Sorry -- I was hoping we would end the week without recourse to GDPR, but the mood of the country and the sheer muppetry of some massive brands means we cannot.
For starters, who on earth was
responsible for GDPR at the Chicago Tribune and LA Times? I mean, you had two years, guys. Today all we see is a note saying your paper is unavailable in Europe and you're looking
for a technical solution. Can I remind you -- guys, you had two years. What is it you're hoping to do today that you couldn't have done over the past 24 months? It simply beggars belief.
Then we have the sheer pointlessness of all those privacy notice updates. Brands, honestly, nobody gives a hoot that you have updated your privacy notice. They really don't.
If you
don't believe me, trust Elizabeth Denham, the Information Commissioner. She was on tv this morning reminding brands that they really don't need to be emailing all and sundry with a note that they have
added a couple of words to their privacy notice to cover their backs.
What's more, she confirmed that a lot of this repermissioning with customers you already have a relationship with is
unnecessary too. The gist of the conversation was, if someone's already receiving communications from you and they always have the option to unsubscribe, you can carry on. I think she didn't want to
get technical but this was pretty much the "legitimate interests" legal basis being outlined.
I blogged the other day about crazy brands asking to repermission people in a way that, to me,
didn't look to be GDPR compliant -- so why do it. One major show even linked repermissioning to getting discounts on their next event. I know for a fact that this is against GDPR. And if you're just
asking for a "yes stay in touch," you are just reaffirming the consent you already have -- so why bother, unless consent was gained years ago from a pre-ticked box that I don't remember forgetting to
untick.
And here's the thing. These privacy notice updates are still coming, even today. Why? If you really thought it was a GDPR thing, than today is too late. If it has nothing to do with
GDPR, then why bother telling me about your updated privacy rules?
Not even these are the most foolish attempts to unnecessarily annoy the public are among my favourites. No, there are a
couple of standout examples.
Every hire car and hotel group I have inadvertently allowed to email me over the past few years not only expects me to remember a log-in from seemingly a previous
life, they want me to remember my membership number too. Erm, Hertz, do you really think I've been carrying the number in my mind for ten years since that holiday my daughter left her favourite teddy
on the back seat? And would it maybe have been worth giving me more than one guess at a password for the account before you rolled out a "captcha" test?
As for Hilton Honors, I just gave
up when renewing permission just kept bringing up a message that my email was already in use? I think they were trying to get me to set up a new account to get around GDPR? I simply have no idea,
though. The process was just too complicated.
And charities, what are you playing at? Give up the love of post, please. I had a couple that wouldn't let me repermission my email address
without filling out my postal address. Why? I was specifically saying I didn't want to be written to, but was fine with email. If this was true repermissioning, you can just forget my postal address,
which I don't remember giving you permission to use in the first place.
There have been a whole bunch of GDPR jokes, many collated by BuzzFeed, with observations likening the emails to bumping in to college friends you haven't seen in years and had forgotten all about suddenly making a promise to meet up soon for a
drink.
For me, the whole thing has been a combination of the cookie law and Y2K. Lots of people feeling they have to click on something to make a notice about a privacy policy disappear and a
whole bunch of supposedly clever people getting in a flap about nothing.
And even then, many have got it spectacularly wrong. Theresa May wasn't even Prime Minister when the two-year
deadline was set for GDPR compliance. That is how long brands and publishers have had. To think they can spend so long getting it this wrong simply beggars belief.