Editor's Note: the following is for information purposes only. Individual companies should seek legal counsel for guidance on their specific situation.
Ah, General Data Protection Regulation. Don’t those words just conjure warm feelings of bureaucracy, red tape, and legal documentation? I don’t know about you, but the first time I heard about GDPR, I had one of these moments:
The European Commission proposed this new law to unify and strengthen data protections for individuals living in the European Union, and address any of the data exported outside of the EU. The law goes into effect on May 25, 2018. You can dive a little deeper into the subject here (and nervously watch their countdown clock).
So why should we care? Well, for one, violations carry a stiff penalty of €20 million or 4 percent of annual revenue. I’d say that’s reason enough to start figuring out how to comply – especially if you conduct business in the European Union.
It’s important to recognize that while this law originated in the EU, it still applies to many US companies. According to Gemalto, a global digital security firm based in Amsterdam:
"With the demise of Safe Harbor, U.S. companies that export and handle the personal data of European citizens will also need to comply with the new requirements put forth or be subject to the same consequences."
The implications of this law will be felt around the world, and companies are already starting to implement systems and processes to comply with the law. This most notably takes on the appearance of a small-type consent feature on the first visit to a website.
While most website owners are spending their effort on proper compliance — of course this should be the highest priority — it is important to consider the user experience. Marketers and designers should take these requirements and create consent experiences that are clear, helpful, and informative.
There are a variety of ways to handle consent implementation, from push-in notifications on the bottom of a screen to a more invasive pop-up. Below are just a few examples that show how companies are implementing and wording the language around this new business requirement.
The message at the bottom of this screen reads:
Translation: My way or the highway. This isn’t an overly welcoming statement. I would suggest revising the tone of the message or removing the last sentence altogether.
Emso features a full screen consent experience that requires the user to scroll to the end of the disclaimer to click “I agree.”
Translation: You have no excuse not to know what you’re getting into. However, no one (except a few bored lawyers) is going to read this. This is clearly the organization’s CYA statement. Barriers like these are a poor user experience and likely cause high bounce rates. While this approach may be recommended by a legal team, I would suggest putting a short consent agreement statement in a pop-up and linking to the full disclaimer on a separate page.
The message at the bottom reads:
If not yet made abundantly clear, none of my opinions represent legal advice. However, from a marketing and user experience perspective, I do believe there are some important considerations. The way your website visitors interpret, experience, and interact with your website affects overall engagement and any potential conversion. That’s why every feature, component, or asset on your website should be given a critical look.
A Few Ideas About Designing A Consent Experience
- Talk to a lawyer.
- Long consent agreements cause confusion. Link to a full explanation instead.
- Use normal, plain language. Legal speak will scare and confuse your visitors.
- Are you planning to use a pop-up, slide-in, other type of violator? These approaches will affect your user experience differently, so consider the implications.
- Communicate the benefits of accepting the cookie. Businesses use these to make the visitor’s experience more relevant and helpful. This should be part of the consent experience.
- Be a decent human being. Remember: privacy is important to people. Don’t sell data or use it to cause harm. Karma is real.
Data privacy in marketing is bound to be a topic of concern for years to come. As consumers become more aware that their activities online can and will be used to deliver personalized or individualized experiences, the onus will be on companies to establish and maintain trust with its users. The experiences we design to help and inform visitors that this is occurring is vital to the success of this technology over the long term.