Google Gets Fined Over $50 million Dollars, And… You Could Be Liable Too.
Google was recently fined almost $57 million by the French regulators who claimed Google didn’t fully disclose to users how their personal information is collected, what happens to it, and also didn’t properly obtain users’ consent for the purposes of showing them personalized ads. As the CEO of Media Genesis, a digital agency, I knew the General Data Protection Regulation (GDPR) was making its presence known in the United States. If a company with the resources of Google can be accused of violating these new regulations, so could any business.
One of the things I like most about Media Genesis is that almost everything we do for clients can be tracked and this information can be used to improve performance and enhance the user experience. At Media Genesis, while we value the data, we also value and respect the user behind the data. With the Google fine, a result of GDPR, means that it is time for all of us to refine the way user data is collected, stored, and used so none of us end up with a fine of our own.
Why Track Data at All?
Media Genesis isn’t the only one tracking user behavior. You may have heard of other companies like Microsoft, Google, Facebook, Apple, Amazon and a few others that also track some user data. Why do companies track this user information? To measure site activity, to determine typical user journeys (paths users take through the site), to learn how others found your information and when/where they choose to leave your site. This user data is critical to being able to target, refine, and enhance the user experience.
A question from the user could be, “Did I give permission for my information to be tracked?”, and the answer is probably yes. Most companies have a published privacy policy that explains what data they gather, how they use/disclose it, and how they manage it. Some may have a long Terms of Service that you never read and just check the box to accept which is likely giving permission for your information to be tracked and used.
GDPR Has Arrived
GDPR, which became effective May 25, 2018, is a set of data protection laws that were implemented by a number of countries, primarily in the EU and Canada though the list is growing, to allow private citizens the ability to have control over their personally identifiable data being collected. Examples of this data include name, address, phone, email address, birth date, credit card number, social media, photos, and IP addresses. These rules apply to both data collected on and offline. Personally identifiable data collected through a website, or other means, now requires explanation and explicit consent for use. What worked before with telling users if they use your site they are agreeing to their data being tracked/used no longer is enough.
What Does This Mean for My Website?
I have been asked by some of our clients if they need to be GDPR compliant. Their thinking is, if this is just a European regulation can it be enforced in the U.S.? This is why the Google ruling is so important; France is testing the ability to enforce the regulations on a foreign country.
Since many more U.S. businesses have global customers or global site visitors it makes sense to analyze your particular situation and determine to what degree you should be complying with these new privacy regulations. Media Genesis has been educating companies and helping them implement solutions to fall in line with these new regulations since their passage in mid-2016. Here are some key points to consider when implementing an enhanced privacy solution:
- Implement a consent process including:
- New and legacy users
- Cookies
- User Data
- Allow individuals to manage consent options
- Be transparent with usage intent
- Update privacy policy
- Develop a breach notification process
- Test and review processes regularly
- Organizations found to not be compliant could be subject to a fine
Even if this isn’t currently a law in the U.S., we at Media Genesis believe it is good corporate practice to provide users more control over their personal data. My feeling is that most users that want to do business with your company or want to obtain information from your company are going to provide you consent for tracking their personal information (because it is needed for doing business with you). I definitely notice and appreciate when I visit a site and they have at least some basic mechanism in place to ask my permission and give me some control over my personal data, and I am sure the visitors to your site will appreciate it too.
If you are interested in learning more about GDPR standards and your website, please reach out to our team of experts at inquiry@mediaG.com or give us a call at 248-687-7888.