Why GDPR is Bad News for The Small Business

Make no mistake GDPR the most significant new framework for data regulation in recent history with far-reaching implications that I don't think anyone has really addressed as most are too busy congratulating themselves on their monumental piece of legislation.

GDPR has internet businesses who have had carte blanche in recent years to stand up and take not and fall into the line of compliance. Not only does every company that does business with an EU citizen have to comply with GDPR, but most dominant Internet companies (like Google, Facebook, etc.) have already announced they intend to export the “spirit” of GDPR to all of their customers, regardless of their physical location.

Given the fact that most governments don't know how the internet works still don’t know how to deal with the subject of data as a social or legal asset, GDPR is likely the most important new social contract between consumers, business, and government in the Internet’s history.

When looking at what GDPR is about and what it has to offer it seems like a raw deal for all internet businesses except the major players. Whether its complete oversight and ignorance or done on purpose to protect the oligarchy that is the modern internet I do not know but regardless of the motivations the effects will remain the same.

The parties involved

GDPR has been in the works for some time, but its recent deploy is somewhat reactionary to the outcry of data manipulation which made headlines recently when Facebook and the Cambridge Analytica scandal was publicised.

The legislation is a response to what many call “surveillance capitalism,” a business model is driven in large part (but not entirely) by the rise of digital marketing. Which is of course how I earn my salary and why I'm quite vested in the way legislation could affect my livelihood, so assume my bias on the next few points.

Corporations and governments are collecting too much data about consumers and citizens, often without our express consent and it's merely assumed or and as consumers, we don't think very little of the trade-off. Users privacy and our “right to be left alone” are in peril.

So to understand why this is an unhealthy relationship and why regulation will only push you deeper down the rabbit hole you need to understand the parties at play, how they benefit and their role in the current ecosystem.

Ready player one - The heavy hitters

It's not entirely the fault of a business, they've suckered us in droves, and we fell for it. Internet users are free to browse and explore the internet how they see fit, but they elect to use services like Google and Facebook because it's easy to use, its the social norm and of course its free. The trade-off for free services will naturally come in other forms of monetization.

Users have become hooked on free services then spend a penny on accredited services, and this is how and why these businesses or rather websites are able to rapidly scale they way they have.

While surveillance capitalism is best understood as a living system — an ecosystem made up of many different actors — there are essentially three main players when it comes to collecting and leveraging personal data. First are the Internet giants — companies like Amazon, Google and Facebook.

These companies looked at “At Scale First Parties” before revenue, and as a result, they had a direct relationship with their customers and created a dependency on their services, they can quickly acquire consent from us to exploit our data.

Ben Thompson calls these players “aggregators” — they’ve aggregated important first-party relationships with hundreds of millions or even billions of consumers. What this essentially means is that they form the relationship and if anyone of us wants access to that we pay Google, Facebook or Amazon to vouch on our behalf and send clients our way.

Ready player 2 - The opportunists

The second group are the thousands of adtech players. These are companies that have grown up in the tangled, mostly open mess of the World Wide Web, mainly in the service of publishing and selling digital real estate.

They collect data on consumers’ behaviours across the Internet and sell that data to marketers in astonishingly varied and complex ways. Most of these companies have no “first party” relationship to consumers. Instead, they are “third parties” — they collect their data by securing relationships with sub-scale first parties like publishers and app makers.

This ecosystem lives in an uneasy and increasingly weak position relative to the At Scale First Parties like Google and Facebook, who have inarguably consolidated power over the digital advertising marketplace.

Now, some say that companies such as Netflix, Amazon and Apple are not driven by an advertising model, and therefore are free of the negative externalities incumbent to players like Facebook and Google.

To this argument, I gently remind the reader: All at scale “first party” companies leverage personal data to drive their business, regardless of whether they have “advertising” as their core revenue stream.

And there are plenty of externalities, whether positive or negative, that arise when companies use data, processing power, and algorithms to determine what you might and might not experience through their services. This is called data analysis, data mining, big data and leads to CRM which we as digital markers have become increasingly good at.

Manipulating consumer trends and behaviour based on the set of data provided has become a very profitable way to extend the longevity of the relationship with the consumer. The longer we keep you on, the more data we get, the better we can manipulate your decision making.

Ready player 3 - Governments

The third major player in all of this, of course, are governments. Governments collect a ton of data about their citizens. However, they’re not close to being as good at exploiting that data as are the first and third party corporate players. In fact, most governments rely heavily on corporate players to make sense of the information they control.

Ready player 4 - The Benchwarmers

This is where the rest of us fall under, the sites that make up the majority of the internet trying to carve out a living online. We're fully dependent on Google, Facebook, Display networks for the majority if not all of our leads and hope to eventually convert some of them to direct customers. This section of the internet are also the ones with the most to lose from GDPR.

Why I'm apposed GDPR

Until recently, first and third party corporate entities have had pretty much free reign to do whatever they want with our data. But we are now lead to believe that this all changed with GDPR. But the reality we're only sold a narrative of protection with nearly all sweeping regulation, happening to favours the big players I've mentioned earlier.

Asking a consumer who has been hooked on Google, Facebook or Amazon for years for “consent” from the billions of consumers who use their services is a no-brainer. How many of you said no to Facebook or Google since 25th? You’re quite likely to click “I Consent” or “Yes” when a GDPR form is put in between you and your next hit of Facebook newsfeed.

However, you’re utterly unlikely to do the same when a small publisher asks for your consent via their email and effectively the small business has now lost a lead which It needs to get back somehow.

So where do they turn? To the big players with the established relationship, showering them with cash in exchange for new leads or rather old leads with new consent. At Scale First Party companies can leverage GDPR to increase their power and further protect their businesses from smaller competitors. The innovation ecosystem loses, and the tech oligarchy is strengthened.

As someone who practices digital marketing for a host of start-ups, I can tell you that a direct lead is always better than begging scale parties for traffic. But trying to build up your own database takes time and costs you a pretty penny and now to have that ripped away by GDPR to start afresh will be a bitter pill to swallow for many sites around the world.

Self-regulation of data sharing

It’s clear by the narrative sold to us that GDPR, with its well-intentioned ways, will not have the desired effect. Instead of limiting the reach of the most powerful players operating in the world of data, it has in fact achieved the opposite effect and created an even more significant gap for startups to bridge in order to compete for market share.

GDPR shows that government regulation and the internet are not made to mix. The internet evolves every second and keeping legislation relevant and up to date will be impossible. 

Regulation on the internet needs to be nimble and nuanced and this can only come from a free market philosophy where the consumer decides and not be protected by a blanket rule of one size fits all.

Instead of putting the onus on businesses to beat down their consumers' doors to make sure they want to hear from them and saying we're now helping protect consumers and coddle them even further.

I feel consumers should own and protect their own right to privacy and with whom they share their data with. We need instil a sense of ownership and transparency across the internet and create an open consensus protocal that allows consumers to dictate, how, if, when and where they would like to be reached by sites online.

When consumers are armed with knowledge and the ability to open or restrict access to their data we could see a much more open and free market when it comes to data mining and the monetisation thereof.

Contact us

If you want to know more about GDPR compliance, don’t be shy we’re happy to assist. Simply contact us here