In the wake of the Facebook data leak scandal, it seems timely to re-address the impending GDPR, which comes into effect on the 25th May 2018. The General Data Protection Regulation (GDPR) has been designed with users privacy and protection in mind, giving them greater transparency and a say in whether or not they want their data to be captured. For more information on what it is and what you need to know, click here.
Until now it has seemed like data capture best practices have been more like a guideline, rather than regulation with a penalty for non-compliance. We have seen online businesses behaving like cowboys, doing less than an optimal job at ensuring the information we give them stays safe in their hands.
With the GDPR looming and offering no acceptions for tech giants like Facebook, Twitter, Apple, and Google, it is interesting to look into how they are handling it and what this will mean for these businesses who've been so used to playing by their own rules.
Facebook's Data Leak Scandal
For anyone who missed the news: Facebook has found themselves in hot water after the data mining and analytics company, Cambridge Analytica, gained access to data on as many as 50 million Facebook profiles. This was possible thanks to generous data-sharing policies which Facebook app developers got back in 2014. While data privacy is the real concern here, the story that has really blown up is that Cambridge Analytica was engaged to work on Donald Trump's election campaign and there is the suggestion that they could have used this user data to get an unfair advantage in the election. Here is a great video explaining the whole saga.
Since news of the incident broke, Facebook has been whacked with numerous lawsuits, they are under investigation by British and US authorities, there is a #DeleteFacebook user boycott campaign, and there has been a steep drop in their share price, which has taken almost $50 billion USD off the company’s market cap.
How Tech Giants Are Reacting to the GDPR
What's great about the GDPR is that the same rules apply to all, regardless of who you are and how much of the internet you control. While it is unlikely that everyone will join Playboy and jump on board the #DeleteFacebook bandwagon, this scandal has highlighted the difficulty these companies may face crossing all of their T's and dotting their I's. Europe and the GDPR are forcing them to clean up their act.
Unwittingly Facebook has been thrust into the spotlight with all of Europe curious to see if they can keep out of hot water, come May 25th. To be fair to the social media giant, the GDPR is not new news to them, and they have made statements on their website about their intention to comply, as well as educating users and advertising customers about the implications the new regulations will have for them. The statement on their website reads, "Data protection is central to the Facebook companies. We comply with current EU data protection law and will comply with the GDPR. Our GDPR preparations are well underway, supported by the largest cross-functional team in Facebook's history. We’re also expanding our Dublin-led data protection team which is leading these efforts." The full details of their changes are yet to be mentioned.
Google, on the other hand, appear to be in the driver's seat and have sent out a series of thorough communications to customers using their services. These emails have detailed what the GDPR is, how Google will be changing their contracts and products to comply and very clearly highlighting what their customers responsibilities are to make sure they are also compliant. On their website they state, "Google is committed to complying with the GDPR across all of the services that we provide in Europe. That includes our most popular consumer products like Search and Gmail, all of our advertising and measurement services like AdWords, AdSense, DoubleClick and Analytics, our Cloud services as previously announced, as well as, of course, any services we launch in the future."
What's will the GDPR Impact?
The goal of the GDPR is to replace out of date privacy laws and give individuals more control over their personal data, by requiring that businesses gain more explicit consent from them to collect and use it. Making these changes is not easy, particularly for businesses like Google and Facebook who currently capture a LOT of data. There is quite a bit involved to become compliant. In the short-term, the shift will likely be uncomfortable, but we're optimistic about what it means for the future.
Short term irritants:
Businesses will need resources dedicated to assessing your business and ensuring compliance. New processes need to be put in place to ensure GDPR compliance. Marketing activities will need to be re-assessed to change how data is captured but also a review of strategy now that old techniques are no longer allowed. Businesses need to look at how the GDPR is communicated legally to users. Many consumers will begin to opt out.
Long-term benefits:
As with all change, we adapt, and we make it work for us. The GDPR will be the same. Down the line businesses that are behaving appropriately should see these regulation changes as a positive move. It will cause: The competition will dwindle, cutting out shady online operations who do not meet regulations. Businesses have an opportunity to form deeper relationships with their consumers to show them the benefits of sharing their data. Quality of data captured should improve as users have a greater understanding of why they are offering the use of their data, and they see a value exchange.
If you're a business collecting data and still a bit unsure of how you're going to navigate the GDPR requirements, we can help. Get in touch with the Digital Fuel team today to make sure you're ready by D-Day.