GDPR celebrated its first anniversary this week with a flurry of new data privacy regulations on the way, including the California Consumer Privacy Act, called “GDPR-lite” or “California GDPR.”
One year later, the effectiveness of GDPR is debatable, company compliance is confusing and bureaucratic, and consumers are drowning in a tidal wave of privacy pop-up notices.
As Laura Jehl a partner at law firm BakerHostetler put it,
“I’m kind of a conscientious objector to the notice and consent model. It’s offloading too much responsibility to the individual … If you have a job, or kids, or hobbies, or a life, you can’t do that, keeping track of all that. It would be a full-time job to protect your privacy in a notice and consent model.”
This is causing a phenomenon of “consent fatigue”, where consumers are playing whack-a-mole with consent notifications without taking time to understand them. Rather than giving power to consumers, the current model is blinding them to what data privacy even means. It’s easiest to just click “Accept” and move on.
Marketing Week reported research last week that 46% of consumers don’t think GDPR has made any difference at all in their experience with companies using their data. Nearly a fifth believe that their experience with brands has actually gotten worse.
This will continue to be a tricky time for everyone to navigate data privacy and user experience. Buckle up.
Here are a few related cartoons I’ve drawn over the years:
“State of User Experience Design” January 2019
“Marketing Data and GDPR Compliance” October 2017
“Marketing with Personal Data” May 2014