This Is *NOT* an Update on ITIF’s Privacy Policies
Your email box is no doubt under siege with emails asking for consent to keep you on a mailing list or notifying you of impending changes to a privacy policy you never read in the first place. Organizations are scrambling to comply with Europe’s new data protection law—the General Data Protection Regulation (GDPR)—and, fearing the prospect of steep fines and uncertain about what the new rules require, they are sending out alerts to shield themselves from liability, even though in many cases, it’s not necessary.
This is emblematic of one of the core problems with the GDPR: It is a confusing and impractical set of rules that organizations must dedicate an enormous amount of time and money to comply with, but it offers consumers little to no benefit. Instead of hiring engineers, companies are hiring privacy lawyers. Instead of investing in R&D, companies are buying GDPR insurance.
Fortunately, this is also a teachable moment. No, it is not an opportunity for companies to learn how to better protect consumer data—they are too focused right now on avoiding fines. Instead, it is an opportunity for policymakers to discover the consequences of laws demanding privacy at any cost.
We are already witnessing the fallout:
- Instapaper, the popular online service for saving articles and webpages to read later, announced that it was indefinitely suspending service for European users.
- Klout, the social media startup acquired for $200 million in 2014, revealed it would shut down its well-known reputation score service on May 25.
- The Czech social media company, Seznam.cz, said it will shut down its social network due to the new regulations.
- Uber Entertainment, an online gaming company, shut down its Super Monday Night Combat game because of the rules.
- And the blockchain startup Parity announced that its identity verification service will shutter as a result of the new law.
In short, the GDPR is an innovation killer. And the list of victims will keep growing as compliance costs for businesses increase and online ad revenues decrease.
But while it is too late to stop GDPR in the European Union, other countries do not need to go down this dark path. Instead of heavy-handed rules, they should be streamlining their regulatory systems to promote light-touch regulation of the digital economy focused on preventing consumer harm and enabling digital innovation.