Tech Viewpoint: Three reasons Google’s GDPR fine matters to U.S. retail

1/25/2019
Google’s record $57 million fine for violating the European Union General Data Protection Regulation (GDPR) should serve as a wakeup call for retailers everywhere.

Google is one of those companies that isn’t strictly a retailer, but engages in online retail activities. And its steep fine for not having enough transparency in how it collects and uses consumer data to personalize ads is of importance to any retailer that engages in online commerce with EU residents. Here are three reasons why what happened to Google means you need to carefully examine how you engage online with customers in the EU.

  1. The devil is in the details


As explained in the official statement from the National Data Protection Commission, the French regulatory body which levied the fine against Google, the problem isn’t that Google doesn’t provide any information about its ad personalization practices. Rather, the information is delivers is insufficient to meet GDPR standards.

For example, “essential information” such as how long personal data is stored may only be accessible after five or six clicks. Also, Google was deemed to be providing information that was too diluted to allow properly informed consent by users to receive targeted ads.

E-commerce sites routinely require users to click multiple times to perform mission-critical tasks like find and purchase goods, let alone obtain information about how their data is used. Carefully review how a customer would actually navigate your site to learn how their personal data is used, as well as the clarity and thoroughness of the explanation.

  1. Lets get personal


Retailers are constantly exhorted to personalize their online customer experience. Data tracking tools such as click analysis and cookies are routinely used to learn customer product preferences, bodily dimensions, dietary habits, demographic characteristics, and other personal data. Something as simple as identifying a returning customer by IP address to display a tailored homepage is a form of data-based personalization.

This means that if you engage in e-commerce in the EU, you are virtually guaranteed to be subject to GDPR compliance. It doesn’t just apply to the Googles of the world.

  1. Public image, limited


The use (and misuse) of online consumer data is a hot topic, to say the least. Facebook continues to wrestle with allegations that foreign governments are targeting and manipulating its users based on their personal information. Providers of various “smart home” devices face questions over just how much user information (such as private conversation) is collected and stored. Mobile app users are asking how closely their movements are tracked.

The mere accusation of violating GDPR protocols could do serious damage to a retailer’s brand, in the US as well as the EU. Given the ubiquity of Google, it is unlikely the company will see any negative impact in the marketplace from its fine. But a smaller e-commerce company that is not as embedded in consumers’ daily lives might see its public image tarnished, with GDPR-compliant competitors ready to reap the benefits.

Is GDPR affecting how you design or operate your e-commerce site? Let me know at [email protected].
X
This ad will auto-close in 10 seconds