The most talked about legislative piece last spring was undoubtedly the General Data Protection Regulation, or GDPR as it is known, which came in force 25 May 2018. As a regulation, it applies directly to all of the EU member states.
Why did we need the GDPR, which if to believe popular opinion is an act of pointless bureaucracy, doesn’t improve the protection of privacy rights of individuals and increases the administrative burden of companies?
Data volumes increasing at light speed
Data protection legislation is needed to regulate a market that has grown from a single IP message between two laboratories 50 years ago – yes the internet has reached middle age – to creating 2.5 quintillion bytes a day. There are 5 billion internet searches done every day, half of them on mobile phones and 77% using the Google search engine. Every minute there are half a million tweets on Twitter, 50,000 photos are added to Instagram and over 4 million YouTube videos are watched. And the data volume is growing fast; 90% of the data in the world today was created in the past 3 years. As there are more devices joining the market – smart cars, smart meters, smart fridges – the growth is accelerating rather than slowing down.
Controlling data is key to market influence
The data volume alone would trigger the need for market regulation and when we look at the most valuable companies by market capitalisation in 2018 the need for regulation becomes even clearer.
- Apple ($881.98 billion)
- Microsoft ($803.09 billion)
- Amazon ($739.46 billion)
- Alphabet ($711.94 billion)
- Alibaba ($387.61 billion)
- Facebook ($378.05 billion)
Apple and Microsoft as producers of hardware and software, Amazon and Alibaba as retailers on the internet are improving the tried and tested business models with the use of data but the business model of Alphabet and Facebook is data, your personal data that is collected via proprietary algorithms for unclear purposes. This kind of processing of personal data is contrary to fundamental rights to private life and personal data protection inscribed in articles 7 and 8 in the Charter of Fundamental Rights of the European Union.
Single rules should promote development of data markets
The first data protection legislation in the European Union was approved in 1996. The Data Protection Directive as a directive gave much leeway to member states when implementing local data protection laws, resulting in very mixed legislative norms across the EU. When we take into the consideration that in 1993 there were 600 website in the world and in 2018 2.5 quintillion bytes of data were produced a day, then it is clear that a 1996 directive was lagging far behind the market realities.
The GDPR was created to strengthen the protection of fundamental rights of individuals, to modernise data protection, to enhance the transparency of the data market and to harmonise the data protection system across Europe improving international data markets through clearer data protection regulation.