Unless you do not use emails, you should by now have been spammed by a large number of messages asking you to “opt-in” to keep on receiving marketing material from the issuer. This jocose incongruity highlights only one of the many loopholes of the GDPR law, whose original intention was to reduce the number of unwanted emails.
As someone who receives an average of 300 emails per day, of which a very large number are spams or scans, I do appreciate the need for some sort of solution, but as usual, governments’ regulation has not been thought through carefully and the law will be difficult, if not impossible, to implement comprehensively.
Let’s take the “opt-in” process for example. The idea is that EU residents who “opt-in” are proactively agreeing to share their personal data with you. But what if they don’t read the opt-in email or don’t receive it, or just forget to opt-in or unsubscribe? Can you send a reminder? Two? One every 3 months?
Another incongruence is the “right to be forgotten”. Besides the technical difficulties of erasing historical data stored in remote backups that nobody knows how to restore anyway, once removed from the system, the system can no longer alert you that the data being introduced are from an EU resident who wants “to be forgotten”. In other words, to enforce one’s right to be forgotten, one needs to be identifiable or faces the risk of being re-registered. To be or not to be is no longer the question. You need to be if you want to be “not to be”.
And last but not least, you need to be able to tell where the data are coming from. “They are coming from a business card that you handed over a few weeks ago of course. Can’t you remember? Neither can I but this is what our system is saying.” Prove it wrong.
Beside those loopholes, what worries (upsets?) me more, is that these kinds of law always favour the well-off.
Let’s take the M&A sector for example. There is a generally accepted principle saying that the larger the number of contacts, the higher the probability of identifying the best counter-party.
Thanks to the Internet and digital networks, by reaching out to counterparties anywhere in the world, small players can compete against mastodons like the big 4 or global investment banks.
The GDPR law is a double whammy to M&A boutiques and free-lancers because not only will they have to invest their scarce resources to update their IT systems accordingly, but also, will they struggle to maintain a database of active contacts.
Indeed, where large companies can afford to pay telemarking services to keep their network active and have a large pipeline of opportunities to allure counter-parties to “opt-in”, smaller companies, who cannot keep the relationships alive with automated mailings, will see their contact database shrink dramatically.
With the GDPR law, the European Union, so concerned with an unfair competition of mammoth companies the like of Amazon, Google or Facebook, is in reality, favouring bigger organisations against entrepreneurial ones.