Google and Facebook are likely to encounter critical challenges when the General Data Protection Regulation comes into force next May.
New analysis reveals that the two firms may face issues particularly due to the way they utilize personal data for advertisement. Problems that Google and Facebook will likely grapple with from next year include disruption of their present business models. Both firms will be incapable of utilizing service-wide opt-in for every operation.
Alternatively, service users who decline to opt-in to tracking will have their access denied. Intrinsically, such interruptions will interfere with the firms’ use of private data for advertising. With such changes, some segments of their business will experience more interruptions.
Companies face various levels of risks in business. PageFair created a General Data Protection Regulation scale that rates such risks from zero to five. According to this scale, companies that fall into the zero risk level are those that have their business out of the scope of the GDPR. Those firms that are rated at risk level of five require opt-in approval. In addition, they are unable to communicate with the users. The estimated risk level for Google products is four. This implies that Google has a direct association with its users, but the users are limited concerning granting opt-in consent. The same applies to WhatsApp and Facebook’s Audience Network as both are rated at risk level of four.
Despite having direct associations with users and enjoying a well-defined privacy requests structure, both Google and Facebook will not escape the regulation’s interruption when it takes effect. Some sections of Google and Facebook’s business will be particularly vulnerable to GDPR hence experience significant challenges.
Although these firms can process essential data to grant users requested services, it will be difficult to utilize such data for other reasons because that would require user permission. The critical issue for both Google and Facebook businesses remains the fact that users may never approve the use of their data when asked to consent.