Benefits of data protection regulation come at a price

Any kind of regulation that limits a variety of human activity will likely stifle innovation

The success of General Data Protection Regulation (GDPR) as a legislative firewall against the exploitation of individuals’ digital rights to privacy is critical if we are to avoid a dystopian future of constant government surveillance and corporate interests invading our very existence. Sadly, however, it is a few bad apples ruining it for everyone else because, believe it or not, some groups out there would like to use our data for good.

GDPR is arguably the most citizen-focused government initiative seen in the west for decades. Politics for the people is a rare thing in capitalist society. Corporate interests trump individual rights more and more. GDPR is one example of EU governance we should all get behind.

Still it has its shortcomings. When this year's Nobel Prize winner for chemistry, Dr John Goodenough, was asked if he knew his invention of the lithium-ion battery would become the most significant invention of our time, he responded with cautious confidence. "I am grateful to have had the opportunity to touch so many people's lives through my work," he said. "But technology is neutral. What mankind chooses to do with it is another story."

In other words, the data itself isn’t the problem. What we do with it is indeed another story.

Just for context, according to Forbes the amount being produced daily is literally baffling. It is estimated that approximately 2.5 quintillion (2,500,000,000,000,000,000) bytes of information are generated on the internet every day. That is significantly more than a trillion, or even a "Brazilian" as former US president George W Bush liked to say.

An estimated 90 per cent of the data held on servers worldwide was generated in the last two years. The growth of the internet of things will only inflate these figures all the more in the years ahead.

This data is valueless without the tools and expertise to make sense of it. Those who do understand how to interpret it can make a pretty penny, nay a quintillion pennies from it.

Data and the digital age more generally has rendered the “economy of scale” principle obsolete. In 2020, “economy of access” to citizens’ private digital data is the new key to commercial growth for some sectors.

It’s difficult to have any sympathy for the majority of arguments made against privacy regulations: the additional costs for businesses and other organisations, the fact that advertising and marketing companies will not be able to better “serve” the consumer through the delivery of more relevant adverts and a more personalised user experience, etc. Boo hoo!

But any kind of regulation that limits any kind of human activity will likely stifle innovation. And there are huge opportunities to find solutions to society’s biggest challenges – new therapies for cancer, water scarcity, deterioration of mental health, improving living standards for the most vulnerable in society – were data science experts in healthcare or computational scientists in environmental engineering to enjoy an economy of access to private data.

Can the end justify the means?

Let me be clear. I do not believe the end justifies the means. The pros of GDPR far outweigh the cons. But the cons are still worth considering.

Article 89 of GDPR makes allowances for scientific and historical research and other initiatives deemed to be in the public's best interests, but there is no explicit exception for non-profit organisations. So if a US-based charity is deemed a provider of "goods and services", say by hosting a global conference or meeting in the European Union, or keeping track of online behaviour of EU residents who visit their website, they must follow the rules too.

Non-profits and other philanthropic groups are particularly vulnerable if they are found to violate the rules. The negative publicity generated from a data privacy breach is enough to ruin a charity’s reputation overnight.

Many non-profits are small operations with a focus on the challenges faced beyond the digital world – usually on behalf of the most vulnerable in society. They barely have IT staff, let alone dedicated cybersecurity staff.

In the US, groups such as Data 4 Black Lives use data in a bid to create a more equitable world and try to highlight the inherent biases in many algorithms used by banks, mortgage lenders and search engines. The movement has grown and no longer advocates solely for black people. This kind of initiative is a forward-thinking, hugely beneficial act of charity. We would not want such innovative and altruistic thinking to be scared off by GDPR.

Who will be worst affected by the EU's brave united front to protect its digital citizens? Marketing and advertising firms, Facebook, Google and other members of the social media oligarchy. I shed a tear for them. I really do. GDPR will be remembered as one of the most laudable actions the EU has ever taken on behalf of its citizens. But it comes at a price.