A Month On And GDPR Really Is A Damp Squib

A month on, how has GDPR been for you? Hearing that the ICO has seen a deluge of complaints has not come as a major surprise, considering how many companies have become compliant.

However, the actual numbers are low. Was I right to predict the whole thing would be a damp squib? Even though it appeared something major was going on, for a couple of weeks at least.

First off, we had a month of brands you had forgotten about asking for permission to carry on marketing to us. These were mixed in with brands that strangely felt the need to tell us their privacy policy had changed. It was all unnecessary and annoying for all -- bar those who really were repermissioning and really were going to delete people who didn't agree to stay in touch. 

Consent is just one of six legal bases for storing personally identifiable information (PII) -- and for any brands who didn't want to tear up their databases, deciding that "legitimate interests" was the easier option really did not require giving consumers the heads up to a new line or two in their privacy policy. In fact, doing so ran the risk of annoying consumers and prompting them to click on "unsubscribe."

So the greatest irony of GDPR was that the law protecting us from unsolicited communications did exactly the opposite, and led to our inboxes becoming frustratingly filled with what amounted to legalese spam. Perhaps even more ironically, it prompted us all to have a purge of annoying brands or those we had forgotten about -- meaning the whole outreach movement didn't work for either party.

Even now, the GDPR nerd in me picks up on some very strange practices. At least all the boxes I have seen so far has not been pre-ticked to grant permission but those endless cookie reminders. Very few offer any explanation as to why they are popping up, and they very rarely make it clear that we have a choice.

It's just a repeat of what we all went through a couple of years ago when forced to click a "got it" or "ok" button to carry on reading. A particular favourite so far has been a web conference that promised a discount on tickets for those who offered an email address and agreed to be marketed to. Tying an offer in to granting future marketing communications is a major GDPR fail.

However, the world has kept on turning, the emails asking to stay in touch are long gone, and we have all already clicked to accept cookies on sites we visit frequently.

I predicted that GDPR would be a damp squib, other than the huge new fines for cyber security breaches. Despite the deluge of complaints The Guardian has written about, it's probably worth noting that no figure for the number of angry consumers has been released by the ICO. The paper does mention that eight month's worth of complaints were raised in Austria in the first month of GDPR. However, that's only 100. 

I will lay a bet now that the vast majority of complaints are levelled at Facebook and Google. They always claim to have watertight privacy policies, but I have never managed to fathom them out. I agree with the campaigners who feel the duopoly handed GDPR through what felt like forced consents but I doubt if the cases will come to much. 

Other than that, nothing has really changed, has it. The data rights we were given on May 25th pretty much mirror what we already had and the endless"'let's stay in touch" emails are gone. Once we've clicked to accept cookies on our favourite sites, it really is business as usual, isn't it. 

Next story loading loading..