More than one year after the implementation of GDPR in Europe and with CCPA looming, consumers still have no idea how and why companies like Google and Facebook collect their data. That’s according to a global survey by mobile marketing firm Ogury, the largest of its kind to ask consumers about their understanding of marketing and privacy.
Nearly 40% of respondents in both Europe and the US were ignorant of what GDPR is. But more significant is that 52% of consumers report not understanding how their data is used.
Perhaps the topic we’ll remember most from this year is the rising attention to and hand wringing over privacy. In the media and advertising worlds, especially subsectors that pertain to location data, executives and consumers are feeling the broader privacy discussion acutely. We just passed the one-year mark for GDPR.
Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm preceding a privacy tsunami heading our way. All these privacy regulations share a number of commonalities, and by addressing them now, you will be on high ground as the waves begin to pound.
One year in, it’s clear that the full impact of GDPR still hasn’t been felt. The regulation is structured in a way that puts less pressure on large companies than smaller businesses, and that’s something that regulators will have to continue sorting out. But the changes Europe’s law portends are undeniable: Privacy legislation is coming to the United States, and the data collection practices that made many Silicon Valley pioneers rich will never be quite so unbridled again.
Five billion would be a record for FTC punishment of a tech company and would signal harsher scrutiny to come for an industry that has accrued unparalleled wealth and power with little regulatory oversight. Facebook’s fine comes after a saga of instances in which it failed to protect user data. Most damningly, the company vowed to shore up its data protection practices in 2011 and can now be accused of failing to uphold that promise.
Google has been fined $1.7 billion for violating Europe’s antitrust policies. Specifically, the company stands accused of compelling companies that deploy its search capabilities on their own platforms to display a disproportionately high humber of text ads that will line Google’s pockets.
Not only did Facebook’s “Research” app, which paid 13- to 35-year-old users $20/month to access their search history, emails, and private messages, set off every imaginable alarm on the this-will-look-bad-when-the-exposé-comes-out PR radar (one of the world’s most powerful corporations must be lacking one of those), but the app also blatantly violated the terms of Apple’s Enterprise Developer Program, which proscribes distributing apps to consumers. It probably didn’t help that Facebook was searching tweens’ data for dirt on its competitors.
SPONSORED, by Neil Sweeney, CEO of Freckle IoT / Killi: The takeaway for 2019 will be consent management. Why is this going to be the trend? Two reasons — the first is because consent management is nonexistent in today’s technology stacks (and, no, the catch-all ‘do you accept’ button will not be sufficient moving forward for consent management). And, second: a compliance/privacy tsunami will bear down on the entire world (not just advertising) in 2019. Every trend in 2019 will tie back to a company’s ability, or inability, to check the box on consent management.
The move is representative of changing winds on attitudes toward privacy in the location data ecosystem. Following a series of New York Times Facebook and location data exposés and explainers, and with America’s own GDPR, the California Consumer Privacy Act, slated to go into effect on January 1, 2019, companies are waking up to a new reality in which selling and sharing user data to the tune of billions of dollars in revenue with little oversight is over.
Greg Isbister: The next year will see a marked shift for location data. As consumers and businesses alike see more value and additional uses for this data, industry growth will continue to increase exponentially. Until regulations are put in place to increase security and transparency, it will be up to businesses to institute their own best practices, getting ahead of legislation to come.
What exactly did Facebook do wrong, and what do its supposed wrongs portend for the future of data-driven, and especially location data-driven, marketing? Here are some major takeaways pertaining to future legislation, likely consumer reactions, and the distinction between data selling and sharing.
Though their terms are not identical, in essence both GDPR and CCPA are designed to give consumers the power to stop companies from collecting personal data, to review all personal data a company may have collected, and to request deletion of any stored data. Both regulations strike a major blow in favor of the concept that ownership of personal data ultimately resides with the individual and not with companies who may profit from it.
The U.S. recently joined countries taking action on data privacy with the California Consumer Privacy Act (CCPA), which was signed by Governor Jerry Brown on June 28, 2018. The CCPA will protect the rights of California consumers and encourage stronger privacy online and greater transparency overall.