Washington Post doesn’t quite get GDPR right

If you live in the EU and you’ve blazed through the last few weeks without coming into contact with GDPR then you simply can’t be online. At all. Most of us with any sort of online life have been plagued with compliance emails leading up to May 25th when GDPR went live.

GDPR is basically a good thing because it gives us more control over the personal data we give to various websites. The devil is in the detail, though, and many sites have strong-armed their compliance through by telling us we can either accept our data is going to be used as they choose or we can bugger off and not use their site. In principle, with a new site, this is fair enough but if we’re already entangled in a site and want to continue using it then we have no choice but to sign away our privacy.

These are transitional issues that have come about due to GDPR being implemented in 2018 rather than 2001.

GDPR still doesn’t shift the balance of power enough in my opinion. I have long argued that our personal data is a commodity that we should be able to profit from. The default position should be that websites have absolutely no right to track us or record any of our personal data. If we choose to hand some personal data over then we should get a cut of the vast profits the tech companies make from our data, which they currently get for free. It is our data when all said and done. It is our intellectual property and I can’t imagine the tech companies would hand over their own intellectual property for free.

The way I would like to see it working is that tech companies — Google, Facebook, Twitter or whatever — would subscribe to my data for a year and I get a fee for that. It would be a fair fee of course. I still expect the tech companies to make a big profit but maybe 20% of the profit they make from personal data is paid back to the people whose data they use. Shared out amongst millions that won’t be much of course but if you were to share your data with many sites it might pay for a few beers or coffees.

It’s about where the control lies too and I believe that should be firmly in our hands.

You may think that sounds ludicrous but I’d suggest that’s only because we’re so conditioned to these companies simply swiping our data when they like, for free. The boot should have been firmly on the other foot from the beginning but, alas, it wasn’t. The internet grew at an astonishing rate and regulation simply wasn’t ready for it.

I’m all for sites charging a subscription for access if that’s their business model. It prompts us to think about whether we’re really that interested in their content. We often find we’re not after all that interested but we can choose to pay if we wish. Under my scheme of us actually owning our own data their might be two subscription models: a standard one where we don’t give over any of our personal data, and a cheaper (or possibly free) one in exchange for us allowing the site to track us, advertise to us and use our personal data. Indeed, some sites do this already.

This brings me to the Washington Post. If you want to subscribe to the Washington Post now (post-GDPR) you’ll see the following screen:

Washington Post subscription screen.
Washington Post subscription screen.

They have some things right here. There is indeed a cheaper subscription if you’re prepared to hand over your data and permit cookies, tracking and lots of shitty adverts all over your screen.

There are also lots of things wrong with this, starting with the name of the premium subscription. It’s called a ‘Premium EU Subscription’ and this implies you’re being charged for GDPR, which doesn’t go down too well as GDPR is a right we're entitled to by default. I’m not sure if that screen is just offered to EU readers but, if it is, I can’t imagine it’ll go down too well with the GDPR authorities either because then it definitely is a charge you have to pay for something that’s a legal right.

It’s not entirely the Washington Post’s fault because GDPR only affects the EU and it seems they named their premium subscription accordingly. They should rethink this. It could just be called ‘Premium Subscription’, applied worldwide and then potential subscribers can make their own minds up.

GDPR is a step in the right direction. I think we will own our personal data one day. I think it will be a commodity we can trade (our data appears to be worth $3/month just at the Washington Post). But I think it will take many years yet and, sadly, many more privacy breaches (like Facebook’s recent furore) before it happens.