Reckoning day is upon us. Enforcement of the previously instituted GDPR (General Data Protection Regulation) rules is about to get underway in the E.U. In the run-up to this day—the rules officially can be enforced starting May 25th—nearly every industry that dabbles in customer data (which is every industry) has been thrown for a loop trying to figure out how these rules impact them and what they have to do to make themselves compliant.
From a news media standpoint, which is our standpoint, we make our living by being able to collect some basic information about our audience, which creates a value proposition for advertisers you see on this page and in our print publication to do business with us—so they can get in front of you, the consumer electronics retail community. That’s media. And that’s me being transparent about our data collection process.
What GDPR has done is it will require everyone to be more transparent with how they collect, manage, and disseminate information. And it will really put the power in the hands of the customer, who will now have the ability to tell companies to “forget who they are.” Once that kind of request comes in, the company will have to remove any mention of that person from their records.
The rules, obviously, get way more detailed and in depth and have for more implications than what I just described, but that should help you get the gist of GDPR. And, as a matter of fact, you’re probably already seeing some of the results of the new rules as a regular consumer even if you’re not an E.U. citizen. I could probably show you an email folder that’s several hundred messages deep with requests for me to update my registration status, inform me of new terms of service agreements, or to confirm that I’d like to still receive emails from that particular company. These are basic email marketing best practices, but it also has a heck of a lot to do with these new rules.
We’ve already seen some of the biggest names in consumer tech take steps to get themselves in a situation where they are compliant with these new rules. And, just like the rest of us, they have a very legitimate business case for getting in line with the new rules: each found violation carries a penalty that could run as high as €20 million ($23.45 million USD).
Here’s a quick run through some of the moves tech firms have made as a result of GDPR:
- Apple announced this week that it has created a new privacy website that will help users “better navigate” how much of their data is collected by the company. Users will bee able to download all of their data and see what kinds of information they’ve offered up to the company, knowingly or otherwise. This includes basic info like App Store downloads, Apple ID account info, calendars, notes, and more. The access is only available to the company’s European users at first, though they’ve said it will expand across the globe soon.
- In a similar fashion, Instagram announced that it has created a “Data Download” feature that will let users download all of the information that the photo sharing social network has collected on them over the years. It will also let users export all of their photos, videos, archived stories, profile info, comments, and more. Users can then request to have that data deleted by Instagram, and they can take their information with them if they’d prefer to move to another social platform.
- Not surprisingly, IG parent company Facebook has similar policies in place to prep itself for GDPR. Arguably one of the most scrutinized tech firms in the run up to GDPR’s enforcement debut thanks to the whole Cambridge Analytica scandal, Facebook has had to take very cautious steps to both repair its image from a privacy standpoint and to take meaningful steps forward. It’s done that by opening up a “Download Your Information” feature that shows the obvious data they’ve been collecting on users, as well as slightly less obvious things like facial recognition and location data. In a rather controversial twist, the company said it plans to move the registration of about 1.5 billion users outside the U.S., Canada, and E.U. to servers in the U.S. from Dublin, effectively removing them from GDPR protection.
- Microsoft is letting users across the globe take advantage of its GDPR-related policy updates immediately. The computer firm announced that they will gives customers the ability to view the data they collect on them as well as access to correct that information, delete it, or take it to another service provider.
- Google has made a number of changes to its data collection policies in order to comply with GDPR rules, but how they’ve gone about doing so has put the publishing community in a situation where it feels like Google is leaving it out to dry. According to AdAge, Google’s updated policy acknowledges that publishers will use certain data for purposes beyond simply serving ads, and they spell out certain things it won’t do. Publishers’ concerns stem from, in their eyes, a lack of information for them to solicit consumer consent that meets GDPR criteria, potentially exposing them to liability. Really, the tensions seem to come down to publishers not having enough time to look over the new policy changes to see how it impact them because Google—like everyone else on the friggin’ planet—waited until the last minute to worry about GDPR.
As a retailer in this consumer tech space, how ready are you for GDPR? Have you even given it a thought? Let us know in the comments below.