First the good news: from Friday you will receive no more faux-cheery ‘We Are Updating Our Privacy Policy’ emails. Tomorrow is GDPR Day, when Europe’s General Data Protection comes into force. It is one of the most stringent privacy laws ever enacted, replacing the UK’s Data Protection Act 1998, forcing companies to explain how they handle data, and to delete information upon request.
Privacy advocates adore GDPR, which they see as an attempt to stymie a data-hungry tech industry that has spiraled beyond control. Companies are, unsurprisingly, less enthused. Red Herring has spoken to countless startups and multinationals about GDPR. Opinions range from cautious to outright hostility. Compliance costs among Fortune 500 firms are set to reach almost $8 billion. Worldwide it could reach $150bn. Little wonder founders are unhappy.
Some startups, like Instapaper, have cut use to European users while they continue to tinker with their platforms’ innards beyond deadline day. Others worry their business models will simply not survive the legislation. Mobile marketer Verve announced in March that it would shutter its platform in Europe. Social media monitor Klout, and adtech firm Drawbridge, will disappear altogether.
Big players have been quiet on GDPR. Others believe they will inevitably fall foul of the rule, and have set aside money for court. There will undoubtedly be cases brought in the coming months, as Brussels attempts to make good on its promise to target tech. It has already done so with regards to tax practices and antitrust, to varying degrees of success.
That is not necessarily a bad thing: GDPR is for the good of users, not growth. And perhaps it is good to have the odd bulwark, in an industry that has strived to shoot first and ask questions later. That will do little to assuage the real fears of SME founders, however, who are simply unsure as to whether they will be GDPR-compliant or not. Tech is preparing for a legal bloodbath.