Tomorrow, the General Data Protection Regulation, or GDPR, goes into effect.
As a data-driven strategist, community organizer, and staunch proponent of the Feminist Internet, this issue is near and dear to my heart. And as a queer brown woman working in tech, this is not the first time I’ve dealt with the concept of ethical data collection and use.
One of the many (many) progressive data projects I’ve been working on lately has been the optimization of Engaging Networks landing pages for European clients in preparation for GDPR. In between cool conversations about the merits of theory of change oriented opt-ins vs. campaign specific opt-ins, one conversation has been sorely lacking.
That’s the conversation about GDPR and feminism.
Let me lay it out for you straight: GDPR is a feminist issue.
Consent has become a mainstay of feminist movements both on and offline. Sexual consent is a core tenant of ending rape culture. Rape culture is a term used to show the ways in which society blames victims of sexual assault and normalizes male sexual violence. It relies on our collective inclination to blame victims instead of rapists.
This extends past cultural acceptance and norms into the legal realm. Less than 10% of British reported rapes result in conviction. Spain is currently in the spotlight after a group of men were cleared of rape and found guilty of the lesser charge of sexual abuse. But it is not the only European country that does not recognize sex without consent as rape.
But how does this relate to GDPR?
Traditional list-building strategies (like gated content and advocacy petitions) deliver value to audiences, but don’t explicitly explain what being part of a marketing funnel means.
It’s analogous to accepting a dinner invitation with the understanding that you’re going out to have dinner, but having the entire night be a process of convincing you to have sex. Sex that you didn’t sign up for, and sex you most certainly didn’t consent to.
Not being transparent about the fact that the sign-up leads into a conversion funnel, means that users don’t have all the info they need to consent.
Pre-Checked Opt-Ins
The GDPR requirements around pre-checked boxes, are of particular importance. Not explicitly saying no isn’t the same as consenting.
Sexual assault legislation passed in September of 2014 in California states:
“Affirmative consent means affirmative, conscious and voluntary agreement to engage in sexual activity. It is the responsibility of each person involved in the sexual activity to ensure that he or she has the affirmative consent of the other or others to engage in the sexual activity. Lack of protest or resistance does not mean consent, nor does silence mean consent.”
So when a user clicks submit without the active choice to opt out of an email list designed to get them to donate, they are not giving affirmative, conscious and voluntary agreement. Sound familiar?
Opting Out
As any good feminist can tell you, consent once does not mean consent forever.
Just like you have the right to withdraw sexual consent at any time, you should have the right to unsubscribe from email marketing at any time.
Once consent is withdrawn, that’s it. No one has an obligation to continue doing something that they’re uncomfortable with, and saying yes to one thing, does not necessarily equal saying yes to another thing. Everyone has the right to say “no” at any given point, regardless of what they agreed to previously.
Moving Beyond Sexual Consent
But consent conceptually extends into much larger conversations about Indigenous sovereignty, environmental justice, reproductive rights, Black liberation, trans healthcare, affordable housing, and so so much more.
Consent is central to feminist, liberation, and equity organizing because it comes down to the right to determine what happens to you, your home, and your body. A right that has been historically (and is contemporarily) steamrolled by colonization, resource extraction, forced sterilization, police brutality, exclusionary healthcare for trans people, unaffordable housing, and more.
We live in an increasingly algorithmic world. Your data is collected, recorded, stored, bought, and sold. In turn, decisions like immigration, policing, bombing, housing, and hiring (to name a few) are now reliant on predictive modelling and automated decision-making.
The ability to consent to what your data is used for, how and when you’ll be contacted, and if your data is for sale is a conversation primarily about consent.
Effects on the Canadian Sector
For this legislation to be initiated in the EU bears noting. In Canada, the Canadian Anti-Spam Legislation (or CASL) maintains exemptions for messages of non-commercial activity. Included in this are communications sent by charities.
But as a sector committed to social good, shouldn’t we be encouraging similar legislation here? Canadian Non-profits are working hard to keep up with the ever-advancing tools and tactics available through digital transformation. But with that comes the concern that we are replicating systems we aim to change.
I firmly believe that those of us who work at the intersection of tech and social good have a responsibility to bring consent-forward feminist data legislation like GDPR to North America.
GDPR is a feminist issue. And it’s about time we had this conversation.
