A cathartic moment for the digital industry
The digital industry has a long-standing history of neglecting data protection and user privacy. GDPR is a kind of collective punishment for an industry that still believes to be entitled to all kinds of data usage and misusage.
“The primary business model of the Internet is built on mass surveillance”, Bruce Schneier once wrote. That's a sobering thought. Five years after Schneier's statement, major changes are now imminent, due to the EU General Data Protection Regulation (GDPR), effective this Friday, May 25. You have probably already noticed the rising panic levels in the digital industry. Surveillance in its many different forms and flavours gets at least harder in those parts of the web that are governed by EU legislation.
Doc Searls, one of the authors of the Cluetrain Manifesto, even predicts that GDPR will pop the adtech bubble. “Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened”, he asserts. His long, elaborate, and link-laden post lays out in many details what's wrong with the adtech space and what will change after the GDPR sunrise later this week. This only adds to our questions regarding the future of digital marketing in general and adtech in particular.
But is the primary business model of the internet (Schneier) really going to change? This question resembles the old debate whether capitalism will go away or not. The answer to both questions is: It depends. Is our current, digital economy correctly characterised by the combination of capitalism and surveillance, and thus dubbed surveillance capitalism, as Shoshana Zuboff and others argue? It seems certainly true that data is the lifeblood of today's economy. We produce and share lots of data, and our digital activities generate even more data. Value is extracted from those data, and the digital industry appropriates that value (and the data).
The digital industry has a long-standing history of neglecting data protection and user privacy. GDPR is a kind of collective punishment for an industry that still believes to be entitled to all kinds of data usage and misusage. Not that digital capitalists usually wouldn't protect the data they have, notwithstanding scandals like Cambridge Analytica. But more often than not, we are tracking people without their knowledge, approval or a court order. Under GDPR, this behaviour will change significantly, due to hefty possible fines. We already see companies delete data they shouldn't store, removing tracking code they don't really need and asking for permission to use what remains.
Will this massive ongoing spring cleaning of data lead to a real catharsis?