Much has been said about the GDPR, and much is still left to be said. However, I think we can all agree, even bureaucrats at the EU, that the GDPR was launched sub-optimally and that too much semantic vagueness was left for the market to interpret - and is still interpreting. There is also an unresolved discussion around what the GDPR means for shifting the balance in global innovation, as we know that data is the basis for paradigm changing technology like AI, which most nations are now in a global race to win (or rather to ensure they don’t lose out too much to China).
All that aside, I argue that the GDPR is a blessing in disguise for an app publishing ecosystem that for too long has operated under unclear rules and guidelines and thus has struggled to balance the clear desire from the end-user for free and (location) context aware apps and services with the increasing demand for privacy-friendly solutions.
The GDPR helps put this built-in conflict into a clear framework, and history has proven time after time that clear frameworks and boundaries coupled with a big opportunities often equals a huge catalyst for innovation.
Here is my take of how you as an app publisher that collects data (including location data) for monetization (to keep the app free) and for product features (to keep the app context aware) should act to benefit from a selection of GDPR requirements below. And it all revolves around utilizing a strong Consent Management System.
1. Lawfulness and Fairness of Processing and Transparency (GDPR Article 5.1, GDPR Recital 39)
Make no mistake, you are going to have to rely on consent as the legal basis for data collection. And while many/most apps have relied on consent well before the GDPR you now have a reason to build out (or buy) a more robust consent management service. By having a dedicated system in place for consent you will stand apart from your competition (the competition for eyeballs) and de-risk any future conversations with legal bodies should they check up on your GDPR compliance and execution - and allow for the further innovations as mentioned in the next points.
2. Purpose Limitation (GDPR Article 5.1, GDPR Recital 39)
As a consequence of having a robust consent management system you can start to separate the various opt-ins on use cases and verticals. This is a demand by the GDPR, but hard to easily and friction-free action on without a robust system at the core. Once you have such a system up an running it’s easy to turn use cases and verticals on and off as you learn and mature and you are yourself in control of your data collection and usage.
3. Rights of the Data Subject (GDPR Articles 12 - 23)
You don't want users that don't’ want you (This sentence sums up the intention of the GDPR quite well - in a tabloid way) but historically you didn’t have reasons or resources to make sure each individual has their individual requested tended. With a solid content management system in place, you will also easily be able to fulfill the GDPRs requirements to access, delete, and/or port the data that you sit on.
4. Record of Processing Activities (GDPR Article 30)
Let’s face it. Your underlying systems have probably seen under-investments for quite some time and you do not have full control over what is stored where. With the GDPR you have to be able to document, find, and purge data if required. The bonus being that you’ll get an improved underlying system structure that will increase the speed of future deployment and perhaps even operations, as well as save storage costs.
Yes, the GDPR is complicated - so come speak to us
The good news is that there are companies like Unacast that can provide an end to end solution to this challenge. GDPR made us international privacy compliance experts, so we can guide you in your data monetization strategy and limit your need for unwieldy data infrastructure.
The GDPR should not dissuade you or any app publishers from monetizing data. On the contrary, there has never been a time when the rules were more clear or market more stable. With the right partner, you can unlock a new, incremental monthly recurring revenue stream that can be reinvested into growth and retention.
Get in touch if you are an app publisher and wants to learn more about how you can use the GDPR to your benefit - and extract more revenue.