Interesting interpretations of GDPR

I recently had to make a payment at a council office.

They had chip and pin payment terminals but told me that because of GDPR, they were being phased out in favour of online payments.

However, their interpretation of online payments was to hand them my card, which they then took to a computer in a corner and filled in an online form.

I’m not sure how this improves the experience or is more secure.

Changes to websites and services as a result of GDPR have been varied. Some businesses have implemented changes that are in the true spirit of the intention of GDPR, some have been useful, and some – like the example above – have been less successful.

Examples of websites trying to do the right thing

Plain language content about opting-in to newsletters
Screenshot of curry’s website where they tell users what they’ll use their email address for
Example where a website tells you they will only keep your details as long as they need to

Examples of websites/apps not doing the right thing

The example below shows an app being clear about what it uses my data for. I was surprised, although I probably shouldn’t have been, that they have so much access to the data on my phone outside of the app.

When reviewing their terms and conditions before clicking agree, all the items were marked as “off”. Happy that it had defaulted to off, I clicked “continue” instead of deleting the app.

When I logged into the app and reviewed the settings again, some were now active. But, again, thisĀ is not what I had agreed to.

This made me think about the prevalence of such tactics on websites, apps or services. Similar to a dark pattern, and some might argue worse, implementing changes resulting from GDPR coming into force has been inconsistent. Some businesses try to be compliant, some pay lip service, and some do not realise their responsibilities in this new world.

Categorised as Blog