Many European politicians have touted the General Data Protection Regulation (GDPR), saying it would “level the playing field” against the American internet companies and empower European consumers. Strand Consult was skeptical of these claims, having seen similar un-evidenced policymaking before on net neutrality. Indeed Strand Consult has documented how this policy has had the opposite of its intended effect. Net neutrality rules were supposed to create the next Google or Facebook from an EU country. Instead the only countries which have platforms that rival Google or Facebook are Russia and China, countries with no net neutrality rules.
As for GDPR, Strand Consult predicted in its report Understanding the GDPR and Its Unintended Consequences that the largest firms would benefit at the expense of small players and that consumers would experience either no improvement or a decline in utility. The report also describes how pseudo pro-consumer policies are a front to increased government power at the expense of consumer freedom. Strand Consult’s predictions have proven true according to a variety of sources, as noted below.
The unintended consequences of GDPR are bad news for the telecom industry. They will have a negative impact on the value chain of companies that will develop and deliver services on top of the upcoming 5G networks in Europe. Strand Consult observes how the EU is already behind on pre-5G products and services, and that GDPR only makes it worse. The US and China are racing ahead on 5G and Europe continues to fall behind on network investment and 5G product and service development. Moreover Europeans are missing out on the social and technological transformations already afoot in the US and China where consumers have adopted pre-5G products and services.
GDPR´s impact on venture investment in Europe
Just as hard net neutrality regulation has been shown to have a negative impact on mobile app innovation, GDPR has shown a negative impact on venture capital investment. The National Bureau of Economic Research, the leading economic institute in the USA, has published research by the former chief economist of the Federal Trade Commission (FTC) and two academics at the Illinois Institute of Technology. Using Crunchbase data from VC deals in the US and EU from July 2017-Septeber 2018, it analyzes the post-GDPR effects on EU ventures, relative to their US counterparts.
The negative effects manifest in the overall dollar amounts raised across funding deals, the number of deals, and the dollar amount raised per individual deal. Specifically this has translated into a $3.38 million decrease in the aggregate dollars raised by EU ventures per state per catetory per week, a 17.6% reduction in the number of weekly venture deals, and a 39.6% decrease in the amount raised in an average deal following the rollout of GDPR. These declines are associated with losses projected between 3,000-30,000 jobs.
The paper was featured at a public hearing by the American competition authorities FTC which is conducting a process over many months to determine the actual impact of data regulation. The open and transparent policy process in the US makes a stark contrast to the EU where policy influencers can mask their identities. Unlike the US where filings to the policymaking process are collected online and made freedly available, no such database is available for the GDPR in the EU. As such, it is difficult, if not impossible, to know how and who influences policy in the EU.
GDPR´s impact on the advertising market in Europe
European media companies want to know how the GDPR would impact the market and their ability to compete with big American tech companies. Research from Reuters Institute and Oxford University on the tracking software on European news sites shows that the GDPR has rewarded the largest players at the expense of the small ones. Simply put, the impact to Google, Facebook and Amazon has been negligible while small competitors have suffered devastating losses of traffic and market share, which was already low by comparison. Cliqz notes that European ad tech firms are down in rank and market share by 18-32%. The lost traffic to small players has turned into increased market share for Google, Amazon and Facebook which have increased their market share in online advertising while smaller players, struggling to keep up with compliance costs, have seen their slice of the pie shrink dramatically. For small firms, this means that they don’t grow, and they don’t attract capital. Some shut their doors, and many never launch in the first place. This is the exact opposite of the stated goal of the GDPR.
A continued lack of evidence and transparency in the EU policymaking
Upon coming into office in 2015, European Commission President Jean Claude Juncker promised that science and evidence would be the cornerstones of his administration, and he even commissioned a report to document the value of the approach, Strengthening Evidence Based Policy Through Scientific Advice. Not only does the evidence-based approach help policymakers avoid making bad decisions, it also provides transparency and documentation to explain why one policy is superior to another. But the EU rarely works in an evidence-based fashion. Policymakers select their preferred policy first. The fact-finding process, if it takes place at all, comes long after the policy is implemented. After a decade of GDPR-type regulations—in which Europeans have endured intrusive pop-ups and disclosures on every digital property they visit – Europeans report no greater sense of trust online. As of 2017, only 22 percent of Europeans shop outside their own country (a paltry increase of 10% in a decade), demonstrating that the European Commission’s Digital Single Market goals are still elusive. Moreover, only 20 percent of EU companies are highly digitized. These are primarily large firms. Small to medium sized companies invest little to modernize and market to other EU countries. A European company has not appeared on Mary Meeker’s list of top internet companies since 2013.
The lack of a transparent, evidence-based approach allows the EU to make regulation behind closed doors. There is little to no documentation to influencers and no connection to problems and outcomes. As such, the increasing number of regulations in the EU do not translate into more jobs and economic growth, as politicians promised. It was not unreasonable that a basic regulatory impact assessment accompany the GDPR, but European politicians would not allow anything to deter their single-minded goal. Strand Consult describes how the EU rejects making regulatory impact assessments because the data does not support its predetermined policy.
The EU boasted about the GDPR being the “global gold standard”, but now some regulators are walking that back. Giovanni Buttarelli, the European Data Protection Supervisor, offers “GDPR is not the one of my dreams, it’s not perfect legislation…But it’s the best we could have hoped for.” It is probably too late for the EU to make data protection rules that work, but it’s not too late for the USA and LATAM, which are wisely watching the mistakes of the EU before promulgating new rules.