There are now just five months until the European Union’s General Data Protection Regulations (GDPR) kick in across all member states (including the United Kingdom) on 25th May 2018. This insight examines the conversation from December 5th to December 31st, covering 62,508 users who produced a not inconsiderable 144,075 tweets.
- Increasing conversations about GDPR can be seen in France and the US
- The graphs show more dense clusters of connections as the conversation has increased
- Fear of fines leads in trending terms, but demand for training remains high
- Top page rank has seen some movement, but several familiar faces remain
- Reach versus Rank and Top Flocks also show a few changes
- The list of most central accounts has undergone some major changes
- #Compliance and #AI move up several spots in our list of hashtags
Increasing conversations about GDPR can be seen in France and the US
Unsurprisingly, as with last month’s report, London remains the centre of GDPR discussions as we can see below. Paris follows, but it’s significantly closer over this period, with around ⅔ of the number of accounts as London. Even more surprisingly, we see that New York has crept up into third place, with fifth, sixth, and seventh all belonging to US cities, leaving Brussels down in eight.
Taken together, US business-related accounts represent a significantly higher proportion of non-British users compared to last month, reflecting a growing recognition that whilst the legislation is based in Europe, it’s going to have global significance. Article 3 (“Territorial Scope”) emphasises that the processing of personal data of EU citizens whilst they’re in a member state falls under the regulation – regardless of the country of the data processor. That means any US business with a web presence in Europe – multinationals and smaller websites alike – needs to take into consideration how it stores its data, and what it does with it.
By contrast, the rise in French users likely reflects the passage of JUSC1732261L: the national law designed to help with the adoption of GDPR in France. This clarifies a number of powers for CNIL (the French information commissioner’s office): these include the ability to add new Security measures for health data and impose hefty sanctions, as well as allowing local laws to apply alongside GDPR when it comes to the data of French citizens.
A note on languages: since the last report, we’ve loosened the criteria on linguistics on five languages – French, Spanish, Italian, German, and Dutch – to try and get a more globally representative sample of the conversation. Whilst this doesn’t have as much of an impact on locations, we can see an impact on the flocks.
The graphs show the continuing importance of national flocks
The national discussion leads us to the Gephi graphs, which shows the connections between accounts on Twitter. These form what we call flocks: short-term groupings which form around events, and are often lead by smaller accounts. Flocks are by their very nature quite ephemeral, but given that we are monitoring the same topic of GDPR on a monthly basis, we might not expect too much change.
Graph of Mentions (total engagement), GDPR Insight 2, with the flocks circled
Compared to the previous graph (which can be found in last month’s report), the denseness of the connections is obvious: as the date of GDPR implementation draws closer, we can expect the conversation to get even more intense.
In spite of that, however, many of the flocks which were visible last time remain salient. The large red flock on the far right of image centres on the European Union and on security and privacy.
We can see accounts like the European Data Protection Supervisor (EDPS), Green German MEP Jan Philipp Albrecht, and Pat Walshe (Privacy Matters), a data protection and privacy consultant. We also see a smaller flock within it, circled in light blue: this includes a more disparate mix of users like the Federation of Small Businesses (FSB), and the digital magazine Computer Weekly. We also find Brussels-based journalist Laura Kayali. Last month she had the largest flock; this time around, conversations around her have decreased significantly.
We also see two national flocks of note, which were singled out in the last report – one for Britain (in orange), and the other for France (in green).
The British flock emanates from the Information Commissioner’s Office, but we also see DMA UK (which offers marketing and advertising news), Kathryn Corrick, whose firm helps companies implement GDPR, and David Allen Green, a legal commentator for the Financial Times. By contrast, last month we saw accounts including the UK franchises of multinationals like Ticketmaster alongside government initiative such as Business Wales.
On the French side, we see a greater number of governmental figures and accounts, which continues the trend in last month’s report.
These include Mounir Mahjoubi, Secretary of State in charge of Digital Affairs, Benjamin Griveaux, a member of the French National Assembly, and CNIL, the French data commissioner itself. This mirrors what we saw in last month’s report: where in Britain, the GDPR is a primarily private discussion, France has a greater focus on implementation within the framework of public discourse.
In addition to these familiar flocks, there are two others of note which have emerged in this graph: both of which largely contain accounts which are in the marketing industry. The first, in dark blue at the far left of the graph, includes the GDPR Summit Series (hosting talks on the decision), and marketing research firm Econsultancy.
The second forms around Rick Waghorn, CEO of advertising tool kit Addiply (just visible at the centre of the dark green flock), with orbiting accounts like marketing publication The Drum, cryptocurrency exchange BlockEx, and Chicago-based tech firm Brent Ozar.
In addition to the appearance of new flocks and the diminution of old ones (such as Laura Kayali’s), one name missing from this picture is Uber. Its appearance in the previous Insight was due to its own poor data protection measures and the catastrophic breach which it suffered: enough time has passed that its scandal has passed off Twitter.
Fear of fines leads in trending terms, but demand for training remains high
That being said, the list of trending terms shows that mistakes like Uber’s – and the immense risk they carry – are now forefront on users’ minds. With fines of either 4% of annual income, or 20,000,000 Euros (whichever is larger), it is unsurprising that “massive fines” and “fines massive” are in the top category for trending terms – and again, in the fifth category down
At the same time, demand for guidance remains high, with terms including webinar, guide, and guidelines all appearing within the top five categories. We also see protection officer in our top category, with training in the second, further suggesting that there remain substantial opportunities for firms and individuals with the legal understanding.
Top page rank have seen some movement, but several familiar faces remain
Across both months, the ICO has held onto its position as the highest page ranked page in our chart. This is unsurprising, given the number of accounts based in London tweeting about GDPR across both November and December. What is surprising is CNIL’s drop from second place in November, to twelfth in December.
By contrast, McAfee has stormed ahead to take second and third place. The US-based company’s high follower count meant high engagements, in turn generating a high page rank.
The company’s highest tweet, listed above, shows again that the most important discussions in GDPR remain anchored in guidance. In comparison, IBM Security has dropped from our top page rank list – a reminder that Insights are highly dynamic things, reflecting a conversation that is constantly in flux.
Another pair of accounts which didn’t make it into our top page rank table at all last month are Nabeena Mali (fourth) and the App Institute (ninth) which she runs, which company works with small businesses to build mobile apps for small businesses. Whilst both accounts had fairly low top tweets (both receiving around 10 at most), Mali’s GDPR guide was picked up by Hotel Selfish.
A final pair of note are Max Schrems, in fifth place, and NOYB in eighth. Schrems is the Austrian lawyer and privacy advocate who succeeded in bringing down the earlier data transfer protocol between Europe and America – in the wake of Edward Snowden’s revelations, it became clear that adequate protection was not being offered (in this case, by Facebook). More recently, he launched None Of Your Business (NOYB), a non-profit designed to help enforce the GDPR’s rulings on privacy. Again, neither account produced tweets with massive reach over this period – instead, they made it to our top page rank by dint of retweets by other users who were interested in privacy.
Reach versus Rank and Top Flocks also show a few changes
Just as flocks are ephemeral and subject to constant change, the chart of reach versus rank shows that accounts’ influence is very much in flux. Whilst some of the big accounts we saw in the last Insight are just as important here, such as the Financial Times, or ICOnews, others have vanished, including BBC news, Uber, and IBM. We have also seen some new arrivals, such as Max Schrems and David Clarke, who appeared elsewhere in our last Insight but hadn’t made it into this chart.
Several accounts have also lost or gained prominence, most obviously the CNIL: where before it had the highest rank bar the ICO, it has now dropped to not far above the plotted line. This is unlikely to be the result of a sudden drop off in follower count: instead, it shows how the discussion has shifted away to other accounts. By contrast to CNIL, we can see the Privacy Matters has risen in rank, alongside Ottawa based lawyer Marc R Gagne.
Of the top flocks, only six – ICOnews, EU_EDPS, GDPRSummit, maxschrems, lukOlejknik and benifei – were in our December report. A noteworthy drop out from this list is the CNIL, the French information commissioner’s office, in spite of its presence on the Gephi graph.
This Insight features Privacy Matters (run by privacy consultant Pat Walshe) as our top flock, with a major impact on the GDPR discussion despite its relatively modest 16,000 followers – a reminder that rather than measuring raw follower count, flocks show us who was actually having an impact on the discussion.
The highest ranked tweet for Privacy Matters covered one of the most important (and more complex) areas of GDPR, Consent, suggesting that many companies remain uncertain as to how ensure they will keep their data use legal:
Other new entries to the top ten include Xavier Gomez, a fintech advisor, business security firm RSA, the British and European information commissioner’s offices, and David Clarke. Lower down the list, we also find TeachPrivacy, which offer security training, and Sirius Decisions, which works on business to business research. The overall picture is that the flocks have fewer governmental accounts or journalists, with these users replaced by tech consultancies and other firms looking to help clients implement GDPR.
The list of most central accounts have undergone some major changes
Top connectors reflect the centrality of accounts – that is, how important accounts are to connecting other users in the conversation about GDPR. That doesn’t necessarily require large follower accounts, so we expect to see a range of users in this category.
Comparing the last Insight to the present, the ICO is one of the few which has hardly moved, slipping from third to fourth place. By contrast, two accounts which feature fairly low on the left, David Clarke and Privacy Matters, have risen to first and second respectively. Both also made their ways into top flocks, showing how these metrics overlap.
Other accounts appeared for the first time in our top connectors, and show a breadth of users with an interest in GDPR. Alec Mackenzie, who was the third most important connector, works with marketing agency Educated Change. Brian Honan, in fifth, is an infosec consultant and former special advisor on cybersecurity to Europol. Neira Jones is a fintech and security advisor based in the UK.
The sheer range of voices in GDPR continues to grow as the months tick down. There are national differences on whether it is the public or private sector driving the conversation on Twitter; at the same time, it is becoming increasingly clear that wherever you are in the world, if you do business with Europe then GDPR will affect you.