Is It Time to Stop Complying With Compliance? If So How?

Paul Boag

I cannot help but feel the online user experience is being systematically undermined by legislation, overzealous compliance and corporate ass-covering. It falls to us to defend the user. But how?

I am increasingly feeling like the European Parliament is destroying the web one good intention at a time.

First, there was cookie legislation that led to a proliferation of overlays that users had to close (without reading) before they could view a site.

Now there is GDPR that has led to more ‘spam emails’ in a one month period than I have ever received. Not to mention the subsequent additional overlays that this seems to have spawned.

Like so many websites IGN is completely unusable until you dismiss multiple overlays.

However, we cannot place all of the blame at the European Parliament’s feet. These consequences were certainly not intentional and nowhere in their legislation does it suggest overlays or millions of GDPR emails.

Are compliance teams to blame?

That lies squarely at the feet of compliance and legal teams. But it would be wrong to turn them into the bad guys either. After all, they are just doing their job, and it is not made easier by the legislation they have to work with.

Rarely is any legislation black and white. Its wording is often vague and open to interpretation. For example, a piece of legislation might talk about “informing users” or “getting consent” but what do those things mean in practice?

“Informing users” could refer to a massive overlay or a small link to a policy page. “Getting consent” could involve completing an extensive form or you could presume consent by the fact somebody is using your site.

Of course, if you work in a compliance team, you are going to err on the side of caution. After all, it is your job that is on the line if your company gets successfully prosecuted. You cannot blame them for that!

Where then does the blame fall? Well, it should be apparent by now that no one person (or team) is to blame. But we have to take our share of the responsibility too.

We need to take responsibility

The problem is that we don’t push back when compliance and legal ask us to add that intrusive overlay, incomprehensible terms and conditions or extra form fields. Instead, we accept them as inevitable. That or we become confrontational, which is equally dangerous.

I believe it is time to shift our relationship with compliance and legal teams. For better or worse it is evident that the web is going to be more and more heavily regulated in the future. That means we are going to need to start working much more closely with these disciplines to ensure that our companies comply with the law while avoiding undermining the experience.

That means we are going to have to educate our compliance colleagues about the consequences of their actions. At the moment, they are mostly unaware of the cost to the business of their rather stringent interpretation of the law. All they can see is the consequences of non-compliance.

Sure, you might have told them. But telling people is not enough. You need to show them. We need to carry out usability testing and multivariate tests on prototypes that both include their recommendations and exclude them, so the difference is noticeable.

Also, if possible, we need to try and place a financial cost on these compliance issues. For example, if testing shows us that a compliance notice causes a 10% drop in conversion we can assign a value to that.

That allows senior management to see the cost and make a judgement about how stringently they wish to implement legislation.

We need to educate ourselves

But it is not all about educating other people. We need to educate ourselves too. We need to understand this legislation better ourselves. Not just the rules the compliance people set for us, but the actual law itself.

If we understand the wording of the legislation, then we are in a better position to work with legal and compliance to find a compromise that everybody is happy with.

We need to start collaborating with legal teams in the same way as we work with developers, copywriters or indeed anybody. We need to stop seeing them as a roadblock, but rather as a partner in creating a better experience. Until we invest time in working with them in a close relationship, we will continue to see a web strewn with overlays and incomprehensible terms and conditions.

Thanks to Sarawut Aiemsinsuk from Shutterstock for allowing me to use this image