GDPR: European Regulations with Worldwide ImpactApril 2019
Getting a Grip on the Basics of GDPR
For companies that digitally advertise in Europe, one of the most significant changes to grapple with in recent years has been the adoption and implementation of the General Data Protection Regulation (GDPR). On its face, this regulation was put into effect for the benefit of consumers and casual internet users: by regulating the kind of information that can be collected by companies, requiring informed consent to collect that information, and then appropriately hiding the user’s identity, the intention is both to protect consumers from fraud and limit the way that their data can be used without their knowledge.
For both EU-oriented and US-based businesses, it’s worth understanding the full intention of the GDPR and how this legislation has already made an impact in its first year of implementation.
Intention of the GDPR
The GDPR uses several approaches with the stated intention of protecting online consumers from businesses conducting data harvesting.
- Companies are limited from collecting data without regard to the data’s relevance to their services. An online store may collect information regarding their customers’ order history, for example, but it cannot indiscriminately collect local data on customers’ devices through website add-ons like cookies.
- Consumers must be informed about any attempts to collect their data in clear, straightforward language. They must be able to parse the sentences, avoiding convoluted constructions. For example: “Data points related to the user’s location, designations of intent, access platforms, may, without limitation, be construed as relevant information for the Company’s assistance of the user to improve the experience, and are to be used without restraint or regard to direct relationship to the user’s activity on the site.”
- Instead, the company must use plain language, such as, “We collect data about your physical location, browser, and activity on the site for our benefit, even if it doesn’t impact your experience on the site.” Companies can no longer assume consumer consent through pre-filled boxes or response forms. Companies must keep thorough records on their marketing materials so that they can show compliance with the GDPR upon request. This component also applies to storing the data, as there are additional restrictions placed on data storage to protect consumers from breaches.
Each of those items has the stated intention of delivering a positive impact for consumers.
Reality Since Implementation
On May 25, 2018, the GDPR went into effect. Although this was over two years after the EU’s official adoption of GDPR in April of 2016, many companies reported feeling unprepared and spending time at the last minute to update their policies and websites. Both consumers and companies experienced confusion regarding the GDPR’s particulars.
To avoid the risks involved with noncompliance, some US-based publications like the Chicago Tribute opted to restrict access to features for Europe-based users and, in some cases, the entire website. Because there is some flexibility in interpretation, some companies chose to play it safe by removing access to European browsers, and some smaller businesses even terminated operations entirely due to the potential headaches and expenses associated with GDPR non-compliance.
NOYB, a consumer-advocacy group, acted immediately on the implementation of GDPR by filing lawsuits against Google, Instagram, WhatsApp, and Facebook throughout the EU on May 25, 2018 based on “bundling” or “forced consent,” under which users must consent to an entire suite of terms or be barred from the full services of the website.
In January of 2019, the French regulatory body CNIL found in favor of NOYB’s argument and issued a fine of €50 million against Google. Google is moving its headquarters to Ireland, which will complicate this complaint’s resolution further.
How GDPR Impacts Your Marketing Strategies
There will be long-reaching effects from this regulation—it has a global impact for virtually any company with services or marketing and website collateral accessible to EU users, and it has inspired other governments, such as California’s state government, to adopt similar standards and regulations (California’s Consumer Privacy Act, or CCPA).
Although GDPR implementation has not been seamless, the intent of the regulation is one that many consumers support on an international scale.
The decision against Google may give companies pause when considering European operations. To avoid liability, operate with caution when it comes to GDPR guidelines. The best way to navigate these turbulent waters is with the help of a digitally-informed, legally-savvy agency that can parse these regulations for you.