The EU’s GDPR: A Balancing Act Between Privacy And Prosperity
European Union rules aimed to protect personal data and force companies to increase online privacy measures — known as the General Data Protection Regulation (GDPR) — are already affecting those based beyond its jurisdiction, as most websites operate with those around the world in mind.
The set of regulations, described by many as lengthy but also ambiguous, are engulfing companies based in the U.S. and elsewhere. Initial costs to prepare and eventually comply with GDPR, which officially took effect May 25, are already significant, or at least projected to be.
Some studies estimate Fortune 500 companies will end up spending a combined $7.8 billion to avoid triggering the ire of European regulators, equaling an average cost of almost $16 million each.
“EU privacy laws have a history of being costly to the economy as a whole,” said Will Rinehart and Allison Edwards of the American Action Forum. “When the E.U. adopted the e-Privacy Directive in 2002, venture capital investment in online news, online advertising, and cloud computing dropped by between 58 to 75 percent.”
The increased expenses are at least partially due to hiring extra staff to legally decipher all the stipulations and to ensure they are being followed to the best of their ability.
While 82 percent of 302 C-level security executives surveyed by Netsparker, a web application security firm, said their respective companies have a data privacy officer (DPO), 77 percent expect to hire a new one to help with corporate GDPR compliance. Roughly 19 percent have felt the need to hire at least 10 DPOs.
But is complete compliance even possible?
“No. Full stop,” Ryan Hagemann, director of public policy at the Niskanen Center, told The Daily Caller News Foundation. “It also is not possible to be in compliance with GDPR given the competing and contradicting statutes at member-state levels within the EU, to say nothing of compliance with the laws of non-EU countries.”
Hagemann said counsels at big tech firms are probably really confused, like “everyone else,” and that “the only winners from GDPR are going to be the privacy lawyers.”
Several others TheDCNF spoke to agree, such as Ryan Radia of the conservative Competitive Enterprise Institute.
“GDPR is the latest example of an overbearing, unnecessary regulation from the European Union,” he said. “Even if GDPR modestly increases consumers’ perception of privacy by restricting innocuous forms of information sharing, consumers may still end up with less privacy if they respond to GDPR by sharing more sensitive data online based on the false notion that new regulations will meaningfully protect that data.”
Not everyone is so pessimistic. Both the Center for Democracy Technology (CDT) and the Electronic Frontier Foundation (EFF) — which tend to be allies in the policy arena — are fairly supportive, with the latter less so.
“It’s a thoughtful, detailed attempt to update privacy law for the digital age,” Danny O’Brien, the EFF’s international director, told TheDCNF. “It’s not the first or last word on modern privacy law: but it’s the first that’s really woken up many tech companies to the risks, as well as the benefits, of stockpiling and trading in private, personal information.”
http:// www.dailycaller.com/2018/06/03/gdpr-european-union-privacy-law/