This Is *NOT* an Update on ITIF’s Privacy Policies

May 24, 2018

(Ed. Note: The “Innovation Fact of the Week” appears as a regular feature in each edition of ITIF’s weekly email newsletter. Sign up today.)

Your email box is no doubt under siege with emails asking for consent to keep you on a mailing list or notifying you of impending changes to a privacy policy you never read in the first place. Organizations are scrambling to comply with Europe’s new data protection law—the General Data Protection Regulation (GDPR)—and, fearing the prospect of steep fines and uncertain about what the new rules require, they are sending out alerts to shield themselves from liability, even though in many cases, it’s not necessary.

This is emblematic of one of the core problems with the GDPR: It is a confusing and impractical set of rules that organizations must dedicate an enormous amount of time and money to comply with, but it offers consumers little to no benefit. Instead of hiring engineers, companies are hiring privacy lawyers. Instead of investing in R&D, companies are buying GDPR insurance.

Fortunately, this is also a teachable moment. No, it is not an opportunity for companies to learn how to better protect consumer data—they are too focused right now on avoiding fines. Instead, it is an opportunity for policymakers to discover the consequences of laws demanding privacy at any cost.

We are already witnessing the fallout:

In short, the GDPR is an innovation killer. And the list of victims will keep growing as compliance costs for businesses increase and online ad revenues decrease.

But while it is too late to stop GDPR in the European Union, other countries do not need to go down this dark path. Instead of heavy-handed rules, they should be streamlining their regulatory systems to promote light-touch regulation of the digital economy focused on preventing consumer harm and enabling digital innovation.