With 21 days until the General Data Protection Regulation kicks in, the emails are flying. Marketers and publishers are sending notices that run the gamut, from stating their terms of service have changed to explicitly requesting opt-in consent.
At this point, many companies are scrambling to show they’re trying to abide by the spirit of the regulation, if falling short on the particulars. The GDPR is complex. While it seeks to unify privacy laws across Europe, the media industry is challenged to completely understand if they are compliant, what it takes to be compliant and how the regulation will impact their business. Many companies didn’t even begin getting compliant until too late, which means they may not be ready in time for the enforcement deadline. A fallback, it seems, is to show that at least you tried.
“What’s going on here is a lot of confusion,” said John Mitchison, the Data & Marketing Association’s director of policy and compliance. “There are people making rash decisions because they want to maybe be seen as doing something.”
Others, like the message from Eventbrite in the tweet below, essentially inform you that the company uses third-party and other technologies — and by using the site or even simply closing the notice, you agree to be tracked. Some emails ask for customers to update settings to confirm that you do, indeed, want to continue getting messages from a publisher or platform.
This is the kind of half arsed GDPR strategy that will land you in a world of legal shit @eventbrite Hire a GDPR consultant quick to help you sort this out. Friendly advice from a EU customer. pic.twitter.com/yQsug3iaCv
— cpokane (@cpokane) May 2, 2018
Mitchison said needing to show action is more than just a bad look — it’s also potentially a bad business strategy. “If you’ve been contacting people under the current rules, then you can rely on the standard of consent you’ve already got,” he said. “You’re taking a huge gamble with the size of your database.”
“It’s a constant drip of emails,” said Alessandro De Zanche, an audience strategy consultant. There are many different approaches, he said, from “we will get back to you with more information,” to simply informing people that until they say otherwise, a company will keep contacting them via email.
“It is a missed opportunity to properly educate customers and users on data and privacy, and gain some points in transparency and clarity,” said De Zanche. “But in our world, with all the polemics around data, the perception of lack of privacy, the users’ backlash on display advertising and the recent scandals, together with the lack of knowledge from the user side … I believe no companies want to take risks, and they are trying to pass as much as possible under the radar with ‘business as usual’ communications, not because they have anything to hide, but because they are afraid of the user’s reaction.”
That’s clear, since many of the “click to subscribe or keep hearing from us” emails are unnecessary, according to Mitchison. What companies may need is simply an updated information message.
Companies are testing what kinds of messages work best: As Digiday previously reported, Axel Springer is finding that fact-based static messages, not video, make it likelier for readers to give consent.
It’s not enough to simply try, said Jesse Cahill, head of media for North America at Essence. “The stakes are too high. Not only does noncompliance in European markets carry very significant punitive risk, but key processes underpinning marketing measurement have been disrupted globally. U.S. advertisers are going to feel GDPR’s impact, too.”
Mitchison said he’s hearing from more people, especially from companies in the U.S., about how confused they are. “There should have been much clearer information earlier on from the U.K. regulators,” he said. “We’re all muddling through on our own. Everyone is making different decisions.”