Understandably, corporations are becoming increasingly concerned about the impact of the European Union (EU) General Data Protection Regulation (GDPR), which is set to go into effect in May 2018. According to the conventional wisdom in the mainstream media, the GDPR will establish a fundamentally new regulatory regime that will “lock up” data, bring about a chilling effect on economic expansion and dampen EU GDP growth.
But is that really the case? Participants at a recent GDPR Innovation Briefing in Europe tended to take the view that the GDPR would actually help – not hurt – the European economy. At the event, Wojciech Wiewiorowski, Assistant Supervisor at the European Data Protection Supervisor (EDPS); Martin Abrams, Executive Director & Chief Strategist for the Information Accountability Foundation (IAF); Hilary Wandall, General Counsel & Chief Data Governance Officer at TrustArc; and Gary LaFever, CEO at Anonos, weighed in on the key dimensions of the GDPR in terms of EU GDP growth.
The GDPR is not a fundamentally new way of looking at data
While the GDPR does shift the responsibility for data protection from individuals to corporations, it does not represent a fundamentally new way of looking at data. The goal is not to “lock up” data and keep corporations from using it. Rather, the goal of the GDPR is to make corporations better data stewards, fully aware of the responsibilities that they have for their data subjects (i.e. consumers).
This is very important from the perspective of economic efficiency and productivity. It will make corporations much more aware of data ecosystems within industries, and how the flow of data within that ecosystem poses both risks and rewards for customers. It will be incumbent upon corporations to ensure that the rewards far outweigh the risks, and that will force them to establish a more holistic way of looking at data. In fact, it’s possible to argue that companies will be more willing – not less willing – to embrace technology such as artificial intelligence if it can help them address privacy and data protection concerns.
“Thinking about data” is very different from “acting on data”
Within the regulatory world of data protection, there is an important distinction between “thinking about data” and “acting on data.” As Martin Abrams outlined at the GDPR Innovation briefing, the fact that “thinking with data” is generally not regulated has been a huge competitive advantage for the United States, and something that Europe should keep in mind.
“Thinking about data” refers to the ability to spot trends, establish correlations between data points and pull out the important stories that the data is telling. So the good news is that it appears that that any enforcement of the GDPR will focus more on how companies act on data, rather than how they think about data.
As experts such as Abrams have pointed out, this is more akin to the U.S. regulatory regime for data, which places few barriers on merely “thinking about data.” This has enormous implications for companies, because many of the innovations coming in fields such as machine learning and artificial intelligence (AI) are based more on “thinking about data” rather than “acting on data.” Thus, the impact on the growth trajectory of the Internet of Things and artificial intelligence (AI) may be much less than currently assumed.