State of the Internet – The GDPR Effect

It has been a month since the General Data Protection Regulation or GDPR was brought into effect across the European Union. GDPR was borne out of a need for stricter privacy rules governing the digital economy and was formally adopted in April 2016, it is a set of rules that regulate data collection and privacy protection within the EU states. GDPR aims at giving the public control over how and where their personal information is used online.

The implementation of GDPR impacts companies from almost every industry. All companies operating in the EU, as well as companies that deal with personal information of EU residents, must comply with GDPR. The personal data covered by GDPR include:

• Identity data including name, address, banking and other confidential numbers
• Biometric and medical data
• Website data such as user location, IP address, cookies etc.
• Race, ethnicity, sexual orientation etc.

The deadline for businesses to comply with GDPR was May 25, 2018. The rules apply to both the data controller, those who collect and store the user information, as well as the data processor, those who manage and use the data. In case of any data breach or unwarranted use of personal information, both the data controller and processor will be held responsible. EU citizens now need to give consent for any type of data collection. They can determine where the data may or may not be used and delete the data if they want to.

Did GDPR impact Digital Performance?

GDPR has forced companies to rethink their website strategy when it comes to collecting and storing user data. As the deadline for implementing GDPR approached, companies sent out emails to customers informing them of the updated privacy policies and giving them the option to either opt in or out of services that collect/process data.

Such stringent privacy laws will inevitably cause issues with services that rely on the data shared by the user. Ad serving companies are expected to take a big hit as a result of GDPR. Ad serving algorithms use the geo-location and other user behavioral data to serve personalized and targeted ads. Restricting access to the user data will make ad servers less efficient which will result in lower ad conversion rates and revenue.

In a previous blog post, we discussed how some media websites in the US resorted to blocking EU users from accessing the sites in a bid to avoid fines. Others decided to present a much lighter version of the site for EU visitors. The table below includes performance data for one such major media website, illustrating exactly how the content of the site was altered based on the user location.

The ramification of these laws on the digital economy is yet to be fully analyzed but what we do know is the GDPR is bound to:

• Impact major ad services
• Impact marketing campaigns
• Impact 3rd party services that collect and store user data
• Impact data analytics tools
• Impact the use of cookies and other forms of local user data storage
• Drastically alter how data flows in the digital economy

How is GDPR being implemented?

Companies have been scrambling to ensure they are GDPR compliant; some have implemented their own data protection feature while others have signed up with third-party services providing data security. The data protection market has burgeoned over the years and is now hoping to ride the wave with businesses looking to data companies for help implementing GDPR.

Alation, Collibra, Informatica, Spirion, and TrustArc are just some of the players in the data management market offering services for GDPR implementation. Such third-party services come with their own set of performance issues and can create bottlenecks in the website data flow.

For example, Catchpoint identified an issue with the website of a major hotel chain caused by a third-party service. The hotel had recently integrated TrustArc, a cookie consent manager tool, on its website as part of their GDPR implementation program.

This integration took a toll on the website performance. There was a dip in performance due to high wait times exhibited by one of the hosts on the site.  We were able to narrow down the third-party host causing the issue. It was the privacy compliance tool.

In the graph above, the spikes in webpage response time and the drop in availability corresponded to the high wait times by the third-party host.

Ensure compliance without compromising performance

Changes to privacy policy usually involve changes in how data is collected, stored, and used. Which in turn requires changes to the application’s design and functionality. GDPR brings in an added layer of security to data management and this makes third-party service integration complex.

Data management tools alter data processing and can be a potential performance bottleneck. It is necessary to monitor these services to avoid issues such as the one we discussed above. Tracking the page load time and data transactions from multiple locations help to avoid performance degradation.

Consumer data is the key to digital marketing strategies in any industry. Advertising campaigns are built around consumer preferences and behavior patterns, so GDPR can pose a major roadblock for advertisers. Major ad serving companies have already taken steps to comply with GDPR.

Google has added an EU consent policy to align with the new regulations. Advertisers and marketers using Google must obtain user consent and strictly adhere to the update privacy policies. The company has also introduced a “Non-Personalized” ad service so the advertiser can give users the option to choose between personalized and non-personalized ads.

Most websites use cookies to track and store user data but with GDPR in effect, companies need the explicit consent of the user before collecting data. There are several services available that implement the “Cookie Consent” feature on your website. Vendors offering this for free include:

• Cookie Consent Kit(European Commission)
• Cookie Consent(Silktide)
• Cookie Control(CIVIC)
• OneTrust
• Cookiebot(Cybot)

Businesses should test such integrations thoroughly before pushing them to the live site. It is also important to monitor these services just as you would with any other third-party service.

GDPR leads the way

Data privacy and protection has always been a hotly debated topic in the tech world and a mandate for ethical use of consumer data has been long due. The introduction of GDPR is a step in the right direction. Even though it has brought in chaos, consumers will be happier knowing they have a certain level of control over the data they share.

Since GDPR governs the basic data processing handled by applications, it has introduced another layer of complexity in the way applications work. Some organizations have set up their own GDPR compliance team that focuses on data protection and privacy while others have signed up with third-party services to implement GDPR.

Whether you use a third-party service or have built your own data management tool, you must monitor the services for performance degradation.

Catchpoint has always upheld data privacy as a fundamental right and we have taken the necessary steps to be GDPR compliant. You can read about our policies here.