The EU’s latest data legislation adds to growing regulatory landscape in a pivotal year for European marketers

The coming months are set to be a pivotal period for European marketers as they prepare for the next stage of identity on the internet.

The European Union’s latest legislation in the privacy and data realm, the Data Act (DA), was adopted at the start of January and will go into effect beginning the second half of 2025. The law aims to “unlock” the data collected by connected devices and related services and give users more control over their data, among other objectives.

The DA is the latest addition to the European Union’s growing patchwork of laws and regulations that affect how marketers can operate and find their audiences on the continent. These regulations are yet another force shaping how marketers will reach European audiences in the year ahead, with industrywide cookie deprecation proceeding in full swing.

“In Europe […] brands must pivot towards first-party data activation, embrace alternate identifiers, and balance deterministic and probabilistic approaches with third-party data,” says Kristina Prokop, GM of audience solutions at Dun & Bradstreet and co-founder of Eyeota. “Contextual targeting and publisher first-party data, alongside unified ID technology, will also shape the post-cookie era.”

The DA joins the General Data Protection Regulation (GDPR), Digital Services Act (DSA), Digital Markets Act (DMA), and Data Governance Act (DGA) in the European Union’s roster of regulations that feature in its Digital Decade strategy, a multiyear pursuit of a “human-centric, sustainable vision for digital society” where “no one is left behind, everyone enjoys freedom, protection, and fairness.”

European Parliament is now also working to finalize the details of its landmark AI Act, with the aim to regulate artificial intelligence and set guardrails for its use.

Successfully negotiating this changing privacy and data landscape will likely require speed and nimbleness from marketers, not least because of Europe’s fragmentation.

“When you deal with privacy in Europe, you’re basically dealing with privacy in 26 different countries,” says Tim Geenen, CEO and co-founder at Rayn, an ad tech firm.

A patchwork of regulations

The regulations’ sprawling nature reflects the ballooning task of regulating a growing and changing internet.

The DSA and DMA, for example, are seen as aimed at large online tech platforms, with the effects of reducing the availability of some data across the EU while also potentially giving marketers greater pricing transparency of their spend on major platforms.

The newly introduced Data Act will compel connected-device manufacturers to make their data available to users and third parties. As the Internet of Things (IoT) market continues to grow by double digits, this could unlock reams of data that could help marketers further refine their campaign targeting.

For marketers, issues can arise when, for instance, it could be unclear which regulation takes precedence. Some believe this complexity poses ongoing challenges for an industry already amid a year of significant shifts.

“Which one do you adhere to? Which one will you get enforced on? That makes it very complicated,” says Geenen. “I felt like for the past six years, we’ve been constantly building technology on a moving target.”

For marketers, navigating this terrain successfully will require a commitment to act on the strategic importance of privacy as a business enabler as well as a compliance guardrail, says Joe Jones, research and insights director at privacy industry trade body International Association of Privacy Professionals.

“Data-driven organizations that can not only mature their privacy programs but can cohere and leverage them in the context of emerging digital governance initiatives — like the DSA, DMA, and DGA — will have a head start,” adds Jones.

A new European identity

The stakes of success are high. For all their complexities and perceived shortfalls, these laws are aimed at driving innovation and growth for all tech platforms, while simultaneously enhancing data protection standards, says Mathieu Roche, co-founder and CEO at ID5.

“Too often we have seen Big Tech platforms leverage ‘privacy’ to their advantage by locking in more data and access to consumers for themselves,” adds Roche.

But the rewards are likely to make the journey worthwhile: as open internet channels grow in Europe, “those who have an effective strategy in place will be able to reap the benefits and use the learnings and technology to bring better addressability in other channels such as CTV [connected TV], audio, in-game, and beyond,” says Roche.

In this background, Europe-specific identity solutions, like EUID or Utiq, backed by four European telco giants, are already gaining favor among global brands.

“No one solution will achieve 100 percent scale,” says Luke Fenney, VP of connectivity and ecosystem for EU and Latin America at LiveRamp. “For example, authenticated, people-based identity is what the social platforms have used to thrive, and now the open internet can leverage this same tool to its advantage.”

“Authenticated identity will also better situate adopters to take advantage of the second-party data generated through data collaboration, including retail media networks,” continues Fenney. Retail media networks are projected to become a 25 billion euros ($27.45 billion) market for ad spend by 2026, according to IAB Europe.

Cookie deprecation is a global reality. European marketers will have the added task of navigating this transition amid a rapidly changing regulatory landscape. That’s no small feat, but the future of the internet may depend on it.

“At first glance, it may appear as if consumers are the only beneficiaries of more stringent regulations,” says Roche. “But a rising tide lifts all ships. Regulations hold the entire ecosystem to a higher standard, including Big Tech.”

The Current is owned and operated by The Trade Desk, Inc.