With GDPR now in full force, do consumers feel like they have gained more control over their personal data?
Are retailers always watching?
Recently The Daily Mail published an article- Secretly filmed while you shop. The article uncovered that although GDPR may be in force, it doesn’t mean that consumers’ privacy is anymore protected.
It has come to light that big high street names, including Tesco, Boots and Co-Op, have been filming shoppers to gain behavioral insight. These companies are all commissioned by SBXL- Shopping Behaviour Xplained Ltd. SBXL have boasted that they can ‘manipulate the emotions and behavior of shoppers’, thus to increase takings.
SBXL have their own Youtube channel where they post videos of shoppers, clearly violating consumers privacy and the laws. One video shows a shopper “browsing the cheese aisle in Sainsbury’s, then another close-up of an Asda shopper yawning in a magazine aisle and a man anxiously consulting his shopping list by the coffee shelves in Tesco.”
A spokesman for SBXL said the research was carried out with the full cooperation of the public. Boots also commented that clear signage was used to inform customers they were being filmed for market research. Yet, there is still a grey area. What if the customer does not see the sign; thus they have not consented to being filmed?
The article raises concerns about how CCTV is being used, once only a way of safety and theft precautions, now a source of target marketing and shopper insight.
We asked our GRC Products Director Oliver Vistisen on his thoughts as to whether GDPR has actually made a difference to the consumers’ privacy.
“Other than making websites more obtrusive with upfront privacy notices, we don’t believe users are perceiving a fundamental change in how their data is being handled. Many online experiences still fail to comply with basic GDPR rules, forcing users to opt-out and deliberately making the process to manage privacy settings intentionally confusing. Others have simply ignored the requirements, which appears to be more common for organizations outside of Europe.”
“The uptake on data protection services and technology to address the requirements of GDPR has slowed down since the regulation came into force. The significance of GDPR appears to have been lost on the majority of organizations, seeing the regulation as an administrative burden above and beyond their existing operations, rather than an opportunity to revise procedures from top to bottom to win back customer trust.”
“In practical terms, not a lot of action has been taken on the 206,326 cases reported to all the Data Protection Authorities across the EU in the first nine months since GDPR case into force:
- 94622 Complaints, 64684 data breach notifications, 47020 other
- Of the €55,955,871 worth of fines to date, Googles £50m fine from Frances CNIL accounts for nearly 90% of that.
However, there are bigger fines coming as the ICO has announced its intention to fine British Airways £183.39 million for a 2018 breach compromising the personal data of approximately 500,000 customers. The ICO has also stated its intention to fine Marriott International £99,200,396 when “a cyber incident” exposed approximately 339 million customer records.
It is clear that national regulators are having to grow and learn how to cope with GDPR as much as businesses are. We suspect that once they get staffed and experienced enough, they will start to pursue the larger and more significant cases. Until a successful fine is made, however, momentum on data privacy appears to be stalling.”
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud connects the dots with Integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset. SureCloud has been recognized in the 2019 Gartner Magic Quadrant for Integrated Risk Management Solutions.