Last May, large corporations around the world shuddered as the European Union enacted the General Data Protection Regulation (GDPR). Companies around the world debated what it meant and even whom it applied to. One year later, what do we know?
- Those regulators were serious. Regulators have conducted many investigations, leading to rampant speculation about when the first fines will be imposed.
- We still don’t know who it applies to. It will be up to the courts as to whether it applies to users in EU countries, EU citizens in any country, or something else.
- Global companies have adopted it globally. Without knowing how the legislation works, most companies have erred on the side of applying it as if it were a global regulation, meaning GDPR is protecting people who are clearly outside of its scope.
- Cookie modal windows are not enough. I am not sure who decided that the only way to be GDPR-compliant is those annoying windows at the bottom of every page that you need to click “I agree” to, but if you are firing off your JavaScript tags before they agree, you are not in compliance.
- It’s not the end of personalization. Companies like SoloSegment [full disclosure: I am their Senior Strategist and a partner] are using behavior-based personalization to power content recommendation that does not use personally-identifiable information (PII), so it is full GDPR-compliant.
- There will be more regulation. The California Consumer Privacy Act looks like the first one out of the gate, but there will certainly be more.
What should we expect next year?
- Actual fines. They will likely be big and the companies are likely to be prominent, to send a message.
- Court interpretations. Some court cases will likely be decided so that the regulations are more clear.
- Better regulations. Many complained that GDPR was vague and hard to understand. Businesses always complain about any regulation, but they really might have had a point here. It stands to reason that we’ll get better at regulations with more experience.
What do you think about where privacy stands in 2019? Make a comment below to start the conversation.