Should we be more serious about privacy?


Privacy has taken a remarkable U-turn during the last couple of years. While everybody used to agree upon privacy being utterly dead and only those who had something to hide valued their privacy, privacy concerns have risen to unseen heights. Privacy is omnipresent in today’s media and the number of data breaches exploded during the last decade with the revelations of the Cambridge Analytica scandal being its summum.


What about the GDPR?


Privacy is seen as a fundamental human right more than ever before and a growing societal privacy concern has been answered by the EU in the form of the GDPR. The GDPR created a lot of buzz in Belgium as companies feared high fines for non-compliance and many consultancy agencies gladly benefited from this. However, this fear seemed to be misplaced in Belgium as illustrated in this report : up until today – 18 months after the implementation of the GDPR – fines have been issued for a combined amount of 39.000 euros. For comparison: in the Netherlands, the Data Protection Authority (DPA) issued fines for a total amount of more than one million euros while in France, fines have been issued for an amount of over 51 million. In the UK, fines amount up to 320.000 with two lawsuits pending for a combined amount of 329 (!) million euros.


Consumers and the GDPR


One could question how customers deal with the GDPR. Recent evidence has been found that the implementation of the GDPR primarily boosted consumers’ awareness about privacy issues and hence give rise to a decreased willingness to disclose personal data, in particular when highly sensitive information is requested (e.g. medical information and political preferences). The GDPR thus did not trigger a greater trust towards companies and the way they deal with personal data. The opposite is even true: the GDPR simply made customers more aware of their privacy rights and the potential downsides of sharing data, installing a great challenge for marketeers aiming at building personalized customer experiences based upon a continuous data collection.


The rise of post-privacy consumers


And yet, some talk about ‘post-privacy consumers’. While these consumers believe that technology such as facial recognition will be used everywhere to the extent that the concept of privacy will no longer exist, they expect digital data laws to fully regulate public and private data usage as such that privacy concerns will disappear too. This may seem paradoxical but post-privacy consumers expect privacy issues to be totally resolved so they can safely reap the benefits of a data-driven world. They envision a society where digital is an integral driver of the economy and productivity provided that governmental institutions strictly regulate and supervise data usage.


Privacy, a shared responsibility


Navigating data privacy in a data-driven world will be a shared responsibility of both businesses and governments.

For companies, transparency regarding data usage is a must. Therefore companies must clearly motivate a reasonable link between personalization and the collection of customer data. When communicating this, it should be clear how the customer benefits from sharing its data.

Additionally, data regulation and supervision is crucial. Whereas the GDPR has definitely been a step forward to alleviate privacy concerns, one should also question whether enough actions have been taken to give consequences to those companies who do not comply with the GDPR. Initially, the Belgian DPA acknowledged their passive role but assigned it to the matter that no eligible candidate could be found to represent the German-speaking community in the executive committee – typical Belgium. Six months ago, the committee was eventually formed and more actions to punish non-compliant firms were announced. Their words however do not match their actions: up until today, the role of the DPA remains very limited in Belgium and its creditworthiness has only slackened.