Why GDPR stretches way beyond Europe

That’s right, it’s another article about GDPR.

Go Back

25 May 2018 will be a happy day for marketers, copywriters and digital devotees everywhere: GDPR will finally come into force, and we can all stop talking about it.

If the commentariat is to be believed, it’s going to be a sort of Yeatsian Second Coming. Everything standing in its way will be obliterated, from email lists to farmers (for a rundown on the content marketing perspective, Content Desk is the way to go).

Businesses are scrambling to ensure compliance before the deadline – or, at the very least, kick up enough of a fuss to make compliance look like a priority.

But the truth is the effects of GDPR are difficult to decipher. Given how many firms do business in the EU, can we really expect the fines to start coming thick and fast on 26 May? Will the reaction prompt old content formats to receive a boost? For now we can only guess.

But as the preparations for GDPR Day reach their heady climax, one thing is clear: it’s prompted a seismic shift in how businesses and governments view data. It’s this change in attitudes, more than any immediate costs or format floundering, that will define its long-term legacy.

The push of regulation…

Although most businesses are biting the bullet and prioritising GDPR compliance across their work, others are taking a more creative approach: trying to run away from it.

Among the pioneers of this new strategy is social media giant and all-round online reprobate Facebook.

According to Reuters, the majority of Facebook users have signed their terms of service with Facebook Ireland – not California-based Facebook Inc. Their solution was to move non-European users (all 1.7 billion of them) on to agreements with Facebook Inc. instead. Thus, this avoids the strictures of GDPR by placing them under laxer, less specific US data regulation (more on this below).

Facebook has claimed this is all above board as users will be covered by the same privacy terms wherever they’re based. Obviously this is not hugely comforting given the company’s record in this area.

Smaller tech firms are also jumping on the bandwagon for jumping out of Europe. Verve, a US-based mobile marketing firm specialising in location data, has declared its intention to mothball London and Munich offices due to the regulatory environment being “not favourable”. Whether this is the full story is another matter – sceptics might suggest transplanting a US model on to European shores was always going to be a bit of a money pit.

But, scapegoat or not, it illustrates how GDPR’s shockwaves are already sending overseas businesses big and small back from whence they came. And, in the process, new spheres of influence around data are being created.

…and the pull of privacy

Companies can run away from regulation now, but their ability to hide indefinitely looks doubtful. As scandal after scandal surfaces about digital giants’ cavalier handling of user data, the conversation around privacy has evolved.

Gone are the days when consumers would willingly hand over their data and governments could turn a blind eye. Businesses who think they’ve found somewhere to hide may be found out sooner than they think.

Some argue GDPR will entrench the galumphing giants it was supposed to reign in, as the likes of Facebook and Google are far more able to adapt to regulatory change than newer industry entrants.

This may well be accurate, and has big implications for duopoly dominance across the continent. But another implication of GDPR, especially in light of Zuckerberg’s public outing to answer for his data-squandering ways, is the new standard it is helping to set for privacy right across the world.

Lawmakers as far afield as Australia are suggesting privacy laws need a new lease of life. Even in America, that regulation-light utopia, senators are surging forward with new proposals to improve data protection. Although flimsier than GDPR in places, its introduction shows how far recent events are giving privacy proponents renewed momentum. Zuckerberg himself has conceded the time may be right for greater government oversight.

Whether GDPR is a revolutionary moment or a damp squib, such examples illustrate the regulation’s importance in spearheading a period of serious global soul searching around where and how personal data is used.

If this is its legacy, it’s a momentous one.

Thomas Lawrence