The introduction of the General Data Protection Regulation (GDPR) this year started a ripple of privacy legislation across the globe, with governments evaluating whether current laws are enough to protect the personal data of users in our increasingly digital world.
In the U.S., California leads the way with a privacy act that gives consumers more transparency into data collection, and national changes could be coming if Senator Ron Wyden’s proposal for similar federal law is accepted. Globally, draft bills focused on data privacy are also under review in India and Kenya.
So what does this mean for digital players, and especially global publishers?
At present, many aren’t sure. The mix of regional, country-level and international rules is confusing, and leaving content providers struggling to establish how to balance compliance with user experience. But the good news is that the answer can be understood from the data privacy revolution itself.
The data status quo
Firstly, let’s look at the impact of new laws to date. Leading up to implementation, responses were mixed with some publishers adopting GDPR-compliant procedures in a bid to avoid the legislation’s hefty fines and others merely blocking European traffic to mitigate risk of non-compliance. But, even now the dust has settled, there’s still uncertainty. Publications such as the Los Angeles Times, for example, are still trying to “identify technical compliance solutions that will provide all readers with [its] award-winning journalism.”
More recently, the pending enforcement of the California Consumer Privacy Act (CCPA) and proposed legislation in New Jersey and Washington state has sparked discussion about the need for comprehensive national law to reduce complexity. Though opinion remains divided, key players in Silicon Valley argue that state power shouldn’t be leveraged to reward favored companies. Exceptions, such as Apple’s CEO Tim Cook, passionately believe the ‘industrial data complex’ must be better managed by law to protect consumers.
While largely still unknown, the core focus of the potential federal data privacy law – the Consumer Data Protection Act (CDPA) – is strengthening online security and increasing consumer choice over how companies use their data. Although not as stringent as the GDPR, legislators in Washington state are working to create a policy that is reflective of the EU’s privacy regulation. The law is likely to restrict data collection and usage and increase data access for individuals. It’s also expected to require annual reports from organizations on the steps they are taking to diminish the risk of data protection and introduce penalties, including fines and even imprisonment.
Where do we go now?
Initially, some believed that the GDPR would act as a force to reign in the duopoly – but that hasn’t been the case so far. Despite its delay in committing to the IAB’s Privacy and Consent Framework — which put hundreds of publishers at risk of a fine — Google recently celebrated its “best quarter ever.” And Facebook has also seen revenue increase – up 33 percent in the last quarter year-on-year.
There is a useful lesson to be taken from the journey so far: the importance of acknowledging and embracing the value of consent, and user preference. The GDPR and related legislation are a direct response to the growing consumer need for transparency in data usage – covering the purposes of data collection and its application. There is a lot to be gained by championing greater consumer choice, not just trust that helps build stronger relationships, but also increased insight. Savvy publishers are already making an effort to understand the impact of consent – or lack thereof – has on monetization.
In practice, this means offering a clear consent option. Publishers have a variety of options at their disposal to best manage this, such as privacy notification pop-ups or other user messaging delivered via Consent Management Platforms (CMPs), to acquire permission on specific data purposes before users enter sites. But while consent is core to operating ethically, it is crucial not to forget about user experience.
By adopting customized communications where the creative blends seamlessly with a site’s branding and imagery, publishers can ensure these messages are in line with user expectations.
In the next few years, as global data protection legislation reaches a state of global equilibrium, publishers will need to carefully consider how to gain user consent, while streamlining messages for optimal performance. Publishers must embed their legal obligations into day-to-day operations and return the focus to consumers. And, no matter what the future holds for the regulatory landscape, giving users a greater level of control over their data is essential to the sustainability of the digital content ecosystem.