GDPR...aargh! Consent and consent removal. #2

The General Data Protection Regulation (GDPR)  states that “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language”. This promises to be a vast improvement on the current consumer experience! A far more notable, and some would say, controversial aspect of the legislation is the expectation that it must be “as easy to withdraw consent as it is to give it”. This suggests that it provides an effective method for consumers to off-board and end their service relationship. Looking at the surrounding elements of consent as part of the wider consumer experience, we can see a variety of styles which could be used in different situations.

Occasionally, a service is defined implicitly, such as the use of cookies on a website that present an implicit usage agreement. At other times, there are more complex opportunities for gaining consent, such as the Terms and Conditions which are defined when using a new smartphone or digital service. Signing up to financial services might include the format of the agreement in a contract. Agreements like this are sometimes referred to as Browsewrap (wrapped round the website before you get in), or Clickwrap (small clickable elements to acknowledge legal binding). While all these can be considered as on-boarding experiences to the consumer journey, what is less generally acknowledged is how they have a profound influence on off-boarding from the relationship.  

Tone of voice
In many instances Terms and Conditions are a cumbersome things to comprehend. The worst examples are as long as books, according to the consumer group Which?, who found that Paypal’s T&Cs at 36,275 were longer than Shakespeare’s Hamlet and Apple’s iTunes longer than Macbeth at 19,972. Documents like this are impenetrable for most people, and as such they do not work efficiently as an interface for the user. A Symantec survey found that, on average, only 25% of people read T&Cs. The highest number was found in Italy, where a surprising 53% of people apparently read them in full.

So it’s understandable that, for many, ticking the consent box seems less an acknowledgment of agreement and more like a relinquishing of effort. Another recent study provided further alarming evidence. Conducted by Jonathan Obar from York University in Toronto and Anne Oeldorf Hirsch from University of Connecticut, it asked people to join a new social network. The Terms and Conditions included a request to the user to give the social network their first future born child. Surprisingly all agreed. 


While doing research for the Ends book, I read a lot of T&Cs. The vast majority place the consumer in a subservient role because of the language used and the way in which responsibility is allocated. Many provide little opportunity for an amicable end to the relationship. The ending is presented only as the consumer’s moral failure. In one example out of the 20,000 words, I read 12 mentions of “Termination” relating to when the consumer done something bad and 6 mentions of “Until”, which implied expectations of the user of breaking something. The language is biassed and fails to create the opportunity of an amicable ending. While this is a common approach legally, as an experience it is alienating.

Some of the language used could even be considered sinister, “Apple reserves the right to disband a Family in accordance with the “Termination” section of this Agreement.” Which seems dark and also quite funny to place it out of context - like on a beach in the summer, or on a kids t-shirt. 

Apple disbands the family.

Apple disbands the family.

Defensive measures
The GDPR legislation expects consent to be a positive start to the consumer lifecycle. It should be presented as “intelligible and easily accessible form, using clear and plain language”. Anything to the contrary will undermine trust in the relationship thereafter. It is clearly an area that could do with more clarity and trust.

Research conducted by Ipsos on behalf of TRUSTe /NCSA, found that 92% of US internet users worry about their privacy online. And 45% are more worried about their online privacy than a year ago. It seems this is limiting business too with 74% of respondents saying they had limited their online activity in the last year due to privacy concerns: 44% have withheld personal information, 36% have stopped using a website, and a further 29% have stopped using an app, of which 47% said this was because they were asked to provide too much information. Stopping use is an example of the neutered response consumers have available to them, when sadly few other legal methods are available.

To counter this, consumers have adopted measures such as using VPNs (Virtual Private Networks). These are pieces of software that hide an individual's computer ID and makes it appear as if it is in another country. This appears to place control back into the consumer’s hands - although with a slightly dubious legal footing.

A recent article in Wired summarised the world’s usage of personal VPNs. They spoke to Jason Mander, Head of Trends at Global WebIndex, who said that "People consider VPNs to be a niche tool, but they are surprisingly widespread. As many as one in four people use them. Two-fifths of Indonesians are invisible. More than a third of Vietnamese and Saudi Arabians don't show up either. Take a look at web analytics for Sweden, and you're led to conclude its population is bolstered by large numbers of Netflix-loving ghosts.” 

Further evidence of consumers avoiding data capture can be gleaned from a recent anecdote from a streaming service, which highlights the casual caution of consumers giving away data. The streaming service found that they had a peak of users over the age of one hundred years - a surprising finding considering the average user is in the 18-30 age group. This peek seemed baffling. Investigation proved it was not a technical glitch, but that consumers had been consciously giving a false age as a way of protecting some aspect of data that, in their opinion, was not critical. This is a particular issue that consumers can now question with GDPR, should they consider that their data is being used for profiling, or meaningless direct marketing purposes, as they have the Right to Object, and halt the processing of that data.

Methods for objecting, or to withdraw consent from the provider, should be presented as clearly as the request that asks for consent. It will be interesting to observe how well and evenhandedly this is presented by businesses over the coming months and years. Providing a clear path to end a service is naturally repulsive to a historic business culture. While clawing back their consent may be considered a big win for consumers, it does not necessarily have to be considered a big loss for business. Psychology and the clothing industry provide good examples to why consumers removing consent might not be as bad as many think. But first we need to think differently about consumer endings.

The new world of multiple engagements
Re-engagement with consumers is now becoming the norm, rather than the exception. Business logic argues that it cost five times more to acquire a new customer than to retain a current one. But this is a binary statement overlooks the potential or, indeed, the reality of endings. Future services and digital products are promising to be far more transitory than in the past. Consumers are going to move more quickly between services, empowered by legislation such as Open Banking and Data Portability. They will turn one service off as they switch another on,  approving and removing consent as they come and go. Returning to services and providers they used previously will be common. So making the ending of a service a good one is vital.

Peak End rule
Endings are overlooked as somewhere to add value. In his book Thinking, fast and slow, the psychologist Daniel Kaheman outlined his observation that people remember experiences at two points - the peak and the end. This means that consumers will remember endings as well as the best moment a service had to offer.

This is an approach that is sadly overlooked by companies like Sky, who require their customers to endure a one hour sales interview before leaving the service. This can be quite traumatic for people and, no doubt, leaves the consumer with a horrible off-boarding experience. This is the opposite to what any business should really want for their brand, despite it making short term business sense. Endings should be a place to up-sell the brand, not always a place to sell more business.  

Returns policy
Some retailers have made the mental leap of embracing the opportunity when a consumer rejects their product, considering the returns process as an opportunity to show off their customer experience qualities. Making sure that consumers feel confident about the returns policy is key to making them feel comfortable with the initial purchase and trusting the brand.

The highest quantity of returns can be found in the apparel sector. Research conducted by Kurt Salmon, a management consultancy firm, indicated returns by online customers of 20%-30% of goods sold. This is an enormous quantity of customer endings and many businesses would consider a disaster. Yet the apparel sector has embraced this off-boarding experience and now sees it as a place to promote trust. The best companies have swift and clear mechanisms to get the customer’s returned product back to the warehouse and to reimburse the money. The customer then feels confident in the issue being resolved and this increases their trust of the brand. 

The same research found Better World Books had one of the lowest return rates of just 0.44%. John Ujda of Better World Books sites the clear expectations made upfront on the website to the customer. If expectations are inline with delivery, then it minimises returns. Clear expectations is a key factor established by GDPR. It states that the expectations at the on-boarding stage of the relationship -  for example, around consent -  help across the whole consumer life-cycle. GDPR also expects clarity around off-boarding and the end of the cycle, such as telling the consumer how long their data will be used for or, if not possible, the criteria used to determine when the end will come. This supports the notion that the best closure experiences are connected consciously between beginning and end, and that the manner, tone and method used at on-boarding is repeated at off-boarding.

As consumers start to understand the value in their data, they will no longer tolerate the method, tone and privilege that poor data businesses have practised. The worst of these can be seen in the oversight of an ending which traps consumers in hidden data serfdom.

GDPR lays the foundations for improving these issues, not least in balancing out the bias in the consumer life cycle between on-boarding and off-boarding consent and its empowered removal by the consumer. Businesses and industry have the potential to exceed these legal obligations and provide consumers with honourable, happy and amicable endings to their service relationships, so as to create lasting positive memories. 


Principles GDPR...aargh! Consent and consent removal. #2

  1. Create amicable endings, avoid using language that assumes the consumer has failed in the relationship. 

  2. Memories are laid down at two points, a peak and the end. Design your services to get the most out of this.

  3. On-boarding can be a good place to prepare for the best off-boarding.

  4. Consumerism is becoming a game of re-engagement. Consent will be given, then withdrawn. Develop experiences that honour this consumer behaviour.

  5. Endings can be a place to up-sell your brand, but not always your business. The end provides an equal opportunity to show good customer service, as demonstrated by the apparel industry.