Compliance has become a critical issue for tech companies as EU regulators increase fines for violations. Amid shrinking revenues due to the “pandemic hangover“ and the decline of third-party cookies, businesses must prioritize compliance at the product level.
Compliance might not seem like the sexiest topic, but it’s one tech companies need to have on their radar. In the last years, (EU) regulators have raised the size of fines to hundreds of millions of USD. The number of violation fines is steadily growing and targets have expanded well beyond big tech players and now include small regional companies as well.
The key question is: how can you embed compliance at the root of the business to minimize violation risk?
GDPR fines grew from small nibbles into painful punishments. This year, Ireland’s data protection commission fined Meta 414M USD for forcing users to accept the Terms of Service, in which users agree Meta can use behavioral data for tracking purposes.
This is the fourth installment of a series of 3 fines for privacy infringements since 2021 that sum up to over one billion USD:
You could argue $1B in fines don’t hurt a giant that made over $23B in profits in 2022 (it’s only 4%), but when you look at the ~20,000 employees Meta recently laid off and the gaping hole of ~$10B in lost revenue from ATT (Apple Tracking Transparency), that billion starts to look very different.
Meta is not alone. Many tech and non-tech companies got sizable fines over the last years:
And just like Meta, most big tech companies saw revenues drop in late 2022 as a result of the “pandemic hangover” and started to lay off many of the employees they hired during the pandemic. Budget hits from compliance violations are the last thing tech companies need at the moment.
A big part of the problem is access to first-party data for fast-growing companies. A large part of the web is built on advertising (referred to as “the original sin of the web”), but 3rd cookies are dying out. Google and Apple have started to develop cohort-based alternatives that are less accurate but more privacy-friendly.
As a result, targeting capabilities get less accurate, and, therefore, ads become more expensive, and ad revenue for ad marketplaces shrinks. GDPR (and CCPA) guidelines reduce tracking capabilities even further, which is why a lot of big internet platforms are hesitant to implement the guidelines – at a higher and higher risk.
Another problem, of course, is that few companies have taken GDPR violations seriously. Fines have grown over time because initial penalties weren’t impactful enough. Now, getting fined can significantly shrink the bottom line and come at the cost of customer trust. The 2016 Cambridge Analytica scandal, for example, damaged Facebook as a brand so severely that the company rebranded to Meta.
Compliance as a risk needs to be managed at the core of companies: product building. Growth product managers and marketers must change their mindsets from seeing compliance violations as a necessary evil that lawyers take care of to a managed risk in the product development process.
As data breaches and privacy violations become more common, it is essential for product managers and UX designers to embrace privacy-first principles:
The most critical touchpoints between companies and users when privacy principles matter are when any communication or transaction happens. For example, PMs and designers should build user interfaces with easy access to data in mind. Marketers should include opt-out links in any customer communication.
Yes, these principles can slow the classic Silicon Valley style of product building by moving fast and breaking things down. However, unmanaged compliance risks can slow company growth even more.
Compliance is a major challenge for EU startups trying to compete on a global level due to the extra costs associated with GDPR. Big Tech companies have more resources to find workarounds and adapt to privacy regulations, giving them an added advantage over smaller businesses with fewer resources.
To build trust with customers, businesses must go beyond tracking transparency and truly commit to compliance. Failing to do so can result in severe consequences such as fines, loss of reputation, and legal action making compliance a critical factor for success in the digital age.
Compliance might not seem like the sexiest topic, but it’s an important one tech companies need to have on their radar. Over the last years, (EU) regulators have raised the size, number, and targets for fines for privacy violations.
Compliance has become a real risk for marketers, and product managers need to start factoring into Growth strategies.
Analyze, optimize, and monitor your website compliance with Ryte
Published on 04/18/2023 by Kevin Indig.
Kevin Indig is a strategic Growth Advisor, creator of the Growth Memo newsletter and host of the Tech Bound podcast. He ran SEO organizations for companies like Shopify, G2 and Atlassian, consulted for big brands like Ramp, Eventbrite, or Finder and is an active angel investor. Website LinkedIn
Own the SERPs with the only Platform using exclusively Google Data.Book free demo