After many years, the General Data Protection Regulation (GDPR), went into effect on May 25. In layman’s terms, GDPR means that European end users now get better insight into their data and its usage, as well as across-the-board access to control measures like opt-outs, the right to be forgotten, and data portability. It’s hard to argue that this isn’t for the greater good, on the surface at least. There are several issues that could lie lurking beneath the surface, especially when it comes to the global use of consumer data.
The potential problem is that the EU is not the whole wide world, and in the digital age, data moves freely around the globe in the blink of an eye. GDPR might set a precedent, but there’s no guarantee the rest of the world will implement the exact same rules and regulations. This has the potential to put European companies well behind their global competitors when it comes to innovation.
What about the US and Asia?
In the EU, GDPR was generally greeted as a welcome move, by consumers and many data-centric companies. It is already clear that GDPR will have a deep and profound effect, as less serious players will vacate Europe or simply close up shop altogether, while the remaining will position themselves as friendly and transparent data companies.
Things are different in the rest of the world. Aside from certain state-specific legislation, there are few signs that the US will migrate to a system similar to GDPR, especially with Trump as president. In Asia, this is even more unlikely, as data-driven products and services are pushing far into the personal realm. The exception perhaps being Japan, which already has similar legislation.
While some companies will introduce GDPR-compliance functions outside the EU, it is unlikely that the majority of companies collecting or processing consumer data will add potential cost-increasing and revenue-decreasing measures if they are not needed to.
The immediate conclusion would be that European consumers are, therefore, better off than their brothers and sisters around the globe. I’d argue that things are not really that clearcut.
The innovation war is fought on a global battlefield
The secondary effect of this newly created imbalance in global privacy regulations is that data-centric companies will have different growth possibilities and growth rates around the globe. Without taking into account that, for example, an individual Chinese company may or may not follow “good” privacy principles, it can be argued that, in total, Chinese data-driven companies will be able to launch, test and iterate products faster than European companies. Yes, Europe will be ahead of any other region in terms of innovation within privacy itself, but the applications and value of that will be limited compared to a general increased rate of innovation.
This effect is multiplied with the advancements offered by AI and machine learning, which require vast amounts of data to improve their algorithms and decision-making accuracy. Put very simply, access to 10 times the data might mean 100 times the value creation.
The privacy paradox
So, while most agree that GDPR is a good thing, and that end consumers should be protected, GDPR could create bigger privacy problems down the line than the EU set out to fix, due to the fact that it is not a global standard. Therein is the paradox.
Vital services such as finance, government, and health all rely on the use and protection of data. As technology advances, these services adopt and adapt in order to stay up to date. With GDPR, future advancements designed for these services is more likely to come from non-GDPR countries. This is simply because companies in other parts of the world will have the ability to build vast and complex platforms quicker than European companies can under GDPR rule.
Time will tell if this prediction holds through, but it could be that by 2050, our health data is cared for by a Chinese company. The EU would have little insight into the company, and little recourse to protect against data leakage. In the end, the legislation that set out to protect EU consumers will have ended up putting them more at risk.
Any company operating in Europe in 2050 will still have to comply with GDPR legislation, of course, but issues can arise when countries intermix state-driven and private-driven strategies. Chinese companies have a complicated relationship with the Chinese government, making it hard to determine how much influence the government has over private businesses. If Chinese companies end up working with EU data, then that EU data (and the citizens behind the data) suddenly has an indirect exposure to the China government.
The best remedy to this is global privacy legislation to create a level innovation playing field. But this is not a realistic goal. The second best remedy is for the EU to invest capital into European data-driven companies so that future finance, government, and health platforms are safe and in line with the ambitions GDPR set out to deliver on.
Companies based in countries with fewer regulations, such as China, will be able to grow quickly through their increased access to data, resulting in strong products. Without access to data, European companies will grow at a slower rate, resulting in weaker products. Even though technology products built outside the continent will have to comply with GDPR within Europe, the slower rate of innovation will make EU companies less competitive internationally and likely force them to cede the domestic marketplace to international competitors.
But lack of data isn’t a problem if companies have the same ability to survive over time. By making strategic investments in data-driven companies early on, the EU can help accelerate the rate at which a company develops a cutting-edge product, simultaneously spurring growth while maintaining GDPR compliance. The EU already has such a mechanism in place in Horizon 2020, an investment vehicle that is strategically involved in several companies. By adding an investment vertical focused on companies that build products on top of consumer data, this creates a vehicle to support growth across several verticals while complying with GDPR.
With this financial backbone in place, EU companies can, in theory, innovate at the same rate as companies in China and around the world. The end result is a model that continues to protect the end-users and also protects an EU economy that needs to embrace innovation to grow.