The consumer privacy landscape has changed dramatically over the past few years. First, the General Data Protection Regulation (GDPR) went into effect in 2018, giving European Union citizens more privacy rights and limiting businesses’ ability to collect, share, and sell consumer data without permission. Then, the California Consumer Privacy Act (CCPA) was passed that same year and was enacted on January 1, 2020. When the law goes into enforcement on July 1, 2020 it will affect all companies doing business with Californians.
We were curious about how businesses and consumers were adapting to these laws and how their attitudes about privacy laws in general might be changing, especially since more privacy laws are on the horizon. To get a partial picture of how people reacted to both GDPR and CCPA, Oracle CX Marketing Consulting’s Social Media Strategy & Analytics Services team used social listening to check the reaction on social media. We compared social media mentions of GDPR to that for CCPA during key time periods, looking for similarities and differences in what people were saying about the laws.
While some of our findings weren’t shocking, others were definitely a surprise:
Businesses dominated social media mentions during pre-enactment periods of GDPR and CCPA.
The months and final days leading up to the enactment of both GDPR and CCPA were dominated with news, speculation, and industry preparedness mentions related to businesses. Consumer chatter was almost nonexistent during the leadup and only picked up after enactment, which is when the law started to affect them directly.
Social media activity was highest around the time of enactment.
Chatter about GDPR and CCPA reached its peak around the time of enactment. For example, the volume of mentions about GDPR one year after enactment was down from this peak by approximately 12x.
Consumer social media commentary spiked after enactment.
Our social listening found that consumers had very little to say on social media about GDPR until they started receiving a slew of email notifications on the subject. After enactment a large portion of the conversations came from people complaining about all the emails showing up in their inbox—particularly from brands they felt they hadn’t interacted with in a long time. Consumers were annoyed and didn’t understand or care that these notifications were legally mandated by GDPR.
Negative sentiment around GDPR was highest at the time of enactment.
While you might think it was because of businesses despairing on Twitter about how to become compliant, it was actually because those frustrated consumers were getting inundated with GDPR notification emails. Also, some consumers shared their frustration with GDPR updates causing apps to fail.
Those two issues caused negative sentiment to increase by 3x the day after GDPR’s enactment.
Privacy wasn’t the thing that consumers commented about most with GDPR.
One of the bigger questions we wanted to explore through social listening was if there were concerns about privacy laws. While we found that there were some, they appeared to take a back seat to other items, such as the annoyance with the GDPR email notifications.
In addition, some people tested sites and shared how much faster sites loaded after GDPR, since much of the web tracking that businesses did on their sites is now illegal. All of the tracking processes used had the effect of dramatically slowing down site load times. So, while GDPR was born out of privacy concerns, what consumers noticed and commented on was the vast improvement in the user experience and the decrease of intrusions.
Consumers wished that all countries would adopt GDPR.
In another sign that consumers viewed GDPR positively, the improvement in website load times and other changes had a lot of people hoping that other countries would follow suit and remove back-end tracking. Some hoped that GDPR would push the industry to adopt the guidelines globally instead of doing things one way for the EU and another way for everyone else. Then, consumers believe, everyone would be on the same playing field.
CCPA received a lot less attention on social media and lower negative sentiment, too.
GDPR was a huge, disruptive change that affected every company in Europe and every global company. Following two years later in the wake of GDPR, CCPA was clearly seen as far less disruptive. In fact, global companies based in the US needed to do very little to comply with CCPA.
Because of this, our social listening found that CCPA mention volume on the date it was enacted was approximately 73x lower than what was generated when GDPR was enacted on May 25, 2018. In addition to lower volume, CCPA captured lower negative sentiment than GDPR during that same time period.
Consumer reaction to CCPA on social media focused on how they could increase the privacy of their accounts.
When CCPA was enacted, consumers didn’t comment much on the privacy notification emails—likely a sign that businesses had tightened up their audiences after seeing how people were irritated to get GDPR notifications from brands they hadn’t interacted with in years.
Instead, the social media conversation was largely around how to exercise their new privacy rights, with people frustrated with companies either not complying with CCPA or not making it easy for people to exercise their rights. For example, on day one of enactment, some consumers posted asking if others had found the “do not sell my data” buttons on businesses’ websites because none could be found. There were also complaints about error messages received when trying to use CCPA functionality.
Our social listening also found that people were discussing how CCPA would impact the rest of the US, as well as the steps that other states and the federal government are taking to improve privacy protections. People applauded some companies like Mozilla for providing CCPA protections to all Americans, not just those in California.
Fines don’t get much attention.
The first GDPR fine—which was a record £183 million fine against British Airways for a 2018 data breach that affected 500,000 customers—didn’t generate much social media activity. Compared to activity pre-enactment, at the time of enactment, and at the one-year anniversary, the first GDPR fine generated the lowest mention volume of all four time periods analyzed.
We anticipate that CCPA will follow the same pattern. The State of California has said that it won’t bring enforcements against companies until July 1, giving businesses extra time to get into compliance. However, the first class-action CCPA suit has been filed, with Salesforce and Hanna Andersson in the cross-hairs. So, the first CCPA fine may be on the horizon.
Based on our social listening, we think that consumers are increasingly expecting more control over their privacy and that businesses are having less anxiety about complying with new privacy regulations. That’s good news, because more states will undoubtedly be passing privacy legislation, which will ultimately result in new federal legislation to create a national standard to ease the burden of compliance.
Need help with social media listening and analytics? Oracle Marketing Cloud Consulting has more than 500 of the leading marketing minds ready to help you to achieve more with the leading marketing cloud, including a Social Media Analytics & Strategy Services practice.
For more information about trends that impact social media marketing, check out the Modern Marketing Blog’s latest posts concerning social.