The EU is shifting privacy law.
There’s about to be an enormous shift in how data is collected and used online. The European Union is implementing the General Data Protection Regulation, or GDPR. While in theory it only applies to the European Union, if you have a customer within the EU’s jurisdiction that you’re pushing to, then you need to know about GDPR.
The GDPR And Push Notifications
The good news is that push notifications, themselves, are not really an issue with the GDPR and the data you collect from A/B testing, for example, is not generally something the law is concerned with. You are free to push anything you want, within the bounds of good taste and your brand, of course, and you won’t fall afoul of the law. However, much of what you collect to push out notifications does fall under the law, and it’s worth being aware of your obligations.
What the GDPR is concerned with is the data you might use to personalize those push notifications. In a broad sense, think of “general data” as “data your customer provides to you.” This can be a profile they fill out on their website, it can be their purchase history, it can be bits of information they have disclosed to you through other channels. It doesn’t matter if you’re an EU business or not; if your customers are under EU rule, then the GDPR applies, regardless of the physical location of your business. So if you personalize your notifications at all, you will need to sit down and take a look at the nitty-gritty with a legal expert. What’s most important here, though, is that GDPR compliance, in a broad sense, is really just good customer service.
How will the EU GDPR change the internet?
The GDPR And Common Sense
To start with, the GDPR wants “intelligible” disclosures about data use. That is, anybody can look at a webpage and understand exactly what they’re giving to a person on that page and how they’ll use that data. While you might want to have a lawyer look at your site to ensure that you’re also in compliance with local law, that’s really just common sense customer service.
Similarly, the GDPR gives customers the right to know how the data they give you is being used at any point, the right to receive that data in a machine-readable format that can be sent to somebody else, the right to have data that isn’t relevant to the public interest expunged, and “privacy by design,” that is, that your data systems are built from the ground up to protect your customers and their privacy. Really, quite a bit of this is probably things you do already, in one form or another, or can easily get caught up with.
Just because it doesn’t affect your push notifications directly doesn’t mean you shouldn’t be fully briefed on, and fully in compliance with the GDPR. In many ways, all it does is codify best practices for internet privacy and respectful interaction with your customers. The best way to approach it is to ask yourself how clear you are with your customers when it comes to their data, and how you can better answer their question. Want to learn more about push? Get a free trial of Pushnami!