4% of Revenues Could Be Charged for Violating EU Privacy Law
European Union officials came to an agreement on sticky points of the GDPR bill. Here's the bad news for marketers.
AdWords and Custom Audiences have improved results for many a marketer and made Google and Facebook global media powers. But the European portion of that globe may soon darken with yesterday's agreement on a final text of a new privacy law by European Union officials.
The General Data Protection Regulation (GDPR), expected to pass in the European Parliament early next year and take effect in 2018, will enforce opt-in requirements for data collection and a “right to be forgotten” that gives consumers total transparency and control over how their personal data is used. Negotiators from the Parliament, the European Commission, and the Council of the European Union settled on a maximum penalty of 4% of revenues for violators, which would translate to $2.6 billion for Google and $500 million for Facebook should they run afoul of the law.
“Obviously this will raise major concerns in the boardrooms of all large multinationals, including social media giants such as Facebook and Google who have a long history of run-ins with the European courts on data privacy infringements,” said Stuart Buglass of Radius, a U.K.-based business growth consultancy.
Rank and file marketers doing business across the 28 EU states will have to invest both time and effort in altering their operations to accommodate GDPR. “The GDPR requires that consent from individuals must be explicit and must be given each time the processing or use of the data is expanded or changed, which could have ramifications for businesses that apply ever-changing analytics. In many cases the current practice of getting a single consent box ticked at the point of initial collection will not be enough,” Buglass says.
Also getting more expensive will be the pursuit of the fabled “golden record” for key customers. The new European law will bring considerable weight to the growing concept of data as currency. “What this law basically does is create holes in a data record that makes it harder to probabilistically link behaviors to a certain record across websites,” says George Corugedo, CTO of RedPoint Global, which does just that for its clients.
Marketers will still be able to achieve the single record, but it will cost them. “This could be a good thing for consumers, because marketers will have to get more creative in incenting them to leave their data behind,” said Corugedo, who predicted that companies will invest more in machine learning to help them fill in data gaps.
There was some good news for youth marketers in the final agreement. After considering setting 16 as the minimum age of digital consent, negotiators decided to give individual member states the power to set it as low as 13.
Updated on 12/21/15