General Data Protection Regulation adopted in the European Union will come into force in May 2018 and will revolutionize the business of companies that collect and use the personal data of the EU citizens. First of all, these are adtech and martech providers, who use users’ data for ads targeting, personalization of promotions and offers, and research of consumer behavior, habits, demand.
This market expects some "quakes" - drop in companies’ market value, changes of users’ behaviour, mergers and acquisitions. Here are three most important aspects of innovation that will lead to such consequences.
1.The document establishes mechanisms of companies' responsibility for data and algorithms for acquiring users’ consent to its storage and processing. As a result, it will be illegal for any company regardless of jurisdiction to store data of an EU citizen or transfer it to any other company without a formal agreement with the data operator (the company that first received this data from a user); this agreement will contain restrictions on the use of the data. To circumvent restrictions one will need to obtain the users’ consent or in some cases to notify them on the way the data is used. The notification is to be delivered in simplest terms separately from other information.
The majority of martech firms won’t be able to meet these requirements, as they don’t directly interact with users. They receive data from websites and apps, that can communicate with their visitors. It is the nuance that can initiate the deals between media and advertising companies, that are about selling/buying.
The sites will become extremely reluctant to integrate third-party ad, analytical, marketing and other services in order to avoid violating of data protection legislation. It’s good for users, as their data won’t be filched and stolen by companies to resell and misuse it.
2.Users get the opportunity to have a look at the use of their data and track its way to the company that gathered it. Which means they can sue those who received data without their consent or with violations. Claims, courts, fines and other sanctions to violators are further to “color” the business landscape.
3.User behavior will change, as the new rules require companies to thoroughly inform people in simplest terms about the use of their data by anyone who has access to it, about possible risks, and rights that users have to regulate this process. In accordance with this regulation, users will get incomparably more information than before. For example, it would be necessary to explain:
- who collects their data and hot to contact the representative of this company in the European Union;
- what for this information is used and which laws permit it;
- with whom will the company that gathered data share it;
- will the data be obtained by a company outside the EU, and if so - does the European Commission believe that the data protection is secured in this country, how is data protection ensured in this situation;
- the duration of storage, and how it is determined;
- that users have right to alter the wrong data;
- that users have the right to withdraw consent to use the data;
- what are the consequences of refusal to give consent;
- how to file a complaint on data processing to the supervisory authority;
- if some automatic algorithm for decisions is used, for example, profiling - then what is its logic and what are the consequences of its application.
The new regulation requires companies to protect user data from leaks and thefts, and if such happen, to notify about them. Raising awareness about leaks and other risks will change the attitude of people to using their data - from concerns to fears. Now, most people prefer comfort and convenience to control over privacy, but this can also change.
For global players of the ad market, it will be easier to work with new rules with any audience, rather than sharing the data processing mechanisms of European users and residents of other countries. Therefore, the new law will affect not only the markets of the European Union.
We here at Adguard believe that these novelties protect interests of users and will be a predisposing factor. Users shall understand who uses their data and how to have influence. And not only understand but also take part in the management of information about themselves, taking away the right to use their data from those who misuses them or cares only about the own benefit.
Behavioral and socio-demographic data can now be used not only to target advertising but also, for example, to show different people different prices for the same product or service; as a result, someone will have to overpay. Profiling technologies can affect not only the cost of insurance or the conditions for granting a loan by a bank but also, for example, decisions of a potential employer. The consequences can be quite obnoxious if such solutions are based on incorrect or irrelevant data.
We do closely monitor the regulation of the data using in advertising and marketing, and also take these tendencies into account in the development of our products. Adguard has browsing security functionality, which extends to the options to control your data. Adguard aims to help users control information about themselves online, to understand who and why is tracking them and how can you manage this process and protect your interests.
Do you think your behavior on the web will change if you know exactly how commercial companies analyze it and use the acquired data?