GDPR has been talked to death. For weeks, the pressure to make sure data collection and processing is GDPR-complaint has been building, and now that GDPR is in full force, is anyone else feeling a little bit…underwhelmed? While there’s certainly been some changes, it’s not quite been the data-pocalypse that was prophesied.
The complaints have started but not as much as you’d imagine
As expected, within a few hours of GDPR coming into effect, Facebook and Google were targeted with official complaints. The complaints against Facebook, Instagram, WhatsApp and the Android operating system run by Google argued that users were forced into agreeing to new service terms. Without agreeing to them, users either wouldn’t be able to use the service at all, or only be able to use a very limited amount of the services, both of which go against GDPR in that consent should be freely given. Allegedly, some users’ accounts were blocked and the European Centre for Digital Rights, Noyb, referred to Facebook’s approach to privacy permissions as a farce that was as legitimate as a North Korean election. If these complaints are upheld, the digital giants could be facing more than £3 billion in fines. But (so far) it’s quite unclear what people are actually being ‘forced’ to agree to. Is it advertising in general or a specific data breach? We’ll have to wait and see but the number of complaints against the big names hasn’t been as high as you might expect- and there’s a good reason.
We still don’t know how organisations use our data
There was an industry-wide assumption that GDPR would educate the general public on how organisations collect and use their data, but the Charter Institute of Marketing actually found the opposite. 48% of consumers don’t know where and how organisations use their personal data, despite the hype of GDPR. That’s an increase of 31% compared to 2 years ago, when GDPR was announced! With the amount of publicity GDPR has gotten over the past 6 months, you would expect more people to know how their data is used. The reality, though, is that user behaviour hasn’t changed enough. The number of people who read privacy policies hasn’t dramatically increased and GDPR-compliant policies are twice (if not three times) as long as previous DPA-compliant policies.
The best process I’ve seen so far for updating how your own data is collected is actually on Facebook. In the run up to 25 May, constant reminders across the Facebook platform explained the revised privacy settings and the new control centre for European users. This control centre showed where your data was being collected and gave you the ability to restrict precisely who has access to your data. It’s also continued to reminded users over the past 2 weeks that they can change their settings at any time. These easy-to-understand reminders avoid a lengthy period of time reading through Facebook’s enormous privacy policy and, most importantly, they build trust between Facebook and their users.
The ads are still running
Every now and then, the assumption arises that advertising on social media platforms would stop after GDPR. The truth is that advertisements on these sites won’t stop because ads are how social media platforms turn a profit. By signing up for something such as a Facebook account, you agree to be advertised to. The key aspect of GDPR, though, is that users don’t have to agree to having their profile data collected, stored and used to create an audience profile so marketers can build more relevant ads. Privacy settings can be adjusted quite easily, and users may be very specific about how they want to interact with marketers. Want to see adverts associated with Coronation Street but not your age or gender? Love ASDA ads but not Tesco ones? You can specify it all!
The question, really, is this: if you’re going to see ads anyway, wouldn’t you rather see ads about something you’re interested in? Because ideally this is where GDPR is going to improve advertising, both for advertisers and for consumers. Advertisers will know their audience is truly interested in their products and consumers know they’re not going to be bombarded with irrelevant ads.
From a marketer’s perspective, the advent of GDPR not been as dramatic as it could have been. Yes, some targeting is no longer available, and there has been a decrease in engagement in some European countries. But those engaging with ads are now far more valuable- and those are the people marketers really want to speak to.
The future of GDPR
While users definitely need to be aware and control how their data is used, there are some issues with how GDPR operates which may be the reason there hasn’t been the dramatic effect the world was anticipating. It’s an incredibly confusing piece of legislation, and privacy policies were rarely read pre-GDPR. Now that they’re at least twice as long, it’s no wonder people are even less likely to read them. Further, a huge section GDPR enforcement works by relying on data subjects reporting the misuse of data. If people don’t know how their data is used, they can’t know if an organisation is misusing it. Over the next six months, it’s likely we’re going to see how GDPR enforcement will play out, with uncertainties left, right and centre. For now, it’s best to work toward being compliant and reaping the rewards of a smaller, truly engaged audience in your marketing activities.
Understanding the online environment is ever changing but it remains full of opportunities if done properly. Here at Elastic we are constantly researching and collecting intelligence about topics such as GDPR, and this is part of how we deliver thorough results for all of our clients. If you are looking to improve your new business opportunities with innovative ways to broadcast your message, contact us today.