Current Issue

  • Grip on Virtual Reality

     Simulators generating real-life revenuesRead More

  • Building a League of Your Own

     About 10 years ago, when I was new to the golf industry, I asked a club pro at a public course why they didn’t encourage more golf leagues as a way to fill the tee sheet and benefit from more food and beverage (F&B) sales. I still remember his grimace and his response — “Do you have any idea what a hassle it is to manage a golf league” — followed by a litany of challenges.Read More

  • The Growth Factor

     Eagle Nest is growing in size, scope and technical capabilitiesRead More

MORE CONTENT

Online Exclusives

  • Disaster Preparedness
  • Disaster Preparedness

    If you’re like most of us, the answer is no. It can be difficult to know where to begin and where to go from there. A disaster may be caused by carelessness, negligence, bad judgement or by natural forces such as a hurricanes, tornadoes or floods.Read More

September 2018

Hidden Identity

privacy-cover4.jpg‭

New data privacy laws mean change in business practices

By David Gould

Responding to a digital world ever hungrier for personal information, Europeans have placed new emphasis on data privacy and backed it with the rule of law.

Years in the making, the European Union’s recent General Data Protection Regulation is a growing hot topic in the U.S., as states like California eye their own versions. The GDPR is a comprehensive package of laws designed to counteract the capture, storage and leveraging of personal information by search engines, businesses and organizations of all types. As of late May, American companies are on the hook to abide by it — golf courses being no exception.

So, if a consumer from any of the 28 EU member countries purchased a tee time from you online or otherwise found their way into your marketing database, you’re required to treat their personal data and “behavioral information” according to stringent GDPR protocol. And this is truly about information — no financial transaction need take place for the full sweep of the law to apply. Even a seemingly innocent marketing survey would have to be fully anonymous in order not to invoke the new rules.

 What does compliance look like? To a great degree it’s about explaining and requesting. Companies that deal with citizens of EU nations must get used to asking — clearly and repeatedly — whether they can initiate communication, collect personal data and deploy it for business purposes. The golf course websites and management groups will have to tell EU-based customers what data they’re collecting, why they want it, how it will be used and how long it will be retained.

Along with being entitled to receive these explanations, the consumer across the pond is free to withdraw any and all consents they’ve provided. Furthermore, they must be reminded of this prerogative on a continual basis.

Two concepts that receive lots of attention in Europe are “privacy by design” and “privacy by default” — together they suggest a turning of the tide. Data that’s personal will move from individual control onto a server or the cloud not automatically, but when the person expressly OKs it. That’s the “default” aspect. “Design” refers to software code and other hard wiring. Through the years computer programs have had ever-more robust data-extraction tools built into them — that trend will be undergoing reversal.

If you’ve got associates in Europe, they can describe for you the opt-in checkboxes and confirmation requests popping up everywhere. It’s likewise for U.S. golf business with extensive trans-Atlantic activity. Michael Binchy, founder of Connecticut-based Owenoak International Travel Services, “received a barrage of queries” in early summer from European travel contacts about opting out of further communication. “Their emails to us were suddenly ending with prompts saying ‘Click this button if you no longer wish to hear from us,’” says Binchy. 

Under GDPR you can’t put the opt-out onus on the consumer, or set up pre-checked boxes the individual must un-check. In reply to that universal question of “when did I sign up for this?” GDPR requires that the date and time of someone’s consent be kept on file, along with the actual request form or documentation.

If that all sounds onerous, take heart that “territorial scope” is in your favor. A business cannot run afoul of GDPR if it does all its data collecting in the U.S. A citizen of a EU country who wanders beyond European borders and starts disclosing personal information electronically will not enjoy GDPR protection for what he or she provides.

As for penalties, golf courses that somehow run afoul of GDPR would be liable for a fine up to 4 percent of annual net sales. But is enforcement truly viable? Companies without a physical presence in the EU are seemingly beyond the long arm of the GDPR law, but reportedly EU courts have discretion to define certain data-collection activities of U.S. businesses as purposely intended to skirt GDPR compliance. Experts on the legal interface between EU and U.S. courts say cooperation around data protection is a shared high priority. 

What may be worth contemplating is GDPR’s possible seepage into American business practice. Protecting privacy is a concern over here, as well, and Europe’s new statute is already putting pressure on giant American firms like Facebook. The social media juggernaut, preparing to honor GDPR regulations in its treatment of EU customers, had indicated plans to do so for users everywhere, including North America. On the heels of subsequent statements that indicated second thoughts about the decision, Facebook came in for harsh criticism from opinion leaders in the tech world.

If data privacy matters to American voters and consumers, GDPR is the obvious gold standard for regulating it. Already, California has drawn its line in the sand, passing the California Consumer Privacy Act of 2018 in June.

By steps and perhaps by stealth, individual privacy could become increasingly protected in the U.S., with or without federal legislation.

David Gould is a Massachusetts-based freelance writer and frequent contributor to Golf Business.

Share/Bookmark

Leave a Comment

Yamaha Umax

Toro

Featured Resource

Bright Ideas Archive

Brought to you by ValleyCrest Golf MaintenanceBright Ideas Icon 
Access some of the most creative ideas golf course owners and operators have to offer within the Bright Ideas area of the GB Archive.Read More

September 2018 Issue
  • CONTENTS
  • DIGITAL FLIPBOOK


Connect With Us


facebooktwitterNGCOABuyers GuideYouTube