EU starting a worldwide domino effect in data protection?17 Mar 2020 - 13:00
A privacy scare exists in our world today. With the General Data Protection Resolution (GDPR) of May 2018, the EU is using its power and push as a regional block to start a worldwide domino effect in regulating data protection. It calls for more transparency in companies while granting people full control over their information. Yet, as much as it aspires to be the new global standard for governments to follow, the GDPR is nothing more or less than a step in the right direction.
The GDPR allows individuals to question the use of their data, correct any errors in their information, take their data to a competing service, seek answers about several algorithms, ask to be erased off of any corporate records and much more.1 Companies have to give consumers the exact details of what information they need and why.
The consumers, in turn, have to consent to this information being used by the companies. Those who violate GDPR requirements can face a fine of 4% of their annual global turnover or 20 million euro – whichever is greater.
It is very much possible that the whole of Europe sees a different internet as compared to the rest of the world
Since GDPR applies to any company that interacts with the EU’s people or its digital market, it is applicable to almost all multinationals, smaller companies, organisations and universities. Therefore, it is very much possible that the whole of Europe sees a different internet as compared to the rest of the world.
Many countries have followed suit. Brazil introduced its General Data Protection Law in August 2018, mirroring much of the GDPR provisions and making itself second in line to introduce a wide-reaching data policy. Even Japan amended its Act on Protection of Personal Information in 2017 to fall in line with GDPR. South Korea is proposing amendments to its Personal Information Protection Act and Thailand introduced its first Personal Data Protection Act – to meet EU guidelines.2
There are still huge countries that are not ready to revamp their privacy laws, knowing well enough that it would create obstacles for their flourishing economies. The California Consumer Privacy Act of 2018 is as close to the GDPR as the US has ever gotten, and yet it is way softer than the latter. Even Canada’s Personal Information Protection and Electronic Documents Act is often criticised for falling short of the GDPR.
China, infamous for its data localisation, goes a step ahead of the GDPR by putting all controls in the hands of the government. Unlike under GDPR, wherein organisations are expected to be careful with the data, China’s Cyber Security Law instils all the power in the government to secure that data and does not give people any control over it.
By regulating data transfers, it is likely that big companies in tech-minded economies like China and the US will have an advantage over their European peers
The GDPR also does not come without its set of problems. It may result in the EU tech-economy facing a competitive advantage from their peers. We are now heading into the fourth industrial revolution driven by technologies like Artificial Intelligence (AI), which require data to function. Thus, by regulating data transfers, it is likely that big companies in tech-minded economies like China and the US will have an advantage over their European peers.
Secondly, it has also been critiqued for ‘creating needless regulations’ where technical solutions could have been easier. Related to this, smaller economies with emerging markets are less likely to add extra layers of legislation for data that they could work well without. Lastly, critics have also pointed out that GDPR could very well be just another kind of European protectionism.3
So, is GDPR an answer to the world’s privacy scare? Yes, but with a long way to go. The EU has presented a glowing illustration of the wonders that governments can do in order to serve their people rightly. GDPR in itself is a trust-building exercise, not only between the citizens and the states but also between companies and their consumers.
GDPR accounts for provisions that a layman would have never thought necessary and hence, it makes sure that people know about, and wield correctly, their fundamental rights to privacy and data protection.
As a gigantic trade partner, the EU might have been able to convince medium-sized economies to follow through but is still struggling with big nations
Even though it is the farthest a government has gone in terms of data protection, the EU still does not take into consideration the excessive administrative load that would be applicable because of GDPR. Using its position as a gigantic trade partner, the EU might have been able to convince medium-sized economies to follow through but is still struggling with big nations.
A privacy scare exists in our world today and it is likely that only national governments can protect us from this. Although the EU has done just that, we will likely move lightyears ahead in terms of technological developments in the coming years. Even a policy like GDPR will need to be dynamic enough to respond to these upcoming revolutions.