The arrival of the General Data Protection Regulation’s enforcement May 25 has hurled the digital media and advertising industries into a tailspin.

Since the early hours of May 25, ad exchanges have seen European ad demand volumes plummet between 25 and 40 percent in some cases, according to sources. Ad tech vendors scrambled to inform clients that they predict steep drops in demand coming through their platforms from Google. Some U.S. publishers have halted all programmatic ads on their European sites.

Google contacted DoubleClick Bid Manager clients over the last few days to warn them that until it has completed its integration into the Interactive Advertising Bureau Europe and IAB Tech Lab’s GDPR Transparency & Consent Framework that publishers, ad tech vendor partners and advertisers should expect a “short-term disruption” in the delivery of their DoubleClick Bid Manager campaigns on third-party European inventory, starting May 25.

“Revenues and [ad demand] volumes [are] expected to fall dramatically across the board,” said one publishing executive, under condition of anonymity.

The flow of inventory supply from publishers has also dropped in many exchanges, and several sources attributed that to the volume of U.S. publishers that have pulled their programmatic ads in Europe. Titles like the Los Angeles Times and Chicago Tribune have shut down their European sites; others like USA Today have kept their site accessible to European site visitors. USA Today has kept its site up in Europe but stripped them of ads. The New York Times’ pages do not appear to carry any programmatic ads in Europe; most are running house ads. One ad tech source said the Times is now not available on open ad exchanges. The Times has not yet responded for comment; we’ll update when it does.

The frustration for many has been directed at Google. The day before the deadline, buyers were warned also to not buy any inventory via Google on third-party exchanges, especially those using tracking and ad-verification pixels, as Google couldn’t verify whether those partners were compliant or not, according to sources. Some agency groups were alerted to this late on May 24, while others felt Google’s guidance had been nonexistent, according to agency sources.

“They [Google] are looking to solve it. So for now, we will suggest to our clients that we only use their [Google’s] tracking tools,” said a media buyer who spoke on condition of anonymity. Although this buyer wasn’t particularly flustered because the updates hadn’t yet affected the agency’s live campaigns too much, the situation is far from ideal. Others were more blunt in their criticism.

“It was arrogance,” said an ad tech vendor who agreed to speak anonymously. “They [Google] thought they could bully everyone into using their own [GDPR] system, and the industry has turned around and kneed them in the balls. They have had to do an embarrassing about turn to now integrate with the [IAB] framework. But this all puts Google into the spotlight of the regulators. I don’t think Google will be happy about this whole situation as it puts [GDPR regulator] attention on them. The irony is that in the short term, it will be Google that wins commercially [from AdX demand spiking] while everyone else suffers.”

“The timing of the message from Google — they told us yesterday afternoon [May 24],” an ad buyer said. “That’s not right because they would have known. It means we have no time to change media-buying tactics or inform clients — and also, we’re forced to use AdX.”

A Google spokesperson said: “We worked with our third-party exchange partners to develop an interim solution to minimize disruption while we finalize integration with the IAB framework.” Google has promised that by early June it will enable personalized ad serving for publishers using the IAB’s framework, and by August, it will have integrated fully with the IAB framework so that publishers can serve personalized ads based on consent passed by a user, per vendor, or serve nonpersonalized ads.

“The GDPR is a big change for everyone,” said the Google spokesperson. “Over the last year, we’ve engaged with over 10,000 of our publishers, advertisers and agencies across nearly 60 countries through events, workshops and conversations around the changes we’re making to be compliant with the GDPR. We will continue to open our doors to our publisher partners to engage in these discussions on GDPR compliance.” Google is also working with the exchanges for alternative options for consent outside the IAB.

Both buyers and publishers wonder why Google has waited until the last minute. GDPR has been three years in the making, after all. Some media agencies have received such confused or mixed messages from the tech platform that they are pausing campaigns wherever they feel unsure, a factor that will have contributed to the drop in demand that demand-side platforms outside Google’s ecosystem have seen.



Most believe the issues will last weeks, if not months. However, there are still more than two months before Google’s cutoff date for full integration into the IAB’s GDPR framework in August.

Ad tech vendors scrambled to inform their clients of what Google’s update meant to their own revenues. AppNexus sent an email to clients that warned them of what to expect. “Google’s technology will change to only respond to our exchange with Google-only demand (personalized advertising within DBM allowed, but no third-parties allowed within creatives), which based on our rough estimates may be between 25 to 75 percent reduction from DBM,” read part of the email to clients.

The email went on to state how AppNexus has worked with Google on a solution. “DBM will agree to an AppNexus-wide whitelist of vendors that, subject to our clients obtaining consent for those vendors, DBM will allow. Google has let us know they need several days to roll out this whitelist,” read the email to clients.

It’s not been an easy day for anyone. Google and Facebook have both been hit with a raft of lawsuits accusing the companies of coercing users into sharing personal data, as reported by The Verge. The lawsuits, which propose Facebook to be fined €3.9 billion ($4.5 billion) and Google €3.7 billion ($4.3 billion), were filed by Austrian privacy activist Max Schrems.

Download our complete guide to GDPR.