Industry News & Views

Has the Full Impact of GDPR Requirements Been Thought Through? – These Two Examples Suggest the Simple Answer is NO

By June 13, 2018 No Comments

Today there is a frantic rush by companies of all shapes and sizes to understand and conform to new and ever changing GDPR requirements. Some are building their own consent solutions, new vendors are showing up daily and others are using one of a variety of open source projects now available on the market. All are attempting to be in a position where they conform to GDPR provisions associated with gaining consent (or otherwise) from consumers with regard to capturing and using personal data. Many have very differing interpretations and understanding of GDPR and thus implementations of GDPR and getting consent is still in flux.

Here is one article I found in our research https://digitalcontentnext.org/blog/2018/05/23/how-consent-fragmentation-could-alienate-users-and-undermine-the-gdpr/. But there are at least two mainstream issues which I question whether anyone has given detailed thought.

Who has considered the impact the GDPR regulations will have on the consumer experience?

 

Imagine the impending scenario. Every time a consumer visits a web site, they will be confronted by a message asking if they consent or not or a simply a disclosure – “read our new privacy policy” and then take it or leave it. Others are planned to be multiple “check the box” questions that the consumer opt-in before they access a site’s content. So several different “consent experiences” exist and more are inventible. It’s confusing, no standardization is in play and none seem to be in sight.   If you are like me, I visit scores of website on an average day. Can you imagine having to go through this every time, for every web site, forever?

Has anyone taken time to think this through? I bet the regulators haven’t and I doubt with the rush to become GDPR compliant, no one else has either. “Consent Fatigue” is real and will be a growing challenge.

While we can all agree that protecting consumer data and privacy is a good thing, my guess is that the unintended consequences of not thinking this through will be that I and most other digital consumers will very quickly become totally frustrated and p***ed off. It will be intrusive and totally disruptive to the consumer experience. As already seen in the advertising industry, it won’t take long before consumers rise up and demand change. Regulators beware! Sooner or later a backlash is coming.

Who has considered the impact that Ad Blockers have on GDPR compliance?

 

Over 30% of EU consumers use an ad blocker today and their proliferation continues at a rapid rate.

Has anyone thought about the impact ad blockers will have on meeting GDPR compliance? Again, my bet is very few have. Unbeknownst to many website owners ad blockers have a pervasively deeper impact that go far beyond ads. Many 3rd party services and scripts, analytics tools such as Google Analytics and Omniture, social media plugins, marketing automation technology and market research software are just some of the many tools used on websites that are rendered useless or perhaps worse, produce inaccurate data due to ad blockers.  Ad blockers also interfere with customer interactions, so they can or will block the very compliance messaging that website owners are introducing to conform to the GDPR regulations. There’s a real possibility that certain aggressive ad-block software can impact the displaying of consent messages, meaning publishers won’t have access to this audience segment of visitors to gain consent and consumers won’t get the opportunity to consent appropriately. We did a few random tests and sure enough aggressive ad blockers do block consent messages. Here’s an example:

When looking at the Halifax website, a division of Bank of Scotland plc, without an ad blocker turned on you can see the consent based messaging set up by the company.

 

 

However in this case, when the Ghostery ad blocker is switch on, the consent based messaging does not render. It’s blocked.

 

 

So my guess is that it’s a better than even chance that the millions of consumers in Europe that use an ad blocker may not see GDPR consent messages in the first place.

The ramifications are far reaching. By way of one simple example, if websites have their GDPR consent messaging blocked i.e. they don’t appear when a visitor comes to the site, do these websites default to capturing personal information. And if so, are they in breach of GDPR regulations and subject to punitive fines or not? The website owners have done their part, but ad blockers are circumventing their compliance efforts.

So what happens now? These are but two examples. How many more exist?

The biggest issue we see is the blocking of 3rd party services. It effectively means that consumers using ad blockers, even if they consent, will continue to block these services bypassing intentions of GDPR and other regulations. Ad blocking becomes a bigger issue to GDPR compliance as any regulations or laws trying to protect the consumer won’t really matter. These consumers have already spoken and all the “asking for consent” you are doing doesn’t matter; your wishes won’t turn these services back on. As ad blocking continues to rise, especially on mobile, they become the quintessential threat.

Leave a Reply

Share This