The General Data Protection Regulation (GDPR) has been ‘sold’ to European companies and consumers as an intelligent solution to data handling, and a force for good in an online industry that’s so often afflicted with sensitive data breaches. But is all as it seems? Neil Penny offers his view.
Since its implementation in May this year, there has been a ripple effect; consumers as well as companies have been affected, and not in entirely positive or beneficial ways. The European Union – the architects of the regulation – have positioned it as the most important change in data privacy regulation in two decades. It’s a system for the protection of personal data, and the regulation of free movement of data, that is meant to give the consumer greater control over the information that companies, and organisations hold over them.
It includes a right to access data through subject access requests, the right to be informed about what data is being collected, the right to be forgotten, and more. While at first glance it would seem accurate to describe these new rights as advantageous to the consumer, there is more to it.
One should first consider the fact that much of these rights simply expand upon services companies already provided. While they were not enshrined in Europe-wide regulation, profitable outfits that cared about maintaining positive relationships with their customers have been willing to rectify inaccurate data or inform customers what data is being held. And indeed, many companies have used their complaints departments and procedures to address objections by customers on the processing of specific data. This regulation simply codifies these processes and ensures every company abides by the same set of rules – and here lies the problem.
By codifying these common practices into a universal piece of legislation, consumer freedoms have been negatively impacted. Whether through new layers of bureaucracy and the inevitable frustrations that brings, or through the obstruction of positive technological advancement, consumers have been burdened with new problems.
Putting the bombardment of emails that consumers received over a period of months in early 2018 aside, access to many websites have been unceremoniously blocked in Europe. As of 25thMay, access to news sites like The Los Angeles Times, and the official website of the Association for National Advertisers was completely revoked in Europe. Some sites, ANA included, have since returned with a large disclaimer on the front page – but many others haven’t.
The disruption continues until today, with around one third of the top 100 American newspapers choosing to block access in Europe instead of attempting to comply with the new regulations.
Despite having two years to prepare for the new legislation, many companies outside of the EU simply chose to eliminate any risk of failing to comply with the new rules – and who can blame them? Slip up, and an organisation can face a maximum fine of €10 million, or 2% of their annual global revenue. For severe breaches, there is a maximum fine of €20 million, or 4% of the Company’s previous Global Annual Turnover (whichever is greater). So, if restricting access from a non-target-market means eliminating that risk, the opportunity cost appears to be well worth it.
This, in turn, hurts consumers. The Internet is a high-demand and data-intensive space to operate in. Customers want information, data, and services immediately – and whoever supplies it best will be handsomely rewarded. Those who cannot supply it are doomed to be replaced, but GDPR legislation gets in the way of this high-competition online ecosystem. With the lingering threat of government punishment, companies simply aren’t willing to compete to provide consumers with what they want.
Could this hampering of online competition, create a new, all-encompassing, digital oligopoly? There is a serious question to be asked here about who really is benefitting from GDPR laws. Let’s forget for the moment that the European Union will ultimately rake in millions over data mishandling and basic errors, and let’s consider the possibility that Big Tech could gain an even greater upper hand over smaller online operations.
In fact, Big Tech is just going to get bigger courtesy of GDPR. Big online platforms can afford to meet the high demands of the new regulation. At Code 2018, Facebook’s chief operating officer Sheryl Sandberg explained that while their efforts were expensive, their company was working closely with regulators and they were putting up new, expensive systems to ensure they comply with the rules. It’s all very well and good for Facebook, but what about new and emerging online companies who can barely afford their overheads, let alone the cost of a new dedicated Data Protection Officer?
So, who is benefitting more – the consumer, who can access their data more easily, or the big companies who now don’t need to innovate to fend off a threat from smaller, more innovative companies? Consumers once drove the market, nudging companies to innovate and compete with one another. Owing to the introduction of new legislation that impedes the growth of small innovators, the government has in effect hindered innovation and impeded the growth of new emerging markets.
This can be seen from another angle in the world of Artificial Intelligence. While small companies innovating in this field will face the aforementioned financial strangleholds, other sections of the new regulation ensure that companies use less accurate algorithms.
Through the ‘right to explanation’ – Articles 13-15 of GDPR – companies are obliged to provide customers with an explanation of how the algorithms they use make decisions, in relation to their personal data. Customers must also be provided with information about how algorithms makedecisions, meaning companies must choose between transparency and accuracy. This conundrum is compounded by the banning of the repurposing of data, according to Article 6 of GDPR legislations. By prohibiting this, algorithms cannot be fed new data that allows systems to create more accurate, targeted suggestions for users.
The Center for Data Innovation has expertly detailed this dilemma, outlining that GDPR simply gets in the way of AI advancement. That means stalling the progress of automation in the technological sector, creating less accurate/relevant targeted advertisements, and potentially raising prices on some services owing to the increased costs of using EU data centres. These do not add up to a good customer experience.
In fact, this sorely hurts the European consumer – increasing prices, creating annoying commercial and advertising experiences online, and getting in the way of convenient new AI services on mobile devices.
This all leads to one question: who is really benefitting from GDPR?
We’ve seen that it is not the consumer, and we’ve seen that it is not small business. A concerted effort by big government to ‘improve’ customer experience and ‘protect’ customer data, Big Tech has been handed one giant favour. Competition has been negatively impacted, and big companies given the opportunity to engulf and swallow other operations. GDPR has done to the Internet what chain stores did to the high street.
Neil Penny is a Director of Enarpee