Three years ago today the General Data Protection Regulation (GDPR) was enacted in the EU to protect you from morally questionable digital surveillance, and trust me, we’re all better off for it. Essentially the GDPR stops large companies from tracking you across the web and using that information to change your behaviour. When companies are collecting data they must disclose what they are collecting and why, plus they need to ensure that the data is well protected.
The immediate success of the GDPR led other jurisdictions to follow with similar policies to protect people, including in Japan, Chilie, Kenya, and more.
Over the BBC they cheekily posted a list of the biggest offenders of the GDPR (which shows why the legislation is needed).
4. H&M (35.3m euros)
H&M was fined by German regulators in 2020 after it was found to have been secretly monitoring hundreds of its employees.
If workers took holiday or sick leave, they were required to attend a meeting with senior staff at the retail giant on their return.
These meetings were recorded, and made accessible to H&M managers without the knowledge of staff.
The data collected from the interviews was used to make a “detailed profile” of workers, which then influenced decisions concerning their employment.
Online media companies were forced to rethink their advertiser policies last year because of the introduction of the GDPR. The New York Times decided to stop using ad services that tracked you across the web; exactly what the GDPR was designed to do. Most people claimed that because marketers can’t spy on you that media companies like the NYT will fail. The opposite has been proven true, revenues from advertising are up due to the fact that the NYT no longer uses these sketchy advertising services.
“The fact that we are no longer offering behavioral targeting options in Europe does not seem to be in the way of what advertisers want to do with us,” he said. “The desirability of a brand may be stronger than the targeting capabilities. We have not been impacted from a revenue standpoint, and, on the contrary, our digital advertising business continues to grow nicely.”
Now that the General Data Protection Regulation (GDPR) is in effect companies are reacting. You may have noticed new messages on websites outlining that they are collecting information on you, or maybe you’ve received emails updating you on new privacy policies. Those notices are a result of the GDPR’s rules around how companies spy on you and use your data for profit. What GDPR is doing in practice is eliminating the business models of some corporations and we might all benefit from these sketchy companies going kaput.
For companies whose entire business model was users not really understanding the entire business model, the cost of direct sunlight may just be too high. Unroll.me, a company that offers to automatically declutter your in-box (while, uh, selling the insight it gleans from your data to companies like Uber), announced that it will no longer serve E.U. customers.
If enough companies follow this lead, one practical effect might be a split internet, with one set of GDPR-compliant websites and services for the E.U. and another set with a somewhat more, let’s say, relaxed attitude toward data for the rest of the world. But even a loosely enforced GDPR creates conditions for improving privacy protections beyond Europe. Facebook, for example, has already said it will extend GDPR-level protections to all of its users — if they opt in to them.