How did marketers let GDPR happen?


Share on LinkedIn

I teach classes for the Rutgers Business School Executive Education, so I cross paths with savvy digital marketers on a constant basis. I have been asking them the same question for the last three years, “If people are really getting creeped out by the way marketers are sneaking around with their data, how come no one has started a business around data privacy?” And I never really got an answer that I understood. Not once.

The basis for my question is that most students in the class were unnerved by Google reading their emails and Facebook knowing who their friends are, but no one ever quit Google or Facebook. Why? Because no good alternative existed. At least that’s what they told me.

But I wanted to understand why. Why does no good alternative exist?

If everyone is so excited about lack of privacy, why hasn’t some clever entrepreneur made one? If everyone is creeped out by the data they are giving up, why haven’t companies taken a pledge to never misuse your data, to get rid of it when you ask, and do it quickly and without complaining?

Well, I always thought that was a market opportunity, but it isn’t any more. That is now the law of the land because GDPR requires that of any company that wants to do business with a European citizen–which is just about any company bigger than your local pizzeria. For those caught unaware, The EU is now enforcing the General Data Protection Regulation to limit what companies can do with data about people and to increase each person’s right to control their data.

Because we as marketers would rather compete with each other to grab every piece of data we can, rather than serve our customers, GDPR happened. Because it was easier to sneak another paragraph into the terms and conditions than to do the right thing, GDPR happened. Because some clever Cals took advantage of every possible technology to identify people, even IP addresses, GDPR happened.

So where are we now?

I have had to send emails in the last month to everyone on my Christmas Card email list asking them to opt back in. Now, you might think this is overkill (and several respondents asked me if this was a joke), but I am deadly serious about it.

Some have asked me, “Are you really worried the the European Union is going to sue little old you?” No, I am not. But I work with many large companies as clients, and guess what they wrote into their latest contracts with me? That I promise to comply with GDPR and that I will allow them to inspect our procedures and audit our compliance at any time. So that well-meaning language leads us down the road of asking my Christmas Card list to opt back in.

It didn’t have to come to this.

Marketers deserve GDPR because of the way they have rapaciously used every sliver of data they could get their hands on. Maybe not all of you did it. But enough of you did (and almost none of you swore off the practices) that eventually a government (a kind of important one at that) decided that regulation was the only thing you would listen to. And so now you have it.

And I have heard people complain that enforcing GDPR will “break the Internet.” But that won’t happen. The EU is smarter than that. What will happen is that every court case will clarify what it means until the greedy marketing data beast has been driven back. If you thought that we could pull a fast one on all of our customers forever, well the backlash has begun, and with it, marketers again appear to be low-life manipulators who would sell their own mother for another point of revenue.

I’m sorry that this happened, but I have to admit that I am not surprised. I have been asking about this for years.

Republished with author's permission from original post.

Mike Moran
Mike Moran is an expert in internet marketing, search technology, social media, web personalization, and web metrics, who, as a Certified Speaking Professional, regularly makes speaking appearances. His previous appearances include keynote speaking appearances worldwide. Mike is the co-author of Outside-In Marketing and the best-selling Search Engine Marketing, Inc. He is also the author of the acclaimed internet marketing book, Do It Wrong Quickly: How the Web Changes the Old Marketing Rules. Mike founded and writes for Biznology® and writes regularly for other blogs.


  1. First things first: When I read “Because we as marketers would rather …grab every piece of data we can, rather than serve our customers, GDPR happened,” I started laughing and almost passed my coffee through my nose. Give a guy a warning would you?

    Brilliantly stated. Unfortunately, data has always had the potential to be misused, and those who see marketing and integrity as mutually exclusive are the cause of GDPR.

  2. Hi Mike: While I share your view that most marketers put their own interests before those of their customers – and that is certainly the case with the companies that own the largest consumer data repositories – I don’t think we’ll see the greedy marketing beast driven back. To use another metaphor, that ship has already sailed. As consumers, we can never take back the data that we’ve already given up. And there’s a lot of it. The best that can happen now is for sensible regulation to minimize consumer harm by curtailing the potential for dishonest, unscrupulous, and nefarious use of our data. GDPR was a laudable first step toward that goal.

    Though many US companies will be compelled to comply with GDPR, don’t look for similar legislation here. I have written several articles on this topic, and my research revealed that the last meaningful consumer data privacy law was in 2009 (?). I don’t remember the year exactly, which is an artifact of how lax legislators have been in ensuring consumers are protected. As practitioners and consumers, it also demonstrates how willfully ignorant we’ve been regarding the risks of giving up intimate personal information online. Further, our current president hasn’t shown that . . . how do you say . . . he is terribly concerned about protecting consumers from much of anything.

    I blame the lack of regulation in the US as much on consumers as I do on predatory marketers. Compared to Europe, there’s little public will to protect our data. “Millennials demand personalization.” – I’ve read it many times. But online personalization and privacy don’t play well together. The ability for companies to provide personalization requires gobs and gobs of data, and consumers – millennials in particular -have been delighted to provide it. The big scam that consumers will one day recognize is that companies have used the personalization appeal to entice consumers to willingly relinquish their information. Data is what companies salivate over. Who sees it, how it’s used, and how long it’s kept – who cares! As long as no one has to suffer the indignity of not being ‘known’ when he or she goes online to buy movie tickets. To me, this seems nuts.

    Your title implies that marketers 1) have control of regulation in the first place, and 2) that regulation is a bad thing for marketers. I think both are not true. Done right, regulation can restore – or preserve – consumer trust in a system that is arguably not trustworthy. Marketers can certainly influence regulation, but as the quote goes “there is nothing more powerful than an idea whose time has come.” I don’t know who said it. I could look it up, but Google will archive it in my search history.

  3. Thanks for your feedback, Shaun. Glad I could make you laugh (but sorry about the coffee). Love the way you phrased seeing integrity and marketing as mutually exclusive–that says it better than I did.

  4. Hi Andrew,
    I appreciate your comment, but I would like to clarify some things you said. First, I do think that if marketers had offered a true choice to consumers about how their data was used that GDPR might not have happened. That isn’t as strong as saying marketers have control over regulation–just saying that governments don’t bother to pass laws against bad behavior that has never been seen. Second, I don’t think the regulation in general is good or bad for anyone, but it is true that regulation often has the unintended effects that I detailed in my post, so in that sense it tends to create some new problems to solve the old ones. I think it would have been better for marketers to have avoided the problem in the first place.

    As someone who has presided over several technical implementations of personalization, i want you to know that personalization does not require companies to violate GDPR–privacy and personalization are not mutually exclusive. There are ways of capturing data that allow personalization without being able to tie that data back to specific people and I advise companies on how to do this properly every day.

    Last, I think many of us are requiring personalization, not just millennials. We all like our browser to remember things and the sites we trust to know who we are. But I think marketers have failed to offer personalization that protects privacy, so now regulation will force it. Perhaps that will restore confidence in the system, as you say, but I will believe that when I see it. To me, the need for regulation is another black eye for marketers with the public who already look at us as little more than used-car salesman. I’d like for our profession to aspire to more than that, because it is the right thing to do, not because we are minimally complying with the law.

    Thanks again for your comment.

  5. Database micro-segmentation and personalization has been attainable for some time, and I think your response to Andy – “There are ways of capturing data that allow personalization without being able to tie that data back to specific people…” – is the key going for. Until recently, marketers have had little data privacy pressure, but the public exposure of combined Facebook/Cambridge Analytica benign neglect of protecting the individual member/consumer has forced greater safeguards and scrutiny. Years ago, the Direct Marketing Association required voluntary data security of its members. Maybe, before we get too wrapped up in regulation, it’s time for stepped-up, high-penalty data privacy self-governing, i.e. trust but verify.. If that fails, we may find that EU-style GDPR will be only the beginning of assertive data governance.

  6. Hi Michael,

    Thanks for your comment. I was a member of DMA way back when and I do think the industry standards can help forestall bad behavior before it starts. Maybe the public shaming of companies such as Facebook and GDPR will get ethical marketers to take a closer look at what is really the right way to treat customers.

  7. Mike, I guess the answer to your leading question about the business around privacy is fairly simple: Until recently no one – and I mean NO ONE – wanted to pay for it. Certainly not the marketers who suddenly would have needed to pay for something that they are used to getting for free, not the end users, who are in general not aware or interested or willing enough to pay for something in the age of ‘free’ – and with that not the investors who saw far more chance for a big payout by investing into ‘data companies’. I know, I tried it. 😉 came from exactly that angle …

    2 ct from Down Under

    PS: Great article!

  8. Thomas – while you’re absolutely right about the circumstances, I think it was more the ‘end justifying the means’ mentality that that led to GDPR .

  9. Thanks for your comments, Thomas and Shaun. To me, there is a truth in what each of you say. Marketers definitely did not want to do this, but maybe it is because no one could figure out how to sell it to customers–because customers didn’t want it. Now they said that they wanted it, but maybe they didn’t want to pay for it. If that is really the answer, that’s a fairly confounding assessment of how capitalism works…

  10. yes, Shaun, and then with the wrong (short sighted, inward-out oriented) end in mind, too. As it has been said in similar words before: where a market gets out of balance in favour of one group of actors, regulation is the consequence. Doesn’t always work, though …

    Imo there not being any major investment into the consumer/ side of this market shows how far off balance this market is.

  11. why confounding, Mike? Maybe a bit of socialism in my thoughts (blame it on me being German; our constitution says something to the effect that wealth is an obligation to society) but why would I want to pay for something that is my own, anyways (my data)? Don’t I pay for this, anyways (taxes)? Maybe one of the pillars of capitalism is faulty (namely the assumption that everyone is equal in negotiation power)? The rise of adblockers is a clear indication that people DO want privacy – but the biz model of adblock companies is a bit weird, too: Similar to Facebook the consumer is the product, not the customer: Dear advertiser, please pay me, so your ad gets through to the eyeball.


Please use comments to add value to the discussion. Maximum one link to an educational blog post or article. We will NOT PUBLISH brief comments like "good post," comments that mainly promote links, or comments with links to companies, products, or services.

Please enter your comment!
Please enter your name here