GDPR
Data and Privacy

Building Better Regulations by Example: A Critical Assessment of the GDPR – Part 2

Photo by Ryoji Iwata

Editor’s Note: The themes surrounding personal data privacy are as complex as they are important – especially as they relate to the practice of loyalty marketing. If you have been following The Wise Marketer recently, you already know that we believe that the unchecked harvesting of consumer data (ala Cambridge Analytica) needs to be scrutinized and contained. What follows is Part two of an overview of some of the problems GDPR presents. Our hope is that this assessment will provide context for deeper discussion within our industry. You can find Part One here.

The GDPR creates risks for identity theft and online fraud

Here’s an overview of the implementation of the GDPR: it’s ostensibly focused toward the consumer. The claim is that better protections and enhanced legislation are enacted for the sake of long-term consumer safety. But unintended consequences can arise from these good intentions; one of these is the negative impact GDPR can have on online user habits. Online individuals now have more control over their data through facilitated user requests, but this gives power to hackers and identity thieves due to obstructed provisions for user requests. On another level, companies are being forced to store sensitive user information in data pools, creating a high-risk environment for leaks and information loss.

It has not created greater trust online

Continuing along the path of enhanced consumer facilitation and experience building, one of the aims of the GDPR was the hope that it could foster greater trust between consumers and brands. But there is scarce evidence to suggest that this trust has yet developed. Even after years of similar regulations in force, no quantifiable numbers back up the claim that regulations create trust. In a survey of UK respondents, more than half say they feel no better off since the GDPR took effect; they also suggest it has not created transparency and clarity into how their data is actually being used.

The GDPR uses the pretense of consumer control to increase the power of government

It’s no secret that many consumers today harbor inherent misgivings about excessive governmental involvement. And for the GDPR, some have interpreted the consumer provisions to be a veiled attempt for governments to take even further control away from businesses. Businesses are now faced with more regulations and obligations than in the past, but governmental institutions are not obliged to follow the same set of rules – the rationale being that it would be economically unfeasible for governments to sacrifice their data collection operations. Data security is a broad issue that concerns the general public, businesses of all kinds, and even the government itself, and it makes little sense that these governments shouldn’t follow their own rules.

The GDPR fails to meaningfully incorporate the role of privacy-enhancing innovation and consumer education in data protection.

At the end of the day, many of these technologies remain in their infancy. While marketers of today have more power and data at their fingertips than in years past, there is still room to grow and learn for every industry stakeholder. Perhaps the real loss marshalled by the GDPR is the fact that it threatens future development by locking the present environment firmly in place.

Actionable Solutions To Protect Future Legislation

In light of the looming CCPA and blossoming concern around the globe regarding the future of data security, now is the time to develop a better set of strategies to properly protect consumer data and outline a feasible framework to create a fair operating environment for businesses. By studying an overview of the problems generated by the GDPR, a few alternative solutions appear:

Innovation-Led Technologies

There are few systems better poised to deliver consumer-focused solutions that work for the betterment of the industry than evolved innovation. Rather than coerced solutions which force predetermined outcomes upon the market, innovation has the advantage of reflecting natural consumer habits to ultimately yield better, more sophisticated technologies. This is mainly due to the fact that hyper-regulation tends to solidify the current environment, making it difficult for enterprising organizations to divert resources into change and progress infrastructures.

The takeaway: Instead of introducing legislation whose primary aim is to curtail specific activities, governments should introduce a plan to grow innovation and imbue creativity in the data industry.

Foster Customer Education

No matter how many regulations are established and barriers to access are erected, there is no realistic solution for guaranteeing universal safety of all customer data. That is why customer education is growing more pertinent in a landscape overflowing with complexity. Perhaps the most powerful tool of all to combat data misuse is fostering a better understanding with customers on how their data is going to be used, why it’s important to build better relationships with the brands they love, and steps that they themselves can take in order to thrive within the digital multiverse.

The takeaway: Better transparency with customers and an education-forward mindset should lead data security initiatives.

User-Oriented Technology Standards

There’s an argument to be made for policy-making which aligns with the end user, rather than the top-down approach which governments tend to adopt. Based on Nobel Laureate Elinor Ostrom’s research, the most effective ways of managing the complex regulatory process might be inextricably linked to the end stakeholder, and developed through a process of resource sharing and communal interactions.

The Takeaway: Collaborative regulation and legislation development works to create better systems, more advanced technologies, are easier to comply with and are economically and financially superior.

Developing Common Standards

One of the big problems with regulatory frameworks like the CCPA is that they encapsulate each U.S. state inside a disparate set of rules, when in reality, the broad impact of consumer data suggests the need for a similarly expansive playbook. Looking at the core structures which comprise internet technologies backs up this assertion; the telecom organizations themselves are national and global enterprises, which is why federal enforcement is a more sensible solution.

The Takeaway: In the context of data and privacy legislation that actually works for the benefit of everyone, a “one-size-fits-all” solution might actually make the most sense.


This is part two of an overview of some of the problems GDPR presents. Our hope is that this assessment will provide context for deeper discussion within our industry.

Building Better Regulations by Example: A Critical Assessment of the GDPR – Part 2
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top

Join our mailing list for the latest customer loyalty news, research and updates.