GDPRn’t We Done with This?

Michelle_Miles3
Level 9 - Champion Alumni
Level 9 - Champion Alumni

Just when you thought the topic of GDPR might settle down, it’s still hot news. A little more than a month after the enforcement date, big names are reported for compliance violations, major US publishers block European visitors, and data privacy measures get a little closer to home.

Forced Consent Complaints

It wasn’t much past midnight on GDPR’s official enforcement date when the first complaints were filed. Apparently, tech giants make for easy targets with a slew of complaints filed against Google and Facebook, claiming forced consent. In other words, both platforms require users to give “all or nothing” consent in order to use their respective software vs. parsing data consent areas and allowing users to provide individual consent for each use. Similar complaints have since been filed against Apple, Amazon and LinkedIn. Are the violations legitimate? All are still pending; no resolution or fines have been assessed.

Blocked Media Sites

Some major US publishers have taken a different route to GDPR compliance by blocking EU visitors entirely. The Los Angeles Times and the Chicago Tribune are two of the bigger media companies blocking EU visitors due to non-compliance of ad targeting practices. Other publishers, including USA Today, are displaying non-targeted ads while Meredith and The Washington Post have started asking permission to new site terms to view their sites, including an upsell ad-free option. Publishers—particularly The Los Angeles Times—need to get this figured out as the data privacy landscape is about to get even more complicated.

The Golden State Adopts GDPR-Like Legislation

Barely one month after GDPR went into effect, California Governor Jerry Brown signed The California Consumer Privacy Act, aimed at protecting the data privacy rights of California residents. Much like GDPR, California’s act seeks to give consumers more control over personal data usage, including the right to know how data will be used, what data is being collected and sold, and the right for complete data deletion. The bill, still in early stages, will likely be amended before the enforcement date of January 1, 2020. And if you think this is just hype or California making noise, keep in mind California was the initiator of anti-spam email statutes, later to be replaced by the federal legislation we now know as the CAN-SPAM Act. Privacy legislation is coming to United States—be prepared!

GDPR—Still on the Radar

In just the first month of enforcement, we’ve seen complaints filed, organizations suspending service to Europeans, and copy-cat legislation emerge. The bottom line in all of this is, best data practices need to be our baseline standard. GDPR’s enforcement date is just the beginning; taking proactive measures now will ensure you’re prepared for new legislation, without interruption to your business operations. Recommended reading:

How to Avoid a €20 Mistake with your Data: Tips for ensuring your database is clean, junk records removed, and country data normalized.

Requirements for Consent – What You Need to Know: Understand what GDPR requires for consent plus how it compares to CASL requirements.

And of course, leave your comments below and together, we’ll support each other through another round of compliance preparations.

As originally published on the Perkuto blog.

1993
0