Digiday Research: Half of companies plan to bundle consent requests under GDPR
This research is based on unique data collected from our proprietary audience of publisher, agency, brand and tech insiders. It’s available to Digiday+ members. More from the series →
The intent of the General Data Protection Regulation was to restore people’s online information to them. Under GDPR, businesses must ask consumers to opt in to sharing their data to process it for services like advertising.
One common complaint from companies is that if they provide more than one service, they have to get people to opt in separately to each one instead of bundling the consent process into one opt-in. For example, users must opt in to sharing their data with each Facebook product, including Facebook, Watch, Messenger and WhatsApp. GDPR prohibits bundling consent requests, but that isn’t stopping companies from doing it. At the Digiday Hot Topic UK: GDPR event in May, which occurred before the law took effect on May 25, half of the 22 companies surveyed by Digiday indicated they planned on bundling their consent requests.
Those who violate GDPR run the risk of heavy fines. Bloomberg reported that a complaint against Google filed in France claimed that Google “relies on an overall bundled consent to anything contained in the privacy policy for Android phones, which includes several other products.” Even the Interactive Advertising Bureau was accused of bundling consent in the run-up to GDPR.
In preparation for GDPR, Axel Springer ran tests to determine the optimal method for soliciting consent from readers. The publisher determined that people were slightly more likely to opt in to sharing their information with all of Axel Springer’s publications than just one site. In theory, Axel Springer’s approach could be GDPR-compliant if the publisher delivers the same service and processes user data the same way on each of its sites. However, regulators could consider the approach bundling if they decide that Axel Springer can’t ask for a universal opt-in. Because no one knows yet what GDPR enforcement looks like, it’s anyone’s guess if consent requests like Axel Springer’s are legal.
One line of thinking was that with many companies are breaking the law, it would be harder for regulators to punish companies for infractions like bundling consent requests because regulators wouldn’t be able to keep track of all the violators. But since GDPR took effect, complaints against companies have grown remarkably. In just over three weeks, regulators in France and the Czech Republic each received over 400 GDPR complaints, though it is uncertain how many of them pertain specifically to bundling consent.
More in Media
Workplace policies poised for seismic shakeup post-election
Topping the list of expected changes: a rollback of many health insurance reforms provided under the Affordable Care Act, better known as Obamacare.
News publishers didn’t sustain a traffic bump in the 2024 presidential election week like they did in 2020
Unlike the drawn out process of the presidential election in 2020, this year’s election quickly revealed that Donald Trump would be the winner – and that meant less of a sustained traffic bump to publishers.
MediaSense buys R3 to strengthen its Asian and North American presence
MediaSense, the U.K.-based media advisory firm, is further expanding its global footprint with the acquisition of fellow advisory firm R3.