Insights Analysis – Online Conversations about GDPR in 2018 – March Edition

Share on linkedin
Share on facebook
Share on twitter

There is just over a month until the General Data Protection Regulation comes into effect, representing the biggest shake-up to the data protection in 20 years. Combined with Facebook hearings on Capitol Hill dominating the news, it’s not surprising that our data (taken for the whole month of March) found 371,413 tweets – roughly 10% more than the last report.

Last month we launched Croncyle’s GDPR community on Slack: a space to keep abreast of the best articles and reports on the new regulation, as well as content on the related fields of Data Protection, Cyber Security, and Privacy.


  1. National borders are no longer the defining feature for conversation clusters
  2. London overwhelmingly leads the GDPR conversation but the US leads as a country
  3. Trending terms continue to discuss guides, but the Facebook scandal makes an appearance
  4. Top Page Rank finds that national information commissioners remain key to the conversation
  5. Top Connectors show a mixture of information commissioners, EU accounts, and tech consultants
  6. Facebook makes its way onto top hashtags
  7. Big Tech and media companies continue to lead top talked about
  8. Articles are hopeful about what GDPR can do to tame the wild west of the internet

1. National borders are no longer the defining feature for clusters

Network analysis allows us to see the way that different users interact in the conversation around GDPR. Traditionally, our reports have found national clusters for Britain, Spain, and France, as well as a Europe wide cluster of flocks (i.e. users grouped by an interest in an event). However, as we can see in this report, that’s increasingly not the case, as national clusters blur as well as break up.

In the blue cluster, we can see British companies and organisations – but where the ICO was the single centre in earlier reports, we can see that it is far more decentralised now.

We continue to see users like GDPR and cybersecurity expert David Clarke, NHS England, marketing and advertising news source DMA UK, the Federation of Small Businesses (FSB), and even Cronycle itself as representatives of British accounts. However, the national aspect is not as important as in previous reports, since we can see Canadian data protection expert and founder of the Privacy by Design concept Ann Cavoukian also appears in the blue cluster, as well as Atlanta-based mailing service MailChimp.

In orange, we can see one of our two Spanish clusters, with the Spanish data protection agency (AEPD) at the centre, with other users such as mass market area manager at Wolters Kluwer Federico Martinez and Dealer World Espana.

A second Spanish cluster is based around Sage Spain, with users including Luis Pardo Cespedes (executive vice president and CEO at Sage Spain).

The French cluster and the EU cluster blur in this account for the first time. Whilst CNIL, the French information commissioner, remains a central node, we can also see EU Justice making an appearance there. Other accounts of note include minister of state in charge of digital affairs Mounir Mahjoubi, Cronycle’s Nicolas Granatino, editor-in-chief at Next INpact Marc Rees, Louis Fleuret at start-up support network La French Tech, and French digital vigilante Elliot Alderson (a pseudonym), who has been responsible for discovering a series of systemic data protection flaws in India. The appearance of Mounir Mahjoubi marks one of the few times an individual politician appears in the report.

Compared to previous reports, we find that the EU and privacy clusters (normally combined) are less intertwined this month. Whilst we do find some examples of EU users such as Paul Nemitz, principal advisor at the Directorate-General Justice at the European Commission, and Vera Jourova (Commissioner for EU Justice), this is by no means entirely the case. Privacy advocates and experts include Max Schrems, who took on Facebook long before the Cambridge Analytica scandal came to light and has created a new non-profit to launch strategic court cases and media initiatives in support of GDPR called None Of Your Business (NOYB), David Carroll, associate professor of media design at Parsons School of Design in New York (who has been leading a court case against Cambridge Analytica), London-based data protection analyst Lukasz Olejnik, privacy consultant Pat Walshe (Privacy Matters), the Data Protection Commissioner for Ireland.

A final, looser cluster (in grey) includes a variety of tech firms and individuals ranging from blockchain platform and cryptocurrency YourBlock, Thomson Reuters Risk Management, Australian strategist and data scientist Dez Blanchfield, Laurent Miltgen-Delinchamp, head of projects and solutions at Elgon S.A., and Xavier Gomez, a fintech advisor and speaker.


2. London overwhelmingly leads the GDPR conversation with the UK leading as a country

In previous reports, the usual order has been London followed by Paris in terms of geo-tagged tweets. Whilst we see that again this month, the gap between the capitals has widened significantly, with London having more tweets than Paris and Madrid combined.  The ICO has been of the forefront of the news with its investigation of the Cambridge Analytica-Facebook data breach.

We have added location per country in last month report. While 4 European cities trust the first 4 places, the US comes in second as a country given the importance of big data in the US tech ecosystem.

The top tweet from the London flocks actually comes from Cronycle itself, discussing how France was previously leading GDPR discussions:

The return of London to the top of the location table is a reminder that our analyses are highly timebound and reflect a constantly shifting group of accounts. The only thing certain about the conversation is that is liable to change.

For France, the top tweet comes from Jean-Francois Pillou, the digital director of Le Figaro group and our top account by page rank in the last report. In it, he alludes to Facebook and its ongoing data privacy problems, pointing out the ease with which it allows identifying users through mobile numbers. The social media giant’s hearings in America (coupled with investigations involving Facebook, a Cambridge academic, and political consultants Cambridge Analytica) have increased the pressure on it to step up its role in protecting its users’ data.

In third place, Madrid outranks San Francisco and Brussels: a change from just two months ago, where Spain did not make it into the top location list. This is in large part down to the Spanish Data Protection Agency (AEPD), which had the most retweeted tweet this month for Madrid with a tweet offering guidance for companies to become compliant with the incoming legislation. This proactive government stance is encouraging, given the often sensationalist reporting surrounding GDPR and the potential for scams as a result.

It’s worth noting that neither the French (CNIL) or British (ICO) information commissioners had the highest retweeted tweets for Paris or London, suggesting a role for private and public users in the coming privacy debates. We believe this is to be expected and is a positive development in the awareness of GDPR now growing beyond information commissioners.

When it comes to countrywide rankings (a new feature launched by Croncyle for this report), the UK remains the leader, but the US is close behind – both of them far outstripping the rest of the world, including both France and Spain. Whilst America’s surprisingly high rating is in part reflective of the relative spread of Twitter users, but also a reminder that GDPR will affect users around the world.

3. Trending terms continue to discuss guides, but the Facebook scandal makes an appearance

Trending terms is a good way of seeing what’s being discussed beyond hashtags, providing a clearer snapshot of the currently debated terms. For GDPR, we’ve consistently seen that terms like “compliance”, “guide”, “ready”, “workshop”, and “webinar” have appeared in our reports, showing that the appetite for guidance remains – even with just over a month remaining. Given the constant appearance of these terms in our reports, we can expect that GDPR compliance training will remain big business for months to come.

A more interesting discovery is the appearance of terms related to the Facebook scandal. In the one word trending term list, we see Facebook appearing twice, in the context of words like “consent”, “privacy”, “protection”, and “law”. We also find a mention of Cambridge Analytica, Elizabeth Denham (head of the information commissioner and a proactive figure in the wake of the Cambridge Analytica expose), and Helen Dixon (the Irish Data Protection Commissioner, who spoke out against practices by Facebook in the wake of the scandal). The GDPR has always best known for its potential to finally humble Big Tech giants with the heavy fines which it threatens to levy, so it’s perhaps unsurprising to see that Facebook’s story has played out here.

Amongst the other terms of note here are references to ICANN (the US-based organisation in charge of namespace registration), blockchain platform and cryptocurrency YourBlock (which has appeared throughout all of our GDPR reports, and technologist and writer Scott Amyx, showing a broader range of interests than data protection alone). We also find evidence of more Spanish and French terms than in previous reports, reflecting the Europe wide nature of the conversation.

4. Top Page Rank finds that national information commissioners remain key to the conversation

Page Rank is one of the most common metrics for showing the importance of pages overall (not related specifically to the conversation). In our reports, it’s an easy way of seeing the relative big players who are engaged in discussing GDPR.

What we find are that for the first three users are the British, Spanish, and French Information Commissioners – part of a regular pattern. They are followed blockchain platform and cryptocurrency YourBlock which came in second last month. However, the majority of the list has changed from last month, even if several are familiar names – these accounts include Laurent Miltgen-Delinchamp, head of projects and solutions at Elgon S.A.,  Vera Jourova (Commissioner for EU Justice), French Secretary of State in charge of Digital Affairs Mounir Mahjoubi, and New York-based digital marketers Digiday. Some newcomers to the list are mailing service MailChimp, Marc Rees (editor in chief of French tech media company NextINpact), and of course, Facebook (courtesy of Zuckerberg’s hearing and the Cambridge Analytica data breach affecting 87 million individuals).

5. Top Connectors show a mixture of information commissioners, EU accounts, and tech consultants


Whilst Page Rank is useful, it doesn’t tell the whole story. That’s why we also look at betweenness centrality – a measure of how well an account does as a ‘node’, linking together accounts in the conversation about GDPR.

Our top two slots remain unchanged from last month, with the British Information Commissioner’s Office followed by GDPR and cybersecurity speaker David Clarke (two mainstays of our reports). Other familiar faces in the top 25 include Paul Nemitz, principal advisor at the Directorate-General Justice at the European Commission, French information commissioner CNIL, their Spanish counterpart AEPD, and EU Justice. Changes from last month include the EU Commission, blockchain platform and cryptocurrency YourBlock, and Virginian technology author and consultant Kevin L Jackson. The fact that the information commissioners are not clustered at the top (coming in first, tenth, and nineteenth place), and that we find a mixture of both EU users and private consultants is encouraging, showing a broader group interested in GDPR. At the same time, we again see no national politicians in this list: something we have (unfortunately) noticed in all reports to date.

6. Facebook makes its way onto top hashtags

Whilst hashtags don’t always tell a story, they can reflect major events over the past month. In this case, that’s why we see #facebook appearing for the first time in a GDPR report, albeit in seventeenth place. The remainder of the hashtags appeared in the previous report, although it’s worth noting that #privacy is up two places to third, #data up two to fourth, and #dataprivacy up one place to thirteenth (again, potentially a result of the Facebook hearing). By contrast, #cybersecurity fell three places to sixth, #compliance was down two to eleventh, and #cloud felt two places to fifteenth. The biggest rise in this report came for #fintech, jumping up fifteen places to sixteenth, followed by #ai, rising nine places to ninth.

Top Interesting largely mirrors top page rank

Top interesting is the category Cronycle uses for smaller accounts having a major impact on the discussion. Large follower counts aren’t everything, and accounts which appear here usually have a high level of expertise in the area.

Given that, it’s unsurprising that the British, Spanish, and French information commissioners all appear in the top ten (in first, second, and fourth respectively), reflecting their key role in informing other users. We also find YourBlock in third place (the only example of a blockchain related company ranking highly for top interesting).

Other familiar users from earlier in the report include Laurent Miltgen-Delinchamp, head of projects and solutions at Elgon S.A.,  Vera Jourova (Commissioner for EU Justice), French Secretary of State in charge of Digital Affairs Mounir Mahjoubi, EU Justice, Mariya Gabriel (European Commissioner in charge of Digital Economy and Society), and New York-based digital marketers Digiday – again, a mixture of private individuals, tech firms, and EU institutions, with just one national government figure.

Accounts of note which don’t appear earlier include Michael Nadeau (senior editor for CSO online), Australian strategist and data scientist Dez Blanchfield, ASCOM, a Spanish body of compliance professionals, and online GDPR data management system Shh Systems – the latter representing parts of a data protection industry which looks only set to grow as GDPR kick into effect.

7. Big Tech and media companies continue to lead top talked about

Top talked about captures the accounts which are tweeted about more than themselves tweet, and is usually a good way to see who’s missing from the conversation. As is expected, media companies rank highly here (since their articles tend to get high numbers of responses). Forbes leads, as has often been the case in our reports, with Wired in ninth, ZDnet in eleventh, the Wall Street Journal in seventeenth, L’Express in twenty-first, the Financial Times in twenty-second, and The Guardian in twenty-fourth. The particularly high proportion of news outlets in this report may well be a result of the high news coverage which data protection and privacy has received over the past month.

Big Tech also often appears here, so it’s not surprising that Facebook is ranked second given its recent scandals. Its partner in the story, Cambridge Analytica, whilst a far smaller account, also appears here in nineteenth place. Given the ephemerality of Twitter trends, we can the latter to vanish by the next report. Other Big Tech names include YouTube in fourth, Microsoft in tenth, and Google in twelfth.

Looking to smaller accounts, we find a diverse collection. In third, there is blockchain trading platform BitNautic, in fifth Forbes contributor Gil Press, and in sixth Lisa Leysen, a digital marketing specialist based in Cambridge.

8. Articles are hopeful about what GDPR can do to tame the wild west of the internet

For the first time this month we are also publishing the top ten articles for the month.

GDPR has promoted some great writing from both specialist and general publications. Here are the top ten articles from the month of March:


Even though it seems that many companies are still not compliant with GDPR – and won’t be when the deadline arrives – this month has provided a very strong rationale for even sceptics as to why data protection legislation must be strengthened. Cases like Facebook and Cambridge Analytica are detrimental to politics and democracy, and it seems unlikely that this was a one-off. We can expect to see that as GDPR comes into effect, an even greater deal of data protection scandals will be uncovered.

Never miss a story about GDPR by following our feed

Sign Up

If you are interested in using our data under an Attribution CC-By license to write a report, please contact us.

Discover the power of Cronycle for Teams

What to read next