GDPR One Year Later

One year ago, GDPR sent digital businesses scurrying to hire lawyers and update their privacy policies. In many ways, the digital privacy movement has only just begun.

By Xische Editorial, June 7, 2019

Source: VendeDesign/ Shutterstock

Source: VendeDesign/Shutterstock

It has been one year since the European Union made into law one of the most ambitious pieces of data legislation in the history of the internet. The General Data Protection Regulation (GDPR) came into effect with a bang on May 25, 2018. Under the leadership of ambitious European lawmakers, the GDPR promised better consumer protection on the internet and a closer look at how major technology companies operated in the digital marketplace. While high-profile tech giants like Google and Facebook have received fines in Europe over the past year, the GDPR has left the spotlight of mainstream news.  

We have explored the nexus between regulation and innovation in several pieces since the GDPR came into effect, and the latest regulatory steps offer new insight into what’s next for digital charters that govern how consumer protections and data rights are handled. But first, we should review why exactly the GDPR was so influential. On the first day the legislation was passed into law, Facebook and Google were hit with a series of lawsuits concerning how the company handles user data and pushes users to give up their data. These lawsuits included prospective fines of $8.8bn. There have been dozens of other lawsuits over the last year for companies large and small.

According to the popular technology website Gizmondo, “GDPR is the landmark regulatory regime designed to create and enforce digital privacy rights in an era where it feels like the internet – and the data-greedy businesses that profit on it – has long since outpaced the law. The main weapon GDPR wields are fines that could, in theory, reach up to 4% of a company’s total yearly revenue. Armed with the GDPR, national privacy regulators in Europe would finally have the capability to facedown Silicon Valley’s tech giants.”

Indeed, data privacy and protection are the primary concern with this historic piece of legislation. These issues need to be front and centre in the minds of lawmakers but they must be careful not to create laws that stifle growth in the technology sector. Moreover, we are concerned by the obvious lack of insight into how technology companies operate (especially among US lawmakers). Without a deep understanding of how companies like Amazon, Facebook, and Apple make their money, sensible regulations will be virtually impossible.

As the home to Silicon Valley, American lawmakers recently embraced the mantel established by the EU with the GDPR. At the end of May 2019, news of possible antitrust action against the world’s leading tech companies demonstrated just how much regulation of the digital space is proceeding.

The EU’s GDPR is a step in the right direction but by no means the end of the regulation story. In fact, several other data protection laws have been put into place over the last year that represent a clear progression in the sector. Canada’s new digital governance law is one such bright spot.

The 10-point digital charter lays out the government’s basic principles for online governance, including universal access, safety and security, user control over personal data, transparency and portability, and keeping digital platforms free from hate and violent extremism.

Reporting on the legislation, Monocle Magazine wrote, “The plan intends to improve transparency regardless of how companies use data, imposing fines when such laws are violated. The government began consultations last June and, with the charter’s release ahead of October’s federal elections, it’s clear that the Liberals see digital privacy as a pressing issue. But the government won’t introduce any substantive legislation until after the polls. In the wake of the 2018 Facebook-Cambridge Analytica data scandal, the country is anticipating foreign meddling in its election and that’s why Canada needs to bring big tech to heel sooner rather than later.”

Not only is Canada ensuring its own government systems are secure during an election year but it’s also responding to voter concerns about data privacy. The GDPR, as one of the first major Western pieces of data legislation, paved the way for Canada’s overhaul. We can only expect similar (and long overdue) pieces of legislation in other countries as well.

Technology companies are also answering the consumer desire for better digital privacy. At its annual developers conference in early June, Apple introduced several privacy enhancements to its line of products. A new feature that allows users to sign in to websites through Apple is a direct competitor to similar services offered by Google and Facebook. The only difference is Apple won’t track your activity on those sites nor share personal data in the way Google and Facebook regularly do.

The GDPR started a trend that will only become stronger in Western capitals. As we have noted, strong consumer protections already exist in countries like China but they come at the expense of public and private separation. To keep the internet open and thriving, smart regulation is needed now more than ever.