‘They want to be seen as doing something’: Companies want credit for trying to comply with GDPR

The approaches vary. Some, like one email sent by Slido, a polling software company, outlined new terms and policies, including a change in terms of service; a new privacy policy; and an entire section on its investment, approach and measures to meet GDPR requirements. By continuing to use Slido, you’re essentially agreeing to these terms.

Others, like the message from Eventbrite in the tweet below, essentially inform you that the company uses third-party and other technologies — and by using the site or even simply closing the notice, you agree to be tracked. Some emails ask for customers to update settings to confirm that you do, indeed, want to continue getting messages from a publisher or platform.

This is the kind of half arsed GDPR strategy that will land you in a world of legal shit @eventbrite Hire a GDPR consultant quick to help you sort this out. Friendly advice from a EU customer. pic.twitter.com/yQsug3iaCv

— cpokane (@cpokane) May 2, 2018

Mitchison said needing to show action is more than just a bad look — it’s also potentially a bad business strategy. “If you’ve been contacting people under the current rules, then you can rely on the standard of consent you’ve already got,” he said. “You’re taking a huge gamble with the size of your database.”

“It’s a constant drip of emails,” said Alessandro De Zanche, an audience strategy consultant. There are many different approaches, he said, from “we will get back to you with more information,” to simply informing people that until they say otherwise, a company will keep contacting them via email.

“It is a missed opportunity to properly educate customers and users on data and privacy, and gain some points in transparency and clarity,” said De Zanche. “But in our world, with all the polemics around data, the perception of lack of privacy, the users’ backlash on display advertising and the recent scandals, together with the lack of knowledge from the user side … I believe no companies want to take risks, and they are trying to pass as much as possible under the radar with ‘business as usual’ communications, not because they have anything to hide, but because they are afraid of the user’s reaction.”

That’s clear, since many of the “click to subscribe or keep hearing from us” emails are unnecessary, according to Mitchison. What companies may need is simply an updated information message.

Companies are testing what kinds of messages work best: As Digiday previously reported, Axel Springer is finding that fact-based static messages, not video, make it likelier for readers to give consent.

It’s not enough to simply try, said Jesse Cahill, head of media for North America at Essence. “The stakes are too high. Not only does noncompliance in European markets carry very significant punitive risk, but key processes underpinning marketing measurement have been disrupted globally. U.S. advertisers are going to feel GDPR’s impact, too.”

Mitchison said he’s hearing from more people, especially from companies in the U.S., about how confused they are. “There should have been much clearer information earlier on from the U.K. regulators,” he said. “We’re all muddling through on our own. Everyone is making different decisions.”