Interesting interpretations of GDPR

Posted on May 29, 2018

I recently had to make a payment at a council office.

They had chip and pin payment terminals but told me that because of GDPR they were being phased out in favour of online payments.

However, their interpretation of online payments was to hand them my card which they then took to a computer in a corner and filled in an online form.

I’m not sure how this improves the experience or is an any way more secure.

Changes to websites and services as a result of GDPR have been varied. Some businesses have implemented changes that are in the true spirit of the intention of GDPR, some have been useful and some – like the example above – have been less successful.

Examples of websites trying to do the right thing

Plain language content about opting-in to newsletters

Screenshot of curry’s website where they tell users what they’ll use their email address for

example where a website tells you they will only keep your details as long as they need to

Examples of websites/apps not doing the right thing

The example below shows an app being clear about what it uses my data for. I was surprised, although I probably shouldn’t have been, that they have so much access to the data on my phone outside of the app.

When reviewing their terms and conditions before clicking agree, all the items were marked as “off”. Happy that it had defaulted to off, I clicked “continue”, instead of deleting the app.

When I logged into the app and reviewed the settings again, some were now active. This is not what I had agreed to.

This made me think about the prevalence of such tactics on websites, apps or services. Similar to a dark pattern, and some might argue worse, the implementation of changes as a result of GDPR coming into force has been inconsistent. Some businesses try to be compliant, some pay lip service and some do not realise what their responsibilities are in this new world.