Spam emails still persistent six months on from GDPR, research claims
The introduction of the General Data Protection Regulation (GDPR) has not reduced the number of spam emails many people receive, new research claims.
On the six month anniversary of the new data privacy laws coming into force, innovation foundation Nesta said a survey of UK internet users suggests 60% felt no more in control of the marketing emails they were receiving.
More than one in five said they were getting more unwanted emails since the rules were introduced in May, the foundation said.
Under GDPR, consumers have greater control over their data, including stronger rights to give consent on when and if firms can collect and use their personal data, while companies are required to be more transparent about how they use data gathered.
Fines for companies that breach GDPR can also be steeper than under previous privacy rules.
Theo Bass, a researcher at Nesta said the public needed more education on their rights under the new rules in order to cut down on the number of marketing emails they received.
“GDPR gives a significant boost to individual rights, including the right to access personal data or to request it is deleted, but most people aren’t aware of their rights or how to use them,” he said.
“The online advertising industry is structured to deliberately obfuscate how profit is being made with personal data and incomprehensible terms and conditions make it hard for people to understand what they’re agreeing to.
“It’s not clear whether either of these are being adequately addressed in the wake of GDPR.
“More effort needs to be made to educate people about their rights over their personal data and to empower them to demand more from those who hold it.”
However, part of the issue of increased emails may have been the result of confusion among businesses around the new rules as they were implemented.
Ahead of the rollout, many people reported being sent hundreds of emails from firms asking them to again consent to their data being stored or being kept on mailing lists.
However, GDPR states these emails are not necessary in every case and if a consumer has an existing relationship with a firm because of purchased products or services, seeking fresh consent may not be necessary.
Mr Bass said it was important consumers read up on their new rights and “push back” when firms did not comply with requests.
“National regulators shouldn’t pass the buck onto consumers. However it’s important that people have access to simple and actionable information about their rights,” he said.
“Simultaneous pressure from regulators and consumers will be important in realising the potential in GDPR to keep data-hungry companies in check and maintain high data protection standards for all.”
A spokeswoman for the UK data regulator the Information Commissioner’s Office said: “The GDPR, which came into force in May, strengthens the rights of the public, for example by banning the use of pre-ticked boxes consenting to marketing communications.
“People must give active, positive and fully informed consent.
“However, we would also urge the public to be careful about what they sign up to, particularly during online transactions.
“Organisations must also make it clearer and easier for individuals to withdraw consent and to unsubscribe from electronic marketing.
“The ICO has produced detailed guidance for organisations and the public.
“People who have been directly affected or who have concerns about nuisance calls, spam texts or unwanted emails can report them to us. Where appropriate we will target organisations that flout the law and use the full range of powers at our disposal.”