The General Data Protection Regulation (GDPR) came into effect in the European Union on May 25. The regulation is meant to protect consumer privacy and consumer data, as well as the processes that use that data to make decisions about consumers.
Marketers may think that if their data practices are compliant, then they can move forward without worrying too much about GDPR or e-privacy, but that's not the case. New technologies and techniques that use consumer data must also be put through the privacy lens. That includes the complex, such as AI and machine-learning, but also processes as commonplace as campaign targeting.
The Right to Opt Out of Machine Processes
The GDPR regulation requires consent from consumers to use their data, but it also requires consent for "profiling," which the regulation specifies as a "procedure which may involve a series of statistical deductions...often used to make predictions about people."
That includes any technical process that uses machine-learning, algorithms, or even simple rules to put people into buckets or make decisions about them. Examples cited most frequently include processes that automatically qualify people for certain products, such as credit cards.
Although profiling people in a way that hurts their ability to obtain credit, or even a medical procedure, has the most unsettling outcomes, profiling has far-reaching consequences that should be considered by marketers selling much less sensitive products as well.
A typical retail marketer will use consumer shopping data to determine which product image to include in an email marketing campaign. For instance, people who shopped for patio furniture might be shown an offer for an umbrella, whereas people who shopped for a new doormat might be shown an ad for a new mailbox. If you are using that type of "profiling," you probably need to obtain permission.
The Difference Between Targeting and Discrimination