter to search