GDPR: The Great Data Protection Racket

GDPR. Be honest now. When the fortieth email about changes to a privacy policy or data protection landed in your inbox today, did you read it or delete it on sight? I deleted it. I deleted them all. Actually, I routinely delete almost all emails without reading them these days. That’s where email has got to and why many of the agencies I speak to are looking at creative DM again. But, that’s a different story.

Back to emails… I used to read the subject and look at the sender before hitting the delete button. Then, I saved time by only reading the subject. Now, an email has less than half a second to grab me before I delete it. Unless I instantly recognise a sender, it’s toast.

“BUT WAIT”, I hear voices calling, “That’s EXACTLY why we need GDPR!” Err. No. In most cases, GDPR is to privacy what the TPS is to your phone. It just stops decent people contacting you. GDPR, like 2K (if you remember that) is a great big racket. Well-intentioned, but a racket nonetheless. Ernst and Young reckons the world’s top 500 companies have spent nearly ￡6bn complying with GDPR. Total global bill? No-one knows, but ￡15bn can’t be out of sight. That’s quite some racket. But, before explaining why it’s a racket, let’s look at how we got here.

What’s the problem?

In my opinion, the real problem with how private data was being handled was lack of security. Company execs or civil servants would leave a laptop on a train with unencrypted user data on it; corporations wouldn’t secure their web servers properly and hackers would break in or employees would download data and take it home. Instances like these genuinely scared me and there was a problem. GDPR should sort these issues out. But GDPR also picks up email marketing and any other email communication too. That’s why companies, clubs and charities have been panicking and sending out notices like: “If you don’t expressly agree to accept emails, we can’t speak to you again!” B.S.

Bad legislation penalises good people

The problem with legislation, especially bad legislation is that it often has unintended consequences. So it is with GDPR and email. Good companies already act ethically because they know you can’t spam your way to greatness. They take great care of their customer data because they know gold lies within. Bad companies don’t care and they won’t care about GDPR. The same groups that flout TPS rules will flout GDPR. Thus, the new rules only hurt the good companies. Perfect.

You’re all collecting too much data

The anti-business lobby also has a fear that big business is collecting too much data. Consumers are willingly giving this data away in exchange for free services and again, the good ones are explaining what they collect already. But, we live in interesting times. Cambridge Analytica went into administration recently after trial by media. The company broke no laws, flouted no rules and hid nothing. It might have been a little scary how good at interpreting data the company was, but that’s just good business. As marketers, we’ve all been interpreting and acting on data to sell more, influence and educate for decades. Cambridge Analytics was too good at what it was doing and the consumers who fed its data models in return for a personality test knew they were giving data away because FB told them so. But that didn’t matter. CA was collecting too much and FB was giving away too much.

GDPR encourages companies to keep less data. Only the data it needs to do its job. My job is selling to people and I prefer to know as much as possible about them first. It makes the sales more effective and my targets’ lives simpler because I don’t send them irrelevant stuff. I would gladly give away detail on me, my spending habits, likes, dislikes and desires if it took the crap out of my inbox. GDPR hinders companies profiling me effectively. How on earth did we end up with such vast and hindering legislation?

If you create a legislative body, don’t be surprised when it creates big legislation

The EU likes legislation and that’s no surprise. If you pay people to write new rules, don’t be surprised when they do. And, the EU is really good at rules. If I sound cynical it’s not because I don’t think some tightening of how personal data is held and used is needed, it’s that I don’t think GDPR is the way to do it. The EU may have no barriers to freedom of movement or goods to its members, but it now has another barrier to business. The drag effect has been witnessed this week. Businesses of all sizes, having spent a combined ￡15bn (my estimate) on training and consultants, are reduced to sending out updates to their privacy rules. Will it change much? I suspect data will still get lost, but the EU will be able to levy fines. Which is good for the EU because it needs more money. It always needs more money.

Non-jobs for the boys

While we’re discussing unintended consequences and rackets, it’s not just the consultants that stand to benefit from GDPR at businesses’ expense. According to the Irish Times up to 75,000 jobs in privacy may be created by the legislation. Let me re-phrase that. Up to 75,000 non-jobs may be created. Jobs are useful because they create value. Non-jobs are corrosive because they add no value at all. Instead, they take value – around ￡3bn by my calculations.

Delete them all

And so, with just a couple of days left until GDPR comes into force, the barrage of emails grows. My advice? Delete them all. If you use cloud services like GSuite, MS Office or AWS, log in to your account and you can probably update your terms there.

GDPR isn’t going to solve your email inbox crisis. Next week, you’ll still be spammed because bad people do bad things. It’s just a shame the legislation is going to make it harder for good people to do great things with data because it’s where the future is.

In the meantime, the consultants, trainers and GDPR gurus can jet off on the proceeds of their ￡15bn Great Data Protection Racket gains. The data privacy profession gets a ￡3bn boost and business picks up the tab for all of it again. Are any of us really any better off? Discuss.