Stateside, publishers and advertisers alike are well aware of the EU’s GDPR (General Data Protection Regulation) — and likely have retooled tech stacks to comply with its consent requirements when engaging with European users. But what does the legislation really mean, and how do other newer data laws play into the conversation in Europe and beyond? 

At Beeler.Tech’s Navigator event in New York Thursday, founder and CEO Rob Beeler sat down with Isabella De Micheles, CEO and founder of the European-based ErnieApp, which aims to increase data literacy among the public and inform users about how consent functions in the digital ecosystem. As a GDPR expert in her own right, De Micheles lifted the veil on some common confusions. 

The GDPR was passed in 2016 as “the most powerful data regulation ever devised in the world,” De Micheles said. But the legislation was misunderstood for a long time, she added. 

 The bedrock of the regulation rests on requiring users to consent to have their data collected by tech companies and publisher sites. But a large, industry-wide misconception from tech companies was rooted in the belief that complying with the GDPR required spending on new solutions and therefore decreasing business opportunities. “If people keep thinking that GDPR equals compliance which equals cost, the marketing people will never get into the equation of, ‘How do I use GDPR to make more money?’” she said. 

De Micheles urged brands to “think of consent as a liquidated asset, and think of how you can optimize it.” 

But devising ways to obtain consent from users can be complicated, pricey, and ineffective. “We want users to engage. We want users to convert. But brands and publishers are afraid of getting readers [to align] on the unique element of connection that matters in the GDPR, which is user consent,” De Micheles said. 

Tech companies must experiment with engaging and accessible ways for users to opt into data collection. “If you want to have a first-party relationship with your users, and if you want to be able to use that data with adjacent partners, if you want to create synthetic data—all of this is possible with compliance to the GDPR,” she said. 

While the GDPR was rolled out in an effort to level the playing field, it has disproportionately hindered smaller brands and publishers in the space. In response, the EU passed another piece of legislation, the Digital Markets Act, focusing on the industry’s largest platforms and gatekeepers, like Google, Meta, and Apple. 

These tech behemoths are “very powerful in collecting, storing, and processing data, and in having the easiest possible way to consent to GDPR on Earth because they have so many touch points on which consent can be given,” De Micheles said. 

To create more favorable market conditions for smaller companies, the DMA demands the six largest tech giants put up APIs that allow anyone to access their data, required by March 2024. 

“The big players are going to be over-regulated compared to the other guys, not just in the privacy dimension, but also for their behavior in the market,” De Micheles said. 

As the EU continues enacting standard-setting privacy laws and reshaping its data ecosystem, companies and countries across the globe will keep their eyes fixed on the space — and experts like De Micheles — as their cue for what’s coming next.