The European Union’s General Data Protection Regulation (GDPR) goes into effect this month and will completely overturn the way that businesses gather and circulate data about internet users.
The result is a pretty toothy regulation, the kind of thing that effectively outlaws many kinds of established business, which is a rarity — one imagines that there was a lot of Kubler-Ross-style processing of the news that asbestos was just not a suitable building material (“How about a little asbestos? Won’t someone think of the asbestos miners? You’re just racist against asbestos!”), before it was banned outright (likely because the point of the exercise was to wage a trade war with the USA in the guise of regulating privacy). With the GDPR, we’re skipping a lot of the intermediate steps and going straight to “acceptance” or at least “depression.”
One person who isn’t depressed is Seth Godin (previously), a heterodox marketing person who was recently inducted into the Marketing Hall of Fame. For decades, Godin has advocated for permission marketing: “the privilege (not the right) of delivering anticipated, personal and relevant messages to people who actually want to get them,” where “treating people with respect is the best way to earn their attention.”
Godin calls the GDPR “a net positive for people with something to say, something to sell or something to change. Because the noise will go down and trust will go up.” The law will clear the field of the worst actors, and the rest will find themselves with an open field where it will be easy to stand out and be seen.
Lessig has famously argued that the world is regulated by four forces: code (what’s technically possible), law (what’s legal), markets (what’s profitable) and norms (what’s socially acceptable). The GDPR represents a huge legal shift, which is arriving simultaneously with a technical shift (mass adoption of ad-blockers, which Doc Searls calls the biggest boycott in human history) and an emerging normative shift in the form of the #DeleteFacebook movement, which is on its way to treating your friends’ insistence that you use Facebook to communicate with them as akin to insisting that you inhale their second-hand smoke as a condition of socializing with them.
The thing that’s missing is markets, but the GDPR, combined with adblocking, combined with a mounting visceral horror of surveillance capitalism tees up a situation where markets might flourish.
I think of this as being a recapitulation of the rise and fall of popup ads, which evolved into extremely aggressive garbage that everyone (except advertisers) hated: publishers didn’t want to run them because readers didn’t want to see them, but because the advertisers held all the cards, they were able to dictate that popups would continue.
That is, until Opera and Mozilla shipped an on-by-default popup blocker that meant that popup ads were simply invisible to an ever-growing slice of the readership. Advertisers didn’t care if they tarnished the reputation of publishers or frustrated users who weren’t in the market for their messages; they just cared about reaching the readers who were receptive, and they had to compete with other aggressive marketers to attain that, so the popups got worse and worse until they were banished by the readers and the toolsmiths.
The growth of surveillance-based advertising started with a lack of trust between advertisers and publishers, a suspicion of clickfraud and inflated reader-counts used to overbill advertisers. The advertisers and their reps found a helpful, free set of tools to independently monitor their ad performance — tools that were offered free by data brokers who sucked up user data while they were verifying adviews and clicks.
This dynamic — in which companies that no one had ever heard of cleverly inserted themselves into the value chain between advertisers, publishers and readers, and siphoned off the lion’s share of the money in the business — did not produce a “market” for your personal information and attention. In a market, you make conscious choices to make purchases after negotiating (or at least seeing) the price.
The privacy-hemorrhaging defaults of the major browsers (now shifting in response to user demand, expressed through adblockers, scriptblockers, and other plugins) meant that the “sellers” were able to name a price and extract it from you in perfect secrecy — secrecy so fine that you may not have even realized you’d made a transaction and may never have learned the identity of the person you transacted with.
Here’s where Godin comes in: he argues that GDPR (to which I’d add adblocking and #DeleteFacebook) will create an actual market, where getting permission to send messages to a user requires that marketers make a compelling proposition, rather than simply compelling compliance.
As a publisher, I’d like to hope that this means that we’ll benefit, as our good reputation makes our readers willing to trust us, and as that becomes something we can use to command good rates from advertisers. But of course, it remains to be seen.
There are two ways to look at this.
1. Lawyers and yield-maximizers can find ways to use fine print and digital maneuvers to get the same sort of low-grade tolerance and low-impact marketing they’ve always gotten. Industrialise interactions! The marketing machine at their organization has an insatiable appetite for attention, for data and for clicks, and they will skirt the edges to get more than their fair share.
2. Realize that the GDPR is a net positive for people with something to say, something to sell or something to change. Because the noise will go down and trust will go up. Embrace this insight and you can avoid the hit and run low-yield spam that marketers have backed themselves into.
Talk to people who want to be talked to.
Market to people who want to be marketed to.
Because anticipated, personal and relevant messages will always outperform spam.
And spam is in the eye of the recipient.
In two simple words: Ask First.
GDPR and the marketer’s dilemma [Seth Godin]