Unpacking the privacy–personalisation paradox in GDPR-2018 regulated environments: consumer vulnerability and the curse of personalisation

The paper addresses the privacy–personalisation paradox in the post-GDPR-2018 era. As the regulation came in a bid to regulate the collection and use of personal data, its implications remain underexplored. The research question is: How do consumers perceive the matter of personal data collection for the use of highly targeted and personalised ads post-GDPR-2018? The invasion of privacy vs the benefits of highly personalised digital marketing.

To address the research question, this qualitative study conducts semi-structured interviews with 14 individuals, consisting of average users and digital experts.

This paper reports on increasing consumer vulnerability post-GDPR-2018 due to increased awareness of personal data collection yet incessant lack of control, particularly regarding the repercussions of the digital footprint. The privacy paradox remains an issue except among experts, and personalisation remains necessary, yet critical challenges arise (e.g. filter bubbles and intrusion).

Policy implications include education, regulating consent platforms and encouraging consensual sharing of personal data.

While the privacy–personalisation paradox has been widely studied, the impact of GDPR-2018 has rarely been addressed in the literature. GDPR-2018 has seemingly had little impact on instilling a sense of security for consumers; if anything, this paper highlights greater concerns for privacy as users sign away their rights on consent forms to access websites, thus contributing novel insights to this area of research.