Bear with me here, but this is going to be a bit of a rant.
Now that the GDPR law has been in effect for the better part of a year, a lot of things have become clear. First. no one feels more protected from a consumer point of view. Second, it has turned analytics from a difficult job into a fraught nightmare. Finally, it disrupted business models and costs business a lot of cash, and all for what?
Let’s start off with consumer protection. Sure it sucks to get spammed by emails sent from people who bought email lists, that much is certain. It also sucks to get text messages from businesses when you give a phone number only so that a delivery guy can call you when he’s waiting outside your building. Sure it was silly that there were no updated data protection laws for the last two decades across Europe and that companies based themselves in places like Bermuda to avoid being accountable to regulation. The idea of the GDPR is good, consumers need to be protected from people abusing their data.
But now what has happened is that businesses must give people a choice about their data. Here’s the problem with that: go ask the average person to choose a cookie and they will reply chocolate chip. When we get that fucking pop-up the first time we visit every new site, people are obliged to accept the cookies or maybe choose which ones they allow. Even I – a digital strategist with 10 years of experience and a lot of time working with cookies – don’t know all of them or where they all can be tied to. So now we get a pop-in and what do people do? Either they use the website without clicking anything, and the banner blocks half of their screen on mobile, or they click “accept all.”
Asking the common person about cookies is the equivalent of asking a short-sighted population about Britain leaving the EU, people form opinions based on information with different levels of veracity contorted by their personal perspectives. Few people know enough to make an informed decision, no one is going to take the time to learn.
The cookie banner is just one example of how the law that was designed to protect us is not really protecting us. Before the GDPR you couldn’t move consumer data out of the EU – now you can! As long as you tell people in a long ass legal document, of course.
And are you still getting spammend? Just try to mount a complaint!
I live in France, which has always erred on the side of the consumer, to the point that it can be very frustrating (and costly in taxes) to do business here. I get spammed by a company that I hate – Habitat – which sells shitty furniture with a complete lack of customer service. Backstory: I tried to by a couch from them in 2014. Four months later we still hadn’t received the couch and I tried to cancel my order. After being led around an obstacle course of touchpoints that at one point felt like I was shoving my **** up my own ***, I finally got the order cancelled and got my refund. There was a lot of swearing involved and threatened lawsuits.
Habitat sent me a fucking TEXT MESSAGE in November of 2018 about a new offer. I demanded they stop contacting me. They ignored my message and I received another text at the start of January 2019 for the annual sales. I never signed up to receive messages, I never authorized them to text me, they should have deleted my information after a period of inactivity. They did none of these things, so I went to the ACNIL site that is supposed to be a consumer watchdog service. Impossible to lodge a complaint. In order to do so would mean banding people together and contacting a different organization, exactly how I want to spend my free time on the weekend…
Working in analytics is not easy. I know because I used to work at Disney in the analytics team for Disneyland Paris. Tracking how people use a website is very hard to do, especially in complex environments like the booking engine for the biggest attraction park in Europe. We were constantly figuring out why certain values appeared in our analytics software, and tried to resolve the different paths that people took to improve the customer experience.
We used Adobe Analytics, but Google Analytics is a much more common tool, and you know what? It runs on cookies! That means that if you want to track your site with GA, you have to install cookies. When people don’t accept the cookies on your website, you can’t track them! So what was already tricky data to handle has now become a guessing game for many businesses.
For a digital team, having people maneouver around your site without knowing what they are doing is like letting a stranger roam around your house when you’re not there. What’s more, for businesses that generate revenue based on their traffic, the GDPR created complexities in reporting that in many cases resulted in suspended service to EU countries and lots and lots of lost cash.
Which leads me to my last point:
The GDPR is Expensive
Businesses spent a lot of money getting up to legal speed, cleaning their databases, and outfitting their sites with technological solutions to be able to control cookies according to each users’ preference in real time. A lot of media companies were unable to do this right after May 2018 so they had to suspend service in the EU and forego revenue.
There are a few solutions that promise to activate or de-activate cookies depending on user preferences. Mostly, they don’t work the way they are supposed to, and this is completely natural since tags (the code that generates cookies) comes from different actors (like Facebook or Google) and Facebook and Google don’t make cookie preference tools.
Don’t get me wrong, businesses need to be responsible and it’s up to governments to ensure that they are responsible. If that costs more money then that’s just the cost of doing business. But the decentralized nature of the Internet makes that extraordinarily difficult, especially when businesses rely on services in the cloud that can be physically spread across the world. Having strict data protection protocols makes sense. In the era of major hacking we can never be too careful. But there is a cost to respecting the law and for small businesses (like some of our technical agencies) the time needed to comply is disproportionate to the value, meaning costly solutions are compounded due to lost revenue.
The GDPR is a step in the right direction, this we know for sure. But it’s not all that it’s cracked up to be either.