“In Q4, we decided to exit the advertising business, which had declined to about $300 million in revenue in fiscal year 2024”, Oracle CEO Safra Katz told analysts in its most recent earnings call. The firm has told clients support will cease on 30 September.
Two years ago, Oracle’s ad business was writing $2bn in revenues, underlining the pace of decline.
Forrester privacy and marketing analyst Stephanie Liu suggested the company was being buffeted by multiple storm fronts: GDPR, which was the death knell for audience data gathering business Addthis; the decline of Chrome third party cookies (though it’s now been reversed by Google) and a broader market shift away from DMPs; walled gardens like Meta closing off third party access; and heightened consumer privacy awareness and concerns.
“These are the four forces Forrester calls data deprecation, and because of the size and scope of Oracle’s advertising business, Oracle was directly impacted by every single one,” said Liu. She suggested Oracle would have had to make major investments to meet incoming privacy restrictions as regulators turn their attention to data brokers.
Closing the loopholes
The challenge for ad firms operating in the US is that states are implementing a patchwork of regulatory overhauls, many of which are severely restricting the use of personal data – and broadening the definition of what can and cannot be used to profile and target people. (See a state-by-state privacy legislation checker here). It looks like much sharper legislation at a federal level is also incoming.
The same is happening in jurisdictions around the world, with those collecting and trading data responsible for knowing exactly where that data has come from, having consent to collect it and having specific consent to use it for things like profiling and targeted advertising.
Some firms may have decided that is a heavy price to pay for a business in decline. There are also signs that Oracle may have been mulling an exit for some time. The company last year described its ad business as a “rounding error” when urging regulators to turn their attention to “the largest digital platforms” which it claimed have “much more pervasive and damaging personal information collection practices”.
Oracle made that suggestion alongside a number of highly specific recommendations to rein-in personal data trading and tracking to Australia’s Attorney General, which is probing data brokers as part of a broader overhaul of Australia’s privacy laws. If Oracle was planning to remain in the advertising and data broking business, it is questionable whether it would have submitted such a detailed response highlighting some key legislative gaps and urging regulators to close them.
Either way, Australia’s Privacy Act proposals are due before parliament in August – and whatever passes could serve as a glimpse of what may be coming down the track globally.
For the digital ad supply chain, there are some significant implications. Under Australia’s proposals, pretty much everything the industry uses to track, target and trade on will be captured by a broadened definition of what constitutes personal information.
“What will be made crystal clear with this proposed change to the legislation is that if companies are using any kind of identifiers of individuals – or pseudonyms, like device IDs, cookies, hashed emails, whatever it is – to track and match up and profile and then act upon or target individuals in some way, that is personal information,” according to former New South Wales Deputy Privacy Commissioner turned privacy consultant, Anna Johnston.
“So this is a big shift for companies, especially the advertising, media, marketing sector, to wrap their head around. No longer can you say ‘because we don’t have the person’s name, we don’t know who they are, therefore it’s not personal information, and therefore none of the privacy rules apply to us’. That argument just doesn’t wash anymore.”
Consent is king
Hence the scramble to implement consent management platforms (CMPs) across the industry. If businesses can obtain informed consent to collect and use data – and tell people exactly what they are going to do with it in very simple terms – it affords a measure of compliance.
Google already requires firms to use a CMP to access AdSense, Ad Manager and AdMob and is now telling CTV players to have one in place by July 2025 at the latest or essentially kiss goodbye to targeting in Europe and the UK.
It’s likely that requirement will expand as other regions update privacy laws and put the onus on businesses to have full consent and compliance across their entire supply chain – or risk massive fines while opening themselves up to class actions.
While the digital platforms that now dominate advertising once worked to their own variation of ‘move fast and break things’, it appears regulators are collectively determined to move slowly and fix things.
That presents a massive challenge for a digital ad industry already working through significant structural changes. But those that can get ahead of the curve ultimately stand to gain as advertisers seek out partners that can prove compliance across every link in the chain.
