Simon Coulthard August 03, 2023
When you consider that online surveys contain both freely given and unshared information, you'll want to consider the GDPR compliance of SurveyMonkey - or any website integration for that matter.
And in a world that’s increasingly digital, data privacy should be seen as a human right.
If you take that view - and we do here at TWIPLA - then businesses need to consider how they collect, store, and also process the data of individual users, and to ensure that it’s secure and private.
And even if you don’t, the General Data Protection Regulation (GDPR) does, penalizing companies that don’t handle the personal data of their customers properly.
This makes it essential to consider the law before using any digital platform.
So is SurveyMonkey GDPR compliant?
On balance, we'd have to say no. The platform uses cookies, and its data storage practices also don't meet GDPR requirements on cross-data transfers.
But let's go deeper and unravel this topic together!
Our advanced website intelligence solution will enable anyone to grow their website quickly - all while staying data privacy compliant!
Before jumping into the GDPR compliance of SurveyMonkey, let's familiarize ourselves with the platform itself.
Not that it needs much introduction. SurveyMonkey is one of the most popular online survey tools out there, and has been helping organizations to collect feedback from their customers for over two decades.
Based out of the US, the platform boasts 17.5 million active users. They’re spread out across more than 335,000 organizations around the world. SurveyMonkey even claims to serve 95% of Fortune 500 companies, making them the king of the jungle!
They’re big, they’re experienced, and the platform now also uses AI to automatically review survey design, and results. Taken together, this makes creating, launching, and analyzing surveys a breeze for everyone - making it a useful tool for anyone wanting to use customer insights to drive business decisions.
Surveys are a great way to collect the direct customer feedback you need for effective website optimization and business success.
They're also a great source of zero-party data.
And whether you're a beginner dipping your toes in the survey creation pool, or a seasoned market researcher looking for a versatile tool, SurveyMonkey caters to all.
It also has a fairly standard pricing structure for the modern martech market. The company offers a wide range of plans, and there’s something for everyone - from individuals to large-scale enterprises. SurveyMonkey offers a freemium package that has a range of basic tools, with more advanced features saved for its paid users.
However, its pricing models have drawn criticism. While its basic plan starts at $25 per month, the cost quickly escalates beyond $100 for the more advanced ones. This, coupled with a somewhat covert approach to its free plan restrictions, has left a sour taste for many users.
SurveyMonkey’s standing in the market is a mixed bag. On one hand, it holds a strong 4.4 user rating on G2, a well-recognized platform for unbiased software reviews. Users often laud its ease of use and the ability to download results conveniently. However, the plot thickens when you turn to Trustpilot, another popular review site. Here, SurveyMonkey's rating takes a significant dip, falling to a concerning 1.2.
Users have raised a slew of complaints ranging from the deterioration of functionality and an unintuitive interface, to poor cross-device compatibility and opaque pricing. With the free option now limited to just 10 responses, many users feel blindsided when they realize they have to pay a premium to actually use the survey they've created.
Ultimately, the GDPR compliance of SurveyMonkey and their like is important because they collect many different data points beyond simply question responses. Much of it falls under the scope of GDPR, and it is ultimately the user - not the platform - that is legally responsible.
This data includes:
Of course, collecting data is not in itself illegal. However, it’s important to understand the data practices of any martech you’re using, and moreover to take steps to ensure that it is handled correctly under data privacy laws.
More specifically, the collection and processing of personal data requires explicit user consent under GDPR and other data protection regulations, and any data collected should be minimized to what’s necessary for the task at hand.
SurveyMonkey's terms indicate that it collects personally identifiable information from users, both through the survey data and also via automated usage and behavioral data tracking.
Furthermore, SurveyMonkey states that they may share this information with third parties to improve or promote their services.
The service claims to collect and also store survey responses. However, the responsibility of managing and handling the data lies with the survey creator. While this might seem to absolve SurveyMonkey from any mishandling, it's a double-edged sword, putting extra pressure on the user to ensure data privacy.
Crucially, SurveyMonkey uses cookies. GDPR stipulates that explicit consent is required when tracking visits and user activity with these data files. SurveyMonkey states that it uses cookies for these purposes, but it's unclear how consent is sought from users.
The platform also stores most of its European customer data on servers in the US, something that raises significant questions about its compliance with GDPR.
This ties SurveyMonkey back to Schrems II - a judgment delivered by the Court of Justice of the European Union in July 2020.
In brief, Schrems II invalidated the EU-US Privacy Shield and imposed stricter requirements for transferring data from the EU to third countries like the US that don’t have an EU GDPR adequacy agreement.
Thus, for businesses using US-based Software as a Service (SaaS) solutions like SurveyMonkey, it’s critical to review compliance as these may involve data transfers to regions outside of the EU/EEA.
Considering these concerns around the GDPR compliance of SurveyMonkey, it's a good idea to explore SurveyMonkey alternatives.
One such option is TWIPLA. We're a privacy-perfect website intelligence solution that has been designed to fully comply with all global data privacy laws - including GDPR.
Our platform offers a range of visitor communication tools that include in-page polls and off-page surveys. Taken together, they offer businesses a comprehensive range of avenues through which to collect customer feedback.
However, TWIPLA is not just limited to visitor communication tools. It also offers complete website statistics and visitor behavioral analytics that businesses can use to optimize their website around their visitors and optimize strategies for growth.
Our advanced website intelligence solution will enable anyone to grow their website quickly - all while staying data privacy compliant!
In the digital world, data privacy and GDPR compliance aren't mere conveniences; they are necessities. SurveyMonkey, despite its popularity, has faced considerable scrutiny concerning its GDPR compliance. This concern has led users to seek SurveyMonkey alternatives that respect their needs and the law.
TWIPLA emerges as a superior, easy-to-use, and also GDPR-compliant solution in this landscape. It allows you to gather, analyze, and use your data without compromising on data privacy. As we traverse the path of data-driven decision-making, it's imperative to have tools like TWIPLA that operate within the realm of data privacy laws.
Take the leap today and sign up to TWIPLA!
It's not just about respecting user's data privacy; it's also about earning their trust. Because when it comes to data, trust is the currency that truly matters.
SurveyMonkey is a popular online service that enables businesses to create surveys, which are a great way to collect information from customers. The tool also enables users to easily analyze responses, which makes the surveys much more useful as an aid to, for instance, website optimization.
Yes, SurveyMonkey can collect personal data when included in surveys. They also collect user data for those utilizing their platform, and this means that the platform falls within the scope of GDPR and other personal data protection laws.
SurveyMonkey claims that it is GDPR compliant. However, it collects personal data and the platform states in its privacy policy that it may share data with third parties. It also uses cookies to collect data, and stores data on servers in the US. These issues all violate GDPR requirements, and mean that users have to be very careful about their data practices if they are to comply with the EU personal data protection law.
GDPR is concerned with personal data. If a survey is genuinely anonymous and cannot identify an individual directly or indirectly, GDPR doesn't apply. However, if any identifiability exists, GDPR is relevant.
GDPR is exclusive to personal data. It doesn't govern data about deceased individuals, data used strictly for personal or household activities, or fully anonymized data where re-identification isn't possible. However there are other laws - created to meet the requirements of the EU ePrivacy Directive - which apply to digital data that is not controlled by GDPR.
Gain World-Class Insights & Offer Innovative Privacy & Security
Keep pace with the world of privacy-first analytics with a monthly round-up of news, advices and updates!