Three Weeks into GDPR, the Implications Are Starting to Shake Out

Last month's arrival of the General Data Protection Regulation, or GDPR, was met with a range of responses by companies in Europe and around the world. Some brands saw the regulations go into effect with barely any friction at all. Others found themselves scrambling to put a bow on months of preparation and reform to their data collection practices.

In the cases of some publishers and businesses, the GDPR response was even more frenzied. Certain companies, feeling unprepared to meet the enforced deadline, began shutting out traffic from European IP addresses all together, hoping to avoid the European Union's new policies. Other enterprise approaches to GDPR compliance were questioned almost immediately by experts who suggested that their efforts fell short of abiding by the new rules.

Meanwhile, the implications of GDPR are becoming more obvious as the policies have moved from theoretical to tangible. As businesses adjust their practices to meet these new privacy standards, gaps and challenges are rising to the surface, illustrating aspects of the policy that may be missing their intended mark. Further complications may negatively impact consumer experiences, even as the regulations protect and empower those same consumers.

These regulations are directly impacting content marketers, who have watched their industry's landscape be reshaped by sweeping privacy reform. Here's a look at some of the unexpected developments that have the power to change how content marketers approach their work.

Image attribution: Sole Treadmill

User-Generated Content May Be a Gray Area

Many platforms, brands, and other businesses rely on user-generated content for a range of marketing campaigns. In some cases, this information serves as the primary attraction of an entire business model, such as in the case of reviews websites.

However, now there may be instances where this type of reviewer-produced content actually violates GDPR policies. According to MarTech Today, one glaring example is the employment website Glassdoor, on which employees report information about their employer, such as salary figures and other key workplace information, in order to help job-seekers determine the companies where they want to work.

Despite its virtuous intentions and mission of promoting workplace transparency, the site's information may, in some cases, be forbidden under GDPR. Even though the data is submitted to Glassdoor anonymously, the content of these reviews may include personal data that certain individuals did not consent to share online. Glassdoor could end up facing a situation where it has to filter content as it's posted to its website, removing anything that might contain personal details not permitted under GDPR.

These standards could apply to other user experience platforms as well, such as websites that rate college professors or restaurant review sites. In general, if users are posting data concerning other people without their consent, it could represent a violation of new data privacy rules-and it's unclear to what degree the platforms and publishers themselves will be held accountable. With that in mind, content marketers should be mindful when developing user-generated content campaigns. While this approach to content isn't necessarily banned under the regulations, it seems wise to steer away from campaigns that pose a high risk for violating data privacy standards, at least until we've seen how the new regulations are applied to these situations.

Marketers are Seeking Alternatives to Facebook and Google

Perhaps no two companies had more difficulty adjusting to the start of the GDPR era than Facebook and Google. On the first day of the regulation's enforcement, both companies were hit with lawsuits seeking a combined $8.8 billion for non-compliance. The lawsuits, filed by an Australian privacy activist, are attempting to shed light on the fact that both companies, despite claiming compliance with GDPR, have not actually taken the necessary steps to adhere to the full regulations.

The lawsuits allege that the companies procure consent from users by forcing them into an all-or-nothing choice in order to use their products. While GDPR requires publishers to manually receive consent from users in the form of checking a box or otherwise opting in to sharing their data with the company, Facebook and Google own digital properties that require this consent to access services. If consumers refuse to accept, they're denied access to the platform, according to The Verge. This, the lawsuit alleges, is a policy that violates GDPR policies regarding how users grant consent and justification for companies to use their data.

Though it still remains to be seen how the case will play out, many marketers aren't waiting on the results to take action into their own hands. A new report conducted by Lawless Research surveyed 700 marketing professionals and found that 92 percent of respondents are concerned over the outsized market share Facebook and Google enjoy. Ninety-five percent of those respondents believe that transparency is reflective of data's quality, but both Facebook and Google operate as "walled gardens," impeding innovation while also raising concerns about the reliability and accountability of their data.

This frustration has been simmering for years-in fact, the survey was conducted prior to GDPR going into effect. But the decision by those companies to try to cut corners on new regulations is only accelerating the issue and pushing marketers to seek out alternative publishers. The chief marketing officer commissioning the Lawless Research report believes that marketers can combine their strengths to build audience segments that rely on independent data sources, providing data that is transparent, reliable, and every bit as good at what Facebook and Google can offer-maybe even better. Marketers ready for a break from this data duopoly have even more impetus than before to break from tradition and get their data from alternative sources.

Image attribution: Simson Petrol

Some Content Experiences May Be Less Effective

While GDPR is designed to protect and empower consumers, it may also have some unintended negative consequences for both publishers and their audiences, especially when it comes to innovation. Consumers now have much greater control over how and where their data is used, and they're becoming more aware of the value of that data. In many cases, it's likely that marketers' access to this data will become more limited as consumers become more reluctant to hand over their personal information when they don't see what they're getting in return from the publisher.

This creates a paradox when it comes to building new content experiences. Consumers want to know what they're getting before they share their data with brands, but, as IT Pro points out, in many cases marketers will need access to that data before they can fully demonstrate the value of an experience.

If marketers aren't able to gain access to that consumer data from the start, it could hamper their ability to create new, dynamic experiences, especially ones that consumers don't fully understand or appreciate. This won't change consumer expectations for better, smarter, and more tailored experiences. Instead, marketers may have to adjust how they create certain kinds of personalized and immersive content.

Consumer advocates and privacy experts maintain that GDPR is a win for consumers, and to a large extent, that's true. But the last three weeks have illuminated points of friction that will test GDPR in the near future and force consumers, publishers, and brands to think about the value of shared data and data-driven experiences.

For more stories like this, subscribe to the Content Standard newsletter.

Featured image attribution: Public Domain Pictures