GDPR Changes The Data Resale Landscape: What Does This Mean For Users?

Blog | 14 March 2019

Most companies who have stopped working with European companies have done so because of compliance issues. They either cannot or do not want to burden themselves with the new requirements for capturing, processing and storing customer data. Owned by Pinterest, Instapaper is one of the companies on a tempory work hiatus with European consumers. Others, like Klout, have even decided to shut their businesses down because they cannot operate user-data-marketplaces in the GDPR environment.

Klout made a business of scraping together a reputation score based on someone’s social media presence. The users did opt-in, giving Klout access to each of their social media platforms. However, there were many links to third parties. Klout’s parent company Lithium decided to close the business rather than attempt to comply with GDPR. The company’s tweet stated that GDPR was the last push in a direction they were already heading in.

Data selling companies

What about other companies that resell your data in one way or another? Facebook is known for sharing data with partners. The social network is currently facing criticism for “forced consent”. Basically, the site has an all-or-nothing policy that users must accept or they are denied access to the site. GDPR’s guidance is that customers must be allowed to give consent independently for different aspects of data use. For example, users should consent to a company using their data for its own purposes and again for that company to share this data with business partners.

This begs the question of “what now?” Of course, Europeans can choose not to use Facebook. However, this doesn’t address the bigger question: what happens now that traditional vendors of user data have to operate differently?

What outcomes for businesses?

This opens up several possibilities. The first is that companies like Facebook sell less data, and only with users’ active consent. This requires them to change how they collect and store data, as well as being more open about how their partners use that data. Users could benefit from this becausecompanies will be forced to provide more direct value to users if they seek their consent. It is a win for users because they can monetize their data by getting more value for their active participation and consent.

Another strong possibility is that users take a more direct route to monetization:

  • Participate in data marketplaces where they can find data buyers;
  • Associate with similar users to sell as a group;
  • Sell based on their personal preferences;
  • Choose which companies or causes to sell to;
  • Choose which pieces of their data they’d like to sell and how much they are worth.

There are of course multiple options along that spectrum, where hybrid models can occur. But each one requires a strong identity protection and validation platform as its foundation. It would be smart for users and companies to start with identity solutions and build up from there, instead of trying to start with the marketplace and work backwards, toward implementing identity solutions. Starting with identity is the best way to ensure that business goals and GDPR compliance can happily co-exist.