Digiday Research: Half of companies plan to bundle consent requests under GDPR

This research is based on unique data collected from our proprietary audience of publisher, agency, brand and tech insiders. It’s available to Digiday+ members. More from the series →

The intent of the General Data Protection Regulation was to restore people’s online information to them. Under GDPR, businesses must ask consumers to opt in to sharing their data to process it for services like advertising.

One common complaint from companies is that if they provide more than one service, they have to get people to opt in separately to each one instead of bundling the consent process into one opt-in. For example, users must opt in to sharing their data with each Facebook product, including Facebook, Watch, Messenger and WhatsApp. GDPR prohibits bundling consent requests, but that isn’t stopping companies from doing it. At the Digiday Hot Topic UK: GDPR event in May, which occurred before the law took effect on May 25, half of the 22 companies surveyed by Digiday indicated they planned on bundling their consent requests.

Those who violate GDPR run the risk of heavy fines. Bloomberg reported that a complaint against Google filed in France claimed that Google “relies on an overall bundled consent to anything contained in the privacy policy for Android phones, which includes several other products.” Even the Interactive Advertising Bureau was accused of bundling consent in the run-up to GDPR.

In preparation for GDPR, Axel Springer ran tests to determine the optimal method for soliciting consent from readers. The publisher determined that people were slightly more likely to opt in to sharing their information with all of Axel Springer’s publications than just one site. In theory, Axel Springer’s approach could be GDPR-compliant if the publisher delivers the same service and processes user data the same way on each of its sites. However, regulators could consider the approach bundling if they decide that Axel Springer can’t ask for a universal opt-in. Because no one knows yet what GDPR enforcement looks like, it’s anyone’s guess if consent requests like Axel Springer’s are legal.

One line of thinking was that with many companies are breaking the law, it would be harder for regulators to punish companies for infractions like bundling consent requests because regulators wouldn’t be able to keep track of all the violators. But since GDPR took effect, complaints against companies have grown remarkably. In just over three weeks, regulators in France and the Czech Republic each received over 400 GDPR complaints, though it is uncertain how many of them pertain specifically to bundling consent.

https://digiday.com/?p=293458

More in Media

News publishers may be flocking to Bluesky, but many aren’t leaving X

The Guardian and NPR have left X, but don’t expect a wave of publishers to follow suit. Execs said the platform is still useful for some traffic and engaging with fandoms – despite its toxicity.

Media Briefing: Publishers’ Q4 programmatic ad businesses are in limbo

This week’s Media Briefing looks at how publishers in the U.S. and Europe have seen programmatic ad sales on the open market slow in the fourth quarter while they’ve picked up in the private marketplace.

How the European and U.S. publishing landscapes compare and contrast

Publishing executives compared and contrasted the European and U.S. media landscapes and the challenges facing publishers in both regions.