What about other companies that resell your data in one way or another? Facebook is known for sharing data with partners. The social network is currently facing criticism for “forced consent”. Basically, the site has an all-or-nothing policy that users must accept or they are denied access to the site. GDPR’s guidance is that customers must be allowed to give consent independently for different aspects of data use. For example, users should consent to a company using their data for its own purposes and again for that company to share this data with business partners.
This begs the question of “what now?” Of course, Europeans can choose not to use Facebook. However, this doesn’t address the bigger question: what happens now that traditional vendors of user data have to operate differently?
This opens up several possibilities. The first is that companies like Facebook sell less data, and only with users’ active consent. This requires them to change how they collect and store data, as well as being more open about how their partners use that data. Users could benefit from this becausecompanies will be forced to provide more direct value to users if they seek their consent. It is a win for users because they can monetize their data by getting more value for their active participation and consent.
Another strong possibility is that users take a more direct route to monetization:
There are of course multiple options along that spectrum, where hybrid models can occur. But each one requires a strong identity protection and validation platform as its foundation. It would be smart for users and companies to start with identity solutions and build up from there, instead of trying to start with the marketplace and work backwards, toward implementing identity solutions. Starting with identity is the best way to ensure that business goals and GDPR compliance can happily co-exist.