Testing GDPR’s Limits – Are Sites and Advertisers Complying?

The new European data privacy law called the General Data Protection Regulation (GDPR), which came into effect on May 25th has been giving online businesses and advertisers a hard time. The new regulation passed by the European Commission for the data privacy of Internet users in the EU requires businesses dealing with user data to take the explicit consent of consumers before collecting or sharing their data with third parties.

GDPR Impossible to Implement?

Aside from that, they also have to reveal the information they already have and must also delete that data if the consumer wants them too. In short, the regulation gives power back to consumers but this is really a misnomer because regulation kills jobs and stifles growth.

Google, Microsoft, Facebook, Twitter, and every other major website or social media platform is based in the US, and they all collect and share user data, often without explicit consent. Naturally, following the GDPR word-by-word would mean stopping data collection altogether, and these businesses cannot function without data.

Therefore, they are testing the law’s limits by using various tricks and tactics which was expected right? Some have shut down services in the EU to ensure compliance, directly stating that it isn’t possible for them to conduct business while following the GDPR. Some websites continue to show targeted advertisements to European users without consent when customer consent is the central element of the GDPR.

It is believed by legal professionals in the EU that the limited enforcement of consent requirements is the reason why websites and advertisers aren’t completely complying with the new rule.

Perhaps they should have two version of the same websites: one website for people which complies with GDPR and one that does not.

To Comply or Not to Comply

The stakes are high, whether businesses comply or don’t comply with the GDPR. The online advertising industry of Europe is worth more than €16 billion. Most business websites run advertisements, and when the ads are targeted, they can charge advertisers ten times the regular amount.

Targeted advertising usually makes use of data like user location or browsing history. But, if a website dealing with EU consumer data collects such information for the purpose of targeted advertising, the watchdogs can make them pay fines of as much as four percent of their annual revenue in violation of the law.

The catch here is the vague exception made in the GDPR, which states that consent need not be taken when the company has a “legitimate” business interest. This is the exception that is being used by the majority of businesses for evading compliance.

Ways Around This

According to regulators, this factor may include fraud prevention or useful marketing, provided that the data used has minimal privacy breach. A media company in Germany using this exception hasn’t cared to seek consumer consent for showing targeted ads.

The company claims that certain tracking technologies in the country are used and allowed without prior consent on a regular basis because there is a valid reason and also the option for users to opt out. 

No End to Targeted Ads

The GDPR is a very new law, and quite reasonably, the short time hasn’t been enough for regulators to catch up with every company that is violating the law. But with time, the regulation will gain momentum, and violators will be caught and fined pretty ruthlessly. Websites and online advertisers are taking their own sweet time, testing the limits of the law.

Several reputed sites like Forbes, Los Angeles Times, and the Chicago Tribune have blocked EU users since the GDPR came into effect. Hilarious!

The block seems to be indefinite because these companies claim they cannot comply with the regulation. This is called barrier protection when the company blocks users from a certain region to ensure compliance.

Such companies show their failure to prepare for the GDPR despite having had two years to get ready for the new data privacy rule. Several other websites also continue to block British and European users to avoid complying with the GDPR and being fined for non-compliance.

At the end of the day, regular users seem to suffer more than benefit because of the GDPR, particularly when they are blocked from using certain services. This is a no-brainer, right? Even Napoleon Dynamite could figure this out.

Several websites continue to show targeted ads like always, although they have updated their privacy policies. Tracking user activity and personalized advertisements seem to go on like they always have, without user consent.

The British Information Commissioner’s Office has stated that consent from users “must be unambiguous, freely given, fully informed and involve a clear affirmative action in order to be valid under GDPR”. However, most companies have only re-worded their privacy policies, while actually not changing anything.

Europe is making doing business elsewhere very attractive

A little over a month in effect, the GDPR is yet to be successful, but the watchdogs are doing their job, and if companies continue with the violations, steep penalties are on their way which will only hurt European businesses even more and many international businesses as well.