Thank god for regulation
One year on in the GDPR. The MadHATTERs Editorial, 30 May 2019.
MadHATTERs Weekly
click here to subscribe
Alec Stapp, a blogger and analyst, and then a venture capitalist (an American venture capitalist) wrote about “one year on after GDPR” in a little piece this week.
He identifies astronomical costs of compliance, numerous unidentified consequences of “data rights” claims, and an undermining of market competition.
“All-in-all, about what we expected.”
This is normal America stuff.
The European Data Protection Board statistics identify €56m in fines, 90% of which are from a single case leveled against Google. There were 281,000 cases brought (complaints, data breach notifications, and “other”).
37% of these are ongoing, 63% are closed, and the rest (lolz) are under appeal.
To get ready for the law, Microsoft is rumoured to have spent “1,600 engineers worth” (a universally-recognized unit of measurement) of effort on compliance. Google called it “hundreds of years of human time.”
Money well-spent it seems.
If you are Google, your (now-compliant) ad tracking software appeared on a few more websites the day after GDPR was implemented (not less). If you are Facebook it was less by 7%. If you were anyone else you apparently lost between 20–40% of your ad demand.
If you are a startup, you saw a 50% drop-off in available venture capital (I have no idea how, but there you go). 55% of merger and acquisition deals may have fallen apart because of it. Scientific research may have gotten harder.
One of the things identified in this work was what the analyst calls the “unintended consequences” of GDPR. If the law is a sort of “bill of rights” for user privacy, many of those rights can (apparently?) be used for nefarious purposes.
If a users’ account is hacked, can the hacker use right of access to get additional data? Is the right to be forgotten in conflict with the public’s right to know a bad actor’s history? The right to data portability may create an attack vector for hackers to exploit, and the right to opt-out of data collection creates classic free-rider problems that can lead to market failure (even if it probably won’t).
Now weigh all of that against the upside. A law exists in this land whereby the individual rights of the citizen in a digital context are held in high esteem against the corporations building the landscape to which they hold claim.
Too high a price? Just high enough?
Pennies?
Thank god for regulation.
MadHATTERs is a weekly newsletter covering technology, personal data, and the Internet. Its perspective championing decentralised personal data is led by the Hub of All Things. Learn more about the HAT, subscribe, or read more MadHATTERs online at www.hubofallthings.com
