Published 11th of June 2018

Two weeks have passed since the EU’s general data protection regulation (GDPR) came into force. Given all the build-up to the privacy changes, there have been a surprisingly low number of stories hitting the news. It seems like things are going to take while to settle down, with cases trickling in over the coming months.

However, that’s not to say that nothing has happened. We’ve been scouring the internet to find a range of GDPR stories, giving you the information you need to keep on top of the new regulations.

Tech corporations in the firing line

In possibly the least surprising development so far, tech giants Google, Facebook, Whatsapp and Instagram are the subject of significant data protection challenges. Activist Max Schrems, the founder of privacy group noyb.eu (which stands for “none of your business”) has brought legal complaints against the US-based companies, arguing that they forced consumers to consent to their private data being used for marketing purposes.

The crux of the complaint is that consumers weren’t really being given a free choice. They were essentially told to comply or stop using these ubiquitous services. If Schrems’ complaints are upheld, Facebook et al. could face fines of up to 4% of their annual turnover, which would be an enormous sum.

The same BBC article that covered the Schrems case also mentioned how several American news websites, including the LA Times and Chicago Tribune, have prevented EU users from accessing them for the time being. This is due to uncertainty over how to best comply with GDPR, with the completely risk-free course of action deemed the most appropriate until they can put better privacy policies in place.

Another lawsuit...but not what you might think

Another case that’s come to light in the early days of GDPR is a little less straightforward. ICANN, a US-based organisation responsible for coordinating ‘namespaces’ (like domain names) on the web, has brought a lawsuit against German domain registrar EPGA. However, they’re not trying to stop EPGA from gathering data, but force the registrar to keep collecting it.

What’s going on? Well, ICANN has always held European data protection laws at arms length, and it’s struggled to put good policies in place for GDPR. It’s thought that ICANN is bringing this case to the German courts now for a couple of reasons. One is that a ruling in its favour will make the organisations life much easier, but even if the ruling doesn’t go in their favour, it will still buy them time to make a watertight, compliant policy, which they believe will take another year or so. ICANN had already had an application for an extended compliance deadline refused.

If the German court rules in ICANN’s favour, it will undermine the fledgling data regulations before they’ve even got started. A ruling in EPGA’s favour, however, will strengthen the EU’s position and force organisations like ICANN to act quickly or suffer the consequences.

Confusion for smaller organisations

In a departure from stories about big names, the Telegraph ran an article on the struggles that smaller organisations are facing. Many people are reporting confusion and stress as a result of speaking to the ICO’s helpline, which is the opposite of what the helpline is supposed to achieve.

Cases that might seem trivial and even a little entertaining actually highlight how difficult smaller organisations, charities and businesses are finding it to comply. In London, the Church of England initially told priests not to pray out loud for their parishioners in case they accidentally gave personal information away. That guidance has now been updated, but still tells priests to only pray out loud for people that have consented to be added to a public prayer board.

In addition, a small charity in the Forest of Dean that provides meals on wheels for elderly citizens thought that it needed to send 2 page letters to everyone in its database asking for consent to use their data. This activity was only stopped when the ICO intervened directly to reassure them that such extreme measures weren’t necessary!

However, it’s not all bad news for small organisations. The Information Commissioner, Elizabeth Denham, told Radio 4 that “small businesses should not panic. We are not looking for perfection. It is nonsense to think the regulator will make an early example of small businesses.”

How can you keep customers engaged?

An article from Techradar, published not long after GDPR came into force, contained important statistics for businesses that are trying to keep customers engaged with email lists and marketing. Only a third of people trust the brands they buy from. However, the article also revealed that 91% of 16-24 year olds will give you more data if they have an incentive to do so.

The article then goes on to give tips on how to provide those incentives, build trust and retain engagement. Their tips include providing a freebie or a discount, demonstrating that customers can remove their data easily at any point and communicate what data collection means for those customers and how you’ll use their data.

To find out more about GDPR, visit our dedicated resource area.