With the GDPR firmly embedded in our company compliance programs, we might not have realized that it has not just changed our companies’ approach towards processing of personal data, but that it has also had a major impact on global privacy legislation. It has inspired similar approaches towards rights and safeguards of individuals’ privacy rights globally, but just as importantly: its extra-territorial scope is a big step in escalating the global shift towards digital protectionism and even stoke a global trade war of sorts whose global impact we are witnessing.
It is therefore not a stretch to say, that the GDPR has escalated a new form of global trade war, where instead of tariffs and taxes, we see privacy laws and mutual country adequacy decisions as weapons of choice.
Why Privacy Law Impact Goes Well Beyond Privacy
Given how the global economy operates, every business that somehow uses personal data of a particular country’s residents is obliged to comply with the country’s legislative requirements in some extent. This extraterritorial reach is present with the majority of global privacy and cybersecurity laws.
From a political perspective, the EU is leveraging the gravity of its huge market to push its requirements upon businesses and governments alike. Something strongly reminiscent of global trade war practices.
Data localization laws are a ‘protectionist’ strategy of the privacy trade war. They can be compared to import tariffs in terms of creating additional barriers to the foreign companies when processing the data of the country’s residents.
Privacy laws now serve twofold political purpose: i) to demonstrate state’s efforts in protecting its residents’ rights, and ii) to exercise influence over other countries and impose their own rules and requirements upon other states globally.
What Does this Mean For the Businesses and People in the Future?
While facing such additional costs and hurdles, it is certainly tempting to not take the new laws too seriously and adopt ‘wait and see’ tactics depending on enforcement. However, this would not be the smartest call for two reasons.
First, the global regulatory authorities are steadily boosting their employee numbers and doubling down on enforcement action. Second, it is not just the regulators who are much more vigilant now: consumers increasingly understand the part data has to play, and they want organizations to be accountable and transparent about what they’re doing.
In view of the recent flurry of privacy laws, technology is clearly becoming a necessary tool to help every global compliance program. As we are all aware, software solutions cannot solve every privacy and compliance issue for us, but they can effectively free up our hands for the important compliance tasks ahead of us. With the whole issue of a privacy trade war being sparked off by rapid developments of data use by technologies, it is only fair to have technology help us to overcome some of these newly posed challenges.