GDPR: Is Europe crazy?

At last week’s IACCM Americas conference, many delegates were stunned by what they learnt about GDPR, the data privacy regulations that the European Union plans to impose from May next year. One observed that this is ‘another example of the law operating contrary to reality’.

It isn’t just the scale of fines that matter (up to 4% of annual revenue), but the extent of what will be deemed ‘private data’. As Apple’s head of litigation observed at a conference this week: “The challenge is that it applies to all personal data, meaning any data that can be used, ultimately, to identify who you are. So it’s far beyond your name, your Social Security, your bank account. It’s your IP address, or your device ID, or a reference number to a customer, or a complaint or question that you brought in. For any organization, beyond tech, it just covers just about anything.”

This legislation is costly; it is questionable how companies will comply; and there is no real evidence that anyone (beyond the ivory tower of the European Commission) actually wants it. When they discover the impact of this legislation, there is every chance that consumers will complain because it means more checks, more clicks, more validations and more focus on giving specific authorizations regarding use of data.

For corporations (and government) GDPR places a heavy burden on processing costs, which will inevitably fall back onto consumers in the form of higher prices or taxes. The level of technology investment required to protect data continues to spiral; the sophistication of nations interested in hacking continues to grow. Adding these further layers of required protection challenges European competitiveness in international markets.

Ultimately, as with too many regulatory initiatives, the rationale and benefits are unclear. Cynics might suggest that the real purpose behind this is that it is another way to fill the EU’s coffers with money from fines. When the consequences – as in the case of GDPR – are so profound, there surely should be a much greater engagement with the wider population to obtain their support.