Digiday Research: Half of companies plan to bundle consent requests under GDPR
This research is based on unique data collected from our proprietary audience of publisher, agency, brand and tech insiders. It’s available to Digiday+ members. More from the series →
The intent of the General Data Protection Regulation was to restore people’s online information to them. Under GDPR, businesses must ask consumers to opt in to sharing their data to process it for services like advertising.
One common complaint from companies is that if they provide more than one service, they have to get people to opt in separately to each one instead of bundling the consent process into one opt-in. For example, users must opt in to sharing their data with each Facebook product, including Facebook, Watch, Messenger and WhatsApp. GDPR prohibits bundling consent requests, but that isn’t stopping companies from doing it. At the Digiday Hot Topic UK: GDPR event in May, which occurred before the law took effect on May 25, half of the 22 companies surveyed by Digiday indicated they planned on bundling their consent requests.
Those who violate GDPR run the risk of heavy fines. Bloomberg reported that a complaint against Google filed in France claimed that Google “relies on an overall bundled consent to anything contained in the privacy policy for Android phones, which includes several other products.” Even the Interactive Advertising Bureau was accused of bundling consent in the run-up to GDPR.
In preparation for GDPR, Axel Springer ran tests to determine the optimal method for soliciting consent from readers. The publisher determined that people were slightly more likely to opt in to sharing their information with all of Axel Springer’s publications than just one site. In theory, Axel Springer’s approach could be GDPR-compliant if the publisher delivers the same service and processes user data the same way on each of its sites. However, regulators could consider the approach bundling if they decide that Axel Springer can’t ask for a universal opt-in. Because no one knows yet what GDPR enforcement looks like, it’s anyone’s guess if consent requests like Axel Springer’s are legal.
One line of thinking was that with many companies are breaking the law, it would be harder for regulators to punish companies for infractions like bundling consent requests because regulators wouldn’t be able to keep track of all the violators. But since GDPR took effect, complaints against companies have grown remarkably. In just over three weeks, regulators in France and the Czech Republic each received over 400 GDPR complaints, though it is uncertain how many of them pertain specifically to bundling consent.
More in Media
BuzzFeed’s sale of First We Feast seen as a ‘good sign’ for the M&A media market
Investor analysts are describing BuzzFeed’s sale of First We Feast for $82.5 million as a good sign for the media M&A market — which itself is an indication of how ugly that market had become.
Media Briefing: Efforts to diversify workforces stall for some publishers
A third of the nine publishers that have released workforce demographic reports in the past year haven’t moved the needle on the overall diversity of their companies, according to the annual reports that are tracked by Digiday.
Creators are left wanting more from Spotify’s push to video
The streaming service will have to step up certain features in order to shift people toward video podcasts on its app.