When the General Data Protection Regulation arrived last year, The New York Times didn’t take any chances.

The publisher blocked all open-exchange ad buying on its European pages, followed swiftly by behavioral targeting. Instead, NYT International focused on contextual and geographical targeting for programmatic guaranteed and private marketplace deals and has not seen ad revenues drop as a result, according to Jean-Christophe Demarta, svp for global advertising at New York Times International.

Currently, all the ads running on European pages are direct-sold. Although the publisher doesn’t break out exact revenues for Europe, Demarta said that digital advertising revenue has increased significantly since last May and that has continued into early 2019.

“The fact that we are no longer offering behavioral targeting options in Europe does not seem to be in the way of what advertisers want to do with us,” he said. “The desirability of a brand may be stronger than the targeting capabilities. We have not been impacted from a revenue standpoint, and, on the contrary, our digital advertising business continues to grow nicely.”

The NYT briefly tested reintroducing open-exchange programmatic ad buying last fall but didn’t pursue it. “When we weighed all considerations, it was decided not to continue with it,” added Demarta.

The last-minute scramble to prepare for GDPR’s arrival last May, led to some U.S. publishers taking a more extreme approach and either blocking pages entirely in Europe or pulling advertising altogether. USA Today pulled all advertising in Europe — a strategy it still sticks to. In total, more than 1,000 U.S. websites blocked access in Europe last May — an extreme but understandable response given the eye-watering GDPR penalties that can be levied should they get it wrong. Los Angeles Times has started making some of its content available in certain countries like the U.K. and France, though still carries a notice on its site warning that it is unavailable in most European countries.

That more extreme approach may fly for U.S. publishers whose European revenue and traffic is negligible compared to the overall business. However, for publishers with meaningful revenue coming from Europe, that approach is unsustainable.

The New York Times has 2.9 million paying digital subscribers globally, and 15 percent of the publisher’s digital news subscribers are from Europe. Digital advertising in Europe also remains an important revenue stream for the publisher. The publisher’s reader-revenue business model means it fiercely guards its readers’ user experience. Rather than bombard readers with consent notices or risk a clunky consent user experience, it decided to drop behavioral advertising entirely.

Business Insider also didn’t want to cut off a healthy European ad revenue stream. The publisher still runs personalized ads in Europe but only to those who have given consent for their data to be used for such purposes. Opt-in rates are high, so ad revenues haven’t been affected, according to Marc Boswell, global svp of revenue, operations and client services at Business Insider.

BI’s European ad revenue accounts for approximately 10 percent of its total ad revenue, a large enough slice to ensure blocking advertising was never an option, added Boswell. The publisher started preparing for GDPR in January 2018, and used Axel Springer’s open-source CMP from the start.



Those who have developed a more sophisticated approach to GDPR, rather than a more blunt tactic of blocking all visitors from Europe, will be in a stronger a position for the arrival of pending U.S privacy laws, such as the California Consumer Privacy Act, experts believe. “GDPR is just the beginning,” said Brian Kane, chief operations officer and co-founder of Sourcepoint. “Whether it is CCPA or other state-based regulation in the U.S. or [data privacy] trends in other countries like Canada and Japan, publishers will be prompted to lean in. They can no longer afford to view it as ‘well, it’s only a small percentage of my traffic being affected’ — publishers will have to do something.”

The scramble that led to the arrival of GDPR last May isn’t likely to be repeated when it comes to preparing for the U.S. laws, according to industry executives. The CCPA doesn’t kick in until 2020, but three U.S. media conglomerates are already actively seeking consent-management platform partners, according to sources with knowledge of the situation. CMPs store the information on which users have given consent to be tracked and served personalized ads, and pass that information back to all the publisher’s programmatic advertising partners.

“We’re seeing renewed interest from large U.S. publishers in revising their consent strategies,” said Kane. “Similar to what we saw in the U.K., there are many publishers who had a ‘day one’ solution for GDPR and are now wanting to run more robust processes for the long term, both for GDPR as well as the U.S. privacy laws.”

So far, the U.K. regulator, the Information Commissioner’s Office, has favored the carrot to the stick, particularly when it comes to leveraging its jurisdiction with U.S. publishers. The Washington Post went its own route and developed a paid subscription offer for those who don’t want to give consent to be tracked. The publisher received a mild wrist slap from the ICO in the form of a warning letter, but the regulator isn’t likely to enforce the matter.

“If you’d asked me a year and a half ago if I was concerned about the California privacy law, I’d have said yes, very,” said Boswell. “But since we have gone through GDPR, that’s no longer the case. There are minor differences between the policies, but we will likely apply a modified version of the same framework.”