By Kai Weiss*
It’s finally over: the flood of e-mails that every single human being who possesses an inbox has received in the last few weeks thanks to the new data protection rules by the EU. These rules, called GDPR, have caused havoc even before becoming effective on May 25, and have probably caused the greatest spam wave of all time – all in the name of fighting against spam of course.
The GDPR rules were designed to protect European consumers from data violations by big tech companies (Brussels thinks that Facebook, Google and Co. are abusing the rights of its people), and include – just as a best of – a “right to be forgotten” (meaning that Europeans can ask companies to delete all their data), “consent” (meaning that the data being processed by a company has to be consented to by the individual – though what “consent” means is still disputed), an obligation to hire a data protection officer if you are a bigger company, and above all else, hefty fines for infringements. Those infringements shall “be subject to administrative fines up to €20,000,000, or in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.”
What has been the result of these data protection rules after a little over a month? Summing it up in one word would probably be: chaos. As the trillions of e-mails that were sent around the globe showed, no one really understands what the rules are all about – or what to do about it.
On the day the rules came into effect, several US pages panickingly switched off their platforms in EU countries, among them the Los Angeles Times, the Chicago Tribune, New York Daily News, and Orlando Sentinel. But not only newspapers have blocked Europeans ever since: the list also includesShoes.com,Instapaper, and the History Channel. Meanwhile, ad companies, being hit the most by the new rules, have pulled out of the EU altogether, including Drawbridge and Verve , citing the GDPR as the reason that they can’t continue their business on the Continent anymore. Those staying have had to incur gigantic costs: British companies have reportedly sunk 1.1 billion dollars, and Americans 7.8 billion in preparation for GDPR.
Meanwhile, Europeans have been left grappling what to do. This is especially true for small- and medium-sized companies, NGOs, the press, and think tanks. Indeed, this has led to one profession profiting quite a bit from GDPR: lawyers. As Politico reports ,
for lawyers, the GDPR’s gestation period has amounted to a cash bonanza. Legal professionals refer to the 88-page law as the “gift that keeps on giving” due to the rich stream of billable hours and contractual work that come with it.
Realizing something? In all of the chaos, we haven’t mentioned Google and Facebook a single time. Now, it is true that the two corporations were hit with lawsuits of 8.8 billion euros on the first day. Those were filed by Austrian activist Max Schrems, and one single quote of his will be enough to see his understanding of voluntary cooperation in a market system:
Facebook has even blocked accounts of users who have not given consent. In the end users only had the choice to delete the account or hit the agree button – that’s not a free choice, it more reminds of a North Korean election process.
To translate: Facebook blocking users who do not agree to the conditions to use Facebook is the same as the election process of the world’s most evil dictatorship.
Other than that, however, experts have warned for a long time that it’s likely that big tech companies, which are first and foremost the intended victims of GDPR, could actually profit from the new rules. “Google and Facebook were already dominant in this market before Europe’s new rules came online. Now, they are even more so,” write Laurens Cerulus and Mark Scott.
This is the case because “big tech” had much more resources to adjust to the new rules in time. Google for instance had prepared for over a year and updated over 12 million contracts, also informing its users about changes. Thus, while normal ad companies might have to leave the European market or incur massive costs to adjust, Google and Facebook will struggle less. Perhaps those ad companies, trying to not go out of business, will even shift their ads to … Google and Facebook, making the tech giants even bigger. This was to be expected: after all, regulations are easier for large companies to get used to, while smaller ones will struggle. The GDPR only seems to be another example of that.
The EU’s reaction to all of this has been one-of-a-kind: the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, when asked about the difficulties small companies have with the GDPR, replied saying that even she of all people is able to understand what the law means. An interview with the German Die ZEIT went like this:
ZEIT Online: Big corporations can simply call a lawyer to implement the GDPR. But smaller firms, especially bloggers and clubs, often don’t have the money for that and don’t know how to implement all criteria.
Jourová: They should send me an e-mail.
It’s needless to say that this “proposal” has been a little overoptimistic. In the meantime, it turned out that the new rules are not even valid for EU institutions. After the European Commission had a leak of personal details of hundreds of European citizens – which would have constituted a breach of the GDPR, the Commission announced that the rules will not affect the EU itself, citing “legal reasons.” Indeed, the EU will get its own laws somehow “similar to the GDPR” in fall of this year.
All of this would be quite amusing, if not for all the unintended consequences. The GDPR hurts European consumers, companies, its competitiveness and the European economy at-large, all in the name of hurting evil corporations (which it doesn’t do). It is true that in the age of big data we may need a rethinking of data ownership . But the GDPR will not help one bit – just one month with it has made this clear already.
This article was published by the MISES Institute.