Since its introduction in May, the GDPR regulation has massively reduced the number of trackers that companies place on the internet and how our data is stored. After the flurry of emails we received in May, seemingly from every company we’ve ever had contact with, all seems to have gone silent. The reality, however, has been different. Behind the scenes, plenty has been going on.
Trackers include cookies and pixels – pieces of code in websites that follow internet users around online to try to get them to click on personalised advertising.
Small trackers have lost between 18 and 31% of their reach and the overall number of trackers on pages reduced by 4% for firms in the EU. You might have noticed a slight drop in the number of targeted ads you’ve seen, but this is likely to have been a negligible change.
For people who work in companies that use customers’ data, GDPR is likely to be remembered for creating a massive workload by forcing them to rapidly assess how it collects and stores data. GDPR compliance means that consumer data has to be kept securely. It must be safe from hackers and thieves, and non-compliant firms risk fines from the EU of up to 4% of global turnover if a breach is found to have taken place. This understandably caused a headache for IT departments across the country.
Despite smaller firms’ loss in reach, tech giants have still managed to track plenty about what their users do. Since the legislation came into force, Facebook’s trackers declined just 7% and Google actually managed to increase its reach by 1%.
The fact of the matter is that GDPR has done little to prevent tracking by the tech giants. The likes of Google and Facebook have the money to invest in the most experienced lawyers and ensure that they can still collect as much data as possible. This data is what they use to generate much of their revenue.
It has hit smaller digital advertising firms the hardest; those who don’t have the budget to ensure they can keep their trackers deep into users’ lives without the risk of violating GDPR legislation – unlike tech giants.
Google, which has entire departments purely working on GDPR and started preparing 18 months before its implementation, has been challenged by data privacy campaigners and could potentially face a so-called “mega fine”.
Its obsessive collection of location could violate GDPR because it prevents users from giving informed consent. They bury their location consent settings deep in their browser and apps – hidden under the ‘location history’ button, in case you’re interested in taking action to stop Google using your location to target ads.
So far in the UK, only one notice has been served under GDPR. This was to a Canadian analytics firm who worked for Vote Leave. AggregateIQ was accused of processing people’s data for “purposes which they would not have expected”. It was paid almost £2.7 by Vote Leave to target ads at potential voters.
Since GDPR, complaints about potential data breaches in the UK have more than doubled and businesses widely report struggling to manage this extra burden. It seems that, so far, GDPR has created a lot of extra work without doing much to prevent the intrusive practices of large firms.