GDPR one year on: Enforcement, Impact and Annoyance
This weekend saw the first anniversary of GDPR on the 25th of May, but what’s changed and how is GDPR one year on impacting our experience of the Internet?
It’s worth noting that a number of companies have been fined for blatant abuse of consumer’s personal data but fines are also being issued for lack of transparency with Google fined €50 million this January in France for collecting data to personalize advertisements without being clear how they would use the data. Google are now facing a GDPR probe from Ireland’s Data Protection Commissioner again for transparency on consumer’s personal data and their advertising programs.
There are three things that have directly impacted consumers however – an increase in concern over how their data is used, a wider adoption of GDPR type practices around the world and (to put it bluntly) an explosion of annoying pop ups and geoblocking that simply annoys users.
GDPR one year on: Increased concern from consumers
Which? reports a growing number of people are concerned about how their data is used, with a a jump of 10 and 9 percentage points in the proportion of people in ‘anxious’ and ‘concerned’ groups in their Data Dozen segmentation.
Which? identified 12 groups that reflect the different attitudes and behaviours people have when it comes to consumer data collection and use by organisations, businesses and web services. Since GDPR was implemented, it’s raised consumers awareness and concerns that their data is being harvested without really giving them any more feeling of control.
GDPR one year on: Global Awareness
GDPR is strictly an EU regulation but so many companies outside the EU offer services to EU consumers that they’ve had to comply. Due to this, many have also implemented similar standards in all countries that they operate. Brazil, China, India, Japan, South Korea and Thailand are among the nations that have passed new laws, proposed new legislation, or are considering changes to existing laws that will bring their privacy regulations into closer alignment with GDPR.
Microsoft was the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe, with a privacy dashboard. Since GDPR went into effect, more than 18 million people from around the world have used Microsoft’s tool to manage their personal information.
GDPR one year on: Consumer Annoyance and frustration
GDPR has seen a rise in Cookie pop ups but it has done good things such as insisting companies have opt in boxes before adding you to their mailing lists. Consumers are still confused by this however due to the vagaries of how they are implemented. If it’s a simple sign up then the consumer has to manually opt in to a mailing list, but companies are still allowed to assume you’d like a deluge of spam if you make a purchase so some still have opt out boxes at various points in their website flow.
Another unintended consequence of GDPR is an increase (particularly amongst news sites) of websites simply blocking EU residents from viewing their content. This is understandable as why would they want to inflict their domestic customers with cookie pop ups just to cater for the odd visitor from the EU? The result is dead ends on the Internet with EU citizens having access to less content due to GDPR.
Annoyances and frustrations aside, consumers do appear more informed as to their rights and will happily report companies who break GDPR rules. Reporting is one thing though, consumers still don’t really know who has their data and what they’re doing with it and that’s driven anxieties up. More work on GDPR is needed to make it less intrusive and more effective. Personally I’d love a browser option to opt me in to Cookies on every website world wide because all that happens is I’m forced to click to consent on every website anyway.