Marketers are warily assessing the fact that GDPR is now six months old and not much has really happened.
Sure, there have been some rumblings against the obvious targets. For instance,
groups in five countries have asked EU regulators to take action against Google for its alleged location tracking of consumers, according to a Tuesday report by Reuters. The search giant is already
facing legal action in the U.S. over phone tracking, it adds.
“These practices are not compliant with the General Data Protection Regulation (GDPR), as Google lacks a valid legal ground
for processing the data in question. In particular, the report shows that users’ consent provided under these circumstances is not freely given,” says the European Consumer Organization,
according to Reuters.
And as we have reported, a group called Privacy International has filed complaints against Acxiom, Oracle, Criteo, Quantcast, Tapad, Equifax and Experian, asking data
authorities to determine whether they are in compliance with GDPR.
But what about the micro scale — is anything happening?
Yes. For one thing, an unnamed company was
assessed with a fine of €20,000 for a hack that exposed email addresses and other data on roughly 330,000 individuals, JD Supra reports. The company reacted quickly, and cooperated with the
authorities, for which it was rewarded with the relatively low fine.
Then there was the €400,000 fine imposed by the Portuguese Supervisory Authority against a hospital that failed
to protect patient data, JD Supra says. In addition, France has ordered Vectuary, an online ad network, to change its consent program.
This last action is troubling because the company has
data on 67.6 million people. As TechDirt writes, “It’s hard to see how it could possibly confirm consent for the 67.6 million people whose data it holds.”
Meanwhile, there
have been a plethora of new surveys that shed light on various aspects of GDPR. For example, a study released on Monday by Mazars and McCann FitzGerald, shows that 84% of Irish businesses feel they
are compliant with GDPR. And 88% say they have correctly assessed their GDPR requirements.
Moreover, while 68% of businesses have found compliance challenging, 82% agree that GDPR is
beneficial for individuals.
“Nobody said the road to GDPR compliance would be easy but most organizations have found it to be a worthwhile, albeit, at times painful, exercise in terms of
information governance, something they may not have done otherwise,” states Paul Lavery, partner and head of technology & innovation, at the firm.
It’s not clear whether
UK marketers feel the same level of confidence, or are even bothering to comply A survey by Nesta found that 42% of UK consumers say they have received unwanted marketing emails and phone calls since
GDPR was implemented, according to the Telegraph.
Indeed, 22% say they are getting more spam emails than they did before. Only 7% are receiving none.
And 62% feel they have no
more control over the number of emails they receive than they did last May. This is especially pronounced among 16- to-24-year-olds.
This is happening despite very aggressive actions by
Britain’s Information Commissioner’s Office (ICO).
The ICO announced on Tuesday that it has fined Uber £385,000 for failing to protect customer data during a 2016
cyberattack.
According to the ICO, a series of avoidable security flaws exposed email addresses and other details on 2.7 million customers. The data was downloaded by attackers from a
cloud-based storage system run by Uber’s parent company in the U.S., it says.
The ICO has even launched a probe of the Metropolitan Police Service for a database called the Gangs Matrix
for use in fighting gang violence.
“The Matrix can be shared with local councils, housing associations, and education authorities,” the ICO writes. “And when shared, simply
being on this database could lead to denial of services and other adverse consequences.”
If the police aren’t even immune from such investigations, what chance do marketers
have?