Among this year's top European exports are Volkswagen, Nutella and Chanel. Will the General Data Protection Regulation (GDPR) join the list?
As Facebook CEO Mark Zuckerberg testifies before Congress, speculation is swirling as to whether Facebook will integrate portions of GDPR into preventive measures it is taking against future data leaks and election meddling. GDPR, which restricts and regulates the use of personal data by companies and goes into effect in the European Union in May 2018, has been a source of consternation for international brands operating in Europe, which will need to rigorously report and drastically reduce the data they collect on consumers.
But even brands operating solely in the U.S. now have strong reasons to fear (and begin preparing for) GDPR. Here are three reasons suggesting this is not a drill:
Zuckerberg is on board. In an April 4 conference call detailing his upcoming appearance on Capitol Hill, Zuckerberg told reporters, “Overall I think regulations like this are very positive...We intend to make all the same controls available everywhere, not just in Europe." The April 4 statement sharpened a more vague promise the day previous, when Zuckerberg told Reuters, “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing."
Cambridge Analytica breach affects millions. Following the Cambridge Analytica revelations in March, Facebook notified 87 million users that their profile data was likely harvested by the British firm. And an April 10 report in Wired suggests private messages may also have been impacted. While Americans may have previously taken a laissez-faire approach to their social media data, the sheer amount of press coverage around the Cambridge Analytica scandal and subsequent notification of users by Facebook has clarified how their data is used by corporations. With the Cambridge Analytica story compounding the issues of election meddling and fake news propagation, it's likely that users will continue to demand more transparency around how their data is used by brands and political entities.
The hunt for data abusers begins. On the same day Zuckerberg is facing lawmakers in Washington, D.C., Facebook has launched a Data Abuse Bounty "to reward people who report any misuse of data by app developers," according to a company blog post by Facebook's head of product security Collin Greene. The reward for correctly reporting a culprit is up to $40,000. The program will reward those with "first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence," the post says.
Whether or not your brand collects or uses Facebook data, it's probably a good idea to read up on GDPR basics on the GDPR website if you are unfamiliar. It may also be worth getting a group of executives in a room to field questions and concerns or discuss appointing a data protection officer (as suggested by the website FAQ). While the specifics around how GDPR will affect U.S. brands are yet unknown, one thing is certain: Brands will rely heavily on professional communicators to keep stakeholders, audiences and customers aware of how their data is being used—and protect them, should Dog the Data Abuse Bounty Hunter show up on their doorstep.
Follow Sophie: @SophieMaerowitz