It’s been 9 months since GDPR came into effect. Whether through a flood of ill-advised emails or having to click through extensive, updated privacy policies, users the world over have already felt its impact. Businesses have too – and not always in a positive way.
Many organizations still aren’t compliant, and it’s unclear if or when they will be. Some news agencies and organizations have even taken the (honestly pigheaded) approach of completely disallowing European users from accessing their sites. Others have made it so their services are impossible to access without consenting to data collection and analysis – Facebook among them.
The issue with such forced consent is blindingly obvious, and I expect it will be one we revisit many times in the coming year.
“Already, complaints have been filed against Facebook, Facebook-owned Instagram, Facebook-owned WhatsApp, and Google,” writes CSO Online’s Jeff Capone. “The complaints argue the companies are forcing consent on users to continue to process individual personal data. The law requires users be given a free choice unless consent is strictly necessary for the provision of the service. Facebook claims its core product is social networking and not collecting personal data for ad targeting, so forcing data collection consent does pose a problem.”
This is going to get worse before it gets better. With the lid being blown on scandals like Facebook’s relationship with Cambridge Analytica, our data – where is, how it’s being used, and who has access to it – is now at the forefront of everyone’s minds.
Moreover, several governments have already followed Europe’s lead, including the United Kingdom, Australia, and California. Others, like Canada, are in the process of doing so.
In short, if you aren’t taking measures to give your users better ownership over their data, you need to start. Immediately. Because the clock is ticking, and time is quickly running out – eventually, it’s not going to be enough to simply ban people from using your site or force them to consent to data collection.
You’re going to need to wrap your head around the fact that this is their data. Their information. Their life. They have a right to control how you access it, who you give it to, and how it’s used.
Will that makes it harder to perform market research and carry out advanced analytics? Sure. But on the other hand, businesses that accept this – organizations that don’t try to force their customers into being analyzed – might find something surprising.
See, purchased data and behavioral analytics are powerful marketing tools. But what a lot of people don’t seem to realize is that compliance with regulations like GDPR can be just as powerful. When people see you have their best interests at heart and won’t misuse their data (in their eyes), they’ll remember that.
“Consumers want – and are gaining – more control over personal data,” reads a piece on Media Logic. “We suggest that brands embrace this change…Collecting and protecting consumers’ personal data more carefully (and more transparently) can boost your reputation and create greater customer loyalty.”
Like it or not, GDPR has changed the landscape of user privacy – of technology as a whole. You can choose to accept that and adapt, treating customer data with greater care and conscientiousness. Or you can stubbornly dig your heels in and refuse to change until you absolutely have to.
We’d suggest the former – because if you go with the latter, no one wins.