One year on, the GDPR has had a small legal impact, but a huge consumer impact
It’s been just over a year since the GDPR was introduced, affecting any Australian businesses that have a presence in the EU or target EU consumers. Emarsys’ Sebastian Kummel explains why the legal impact has been small, but the consumer impact big.
Since the General Data Protection Regulation (GDPR) was introduced in May 2018, marketers’ worries about its impact have slowly faded.
From a legal perspective, very little has happened. In Europe, a total of 59,000 incidents were reported to the data commissioners this past year, but only 91 fines have been imposed. The highest profile breach award goes to Google, which copped an AU$80m fine for violating the GDPR as a result of poor data consent collection practices. To date, as far as we know, not one Australian business has been on the receiving end of a fine.
The reason for this is two-fold.
The steam train is rolling down track though.
Last week the UK’s Information Commissioner’s Office ruled that Real Time Bidding is substantially illegal under GDPR. Although they’re still doing f*** all about it. For now.
“the creation and sharing of personal data profiles about people, to the scale we’ve seen, feels disproportionate, intrusive and unfair, particularly when people are often unaware it is happening.
We outline that one visit to a website, prompting one auction among advertisers, can result in a person’s personal data being seen by hundreds of organisations, in ways that suggest data protection rules have not been sufficiently considered.”