- What counts as PII?
- Who owns your data, and what rules should regulate how your data is bought and sold?
- What constitutes “freely given consent?”
- Can consent given in one context extend to another?
The first leg of the ARF’s program, the 2018 ARF Privacy Study, showed that consumers:
- Are willing to share aggregate, descriptive data, but they resist sharing data that might reveal their identification in the “real world,” e.g., their email, name, address, etc., as well as sensitive information like medical and financial data
- Do not change their willingness to share data when the promise of personalized advertising is offered in exchange
- Assign a low dollar value to general descriptive data such as gender, but view PII as priceless and most say they will not share it for any amount of money
- Poorly comprehend terms used in Terms & Conditions agreements (T&C)
The second phase consists of a recently launched ongoing survey of ARF Members on GDPR. Preliminary qualitative findings, based on the first 20 responses, are instructive:
- The most common steps taken have been consulting legal council, revising privacy policies, and revising opt in/out provisions
- GDPR has affected multiple areas of members’ operations, especially analytics and marketing
- While 70% of respondents said GDPR had affected their business less than expected, an equal number said they still plan to take future steps
- 71% thought that GDPR will change how the industry targets consumers
- Equal numbers of respondents — 43% — indicated future legislation will be burdensome to their business as did not
- 57% did not believe that current laws adequate protect consumers vs. 7% who think they do.
These efforts build on ARF CEO Scott McDonald’s concerns expressed at the ARF’s CONSUMERxSCIENCE conference in March. He noted that the explosive growth of consumer monitoring tools has increased consumer anxiety, fueled the implementation of GDPR in Europe, raised interest in regulation by various states, and prompted U.S. government hearings.