You are here

“We’ve Updated Our Privacy Policy”: How the EU’s New Data Protection Law is Changing Data Policy Considerations for American Retailers

Karin K. Rivard's picture
Published: 28/06/18 - Country: United States

Co-authors

If you have ever made an online purchase, chances are that you have received at least one email in the last month notifying you that a company’s privacy policy has changed. These emails are part of efforts to comply with the General Data Protection Regulation (known as the “GDPR”), a European Union data protection law that went into effect on May 25 of this year. Passed in 2016, the GDPR is widely regarded as the toughest data protection law in the world.

The law emphasizes transparency by requiring companies to secure the personal data of their consumers, to write privacy policies in conspicuous and straightforward language, to obtain affirmative consent from users before their data can be used, and to limit the scope of use of consumer data to a clearly defined purpose. It aims to strengthen consumer rights and to make the digital data standard “privacy by default,” giving individuals the right to access a copy of the data any business keeps on them, to move their data from one platform to another, and to have their information deleted from a platform all together. Companies found to be noncompliant can face fines of up to the greater of 20 million Euros or 4% of their annual global revenue. While the law applies only to companies that handle the personal data of EU residents (and not all such companies are subject to it), the global nature of e-commerce means that the GDPR has the potential to affect any company that markets products online, irrespective of the company’s geographic location.

This new GDPR standard, compounded by the public backlash and calls for US data protection legislation after the Facebook Cambridge Analytica scandal and massive data breaches weathered by companies like Equifax and Uber, is helping to shift consumer expectations of privacy. Companies are responding by changing their privacy policies and overhauling their use of personal data. In April, Mark Zuckerberg announced that Facebook would be offering the same level of privacy controls required by the EU law to users all around the world.

If the volume of emails notifying consumers about updated privacy policies is any indication, other US companies are quickly following suit. Retailers have already been working to prioritize data security over the last few years, spending millions of dollars a year to bolster protections and to hire cybersecurity experts. The GDPR’s added focus on transparency and narrower use of personal data, however, creates a new need for retailers to adapt and use consumer data in pointed, innovative ways, while also maintaining protection and security, so that consumers will be incentivized to opt into sharing their data. And, of course, any updated privacy commitments made to consumers must conform to what the retailer is actually doing, whether for GDPR compliance or other purposes.

At first blush, retailers may perceive this shift as daunting, especially since consumer data has become the driving force behind advertising strategies with the evolution of technology and e-commerce. However, a move away from the current status quo of largely unfettered use of consumer data does not necessarily have to stifle retailers’ efforts to achieve strategic omni-channel loyalty. Rather, it presents a unique opportunity for retailers to further curate consumers’ personal experiences while simultaneously demonstrating their own loyalty to consumers through the implementation of mindful, honest practices concerning data collection, use, and protection.

We are a global services company with local knowledge.
We meet You wherever You are and lead You wherever You want.
Ask us how

Article Rating: 
Average: 4.2 (6 votes)
Total reads: 265
Karin K. Rivard's picture

Karin structures and negotiates both simple and sophisticated business transactions, with a focus on transactions that monetize or depend on intellectual property. 

Karin helps clients develop ideas into products, structure and enter into strategic alliances and collaborations, and optimize product sales and distribution. By protecting and monetizing their intellectual property (including patents, copyrights, trademarks and trade secrets) these clients earn revenue from pharmaceutical, consumer and agricultural products, medical devices, software and services. 

Co-authors

As an Associate in the firm's Real Estate Group, Kathryn (Katie) Hess focuses her practice on commercial real estate matters including acquisitions, financing and leasing. 

While in law school, Katie was a legal intern for the Honorable Doris Ling-Cohan, Associate Justice at the New York State Appellate Division of the Supreme Court where she drafted legal memoranda with ruling recommendations regarding Appellate Term, criminal appeals, and civil cases.  She also interned at the Brennan Center for Justice at the NYU School of Law and worked at a boutique law firm focusing on employment litigation.