Let’s get ready. After long battles with American tech companies, the European Union just ratified a new set of laws regarding privacy which are extremely though. Those regulations will make it hard for big tech companies to comply without a lot of efforts, changes and money. For small startups, it will create important compliance barriers to enter the European market.
Some of the new regulations adopted by the EU are:
- You need to be at least 16 to decide to use a service such as Twitter, Instagram or Facebook without parental consent (it was 13 before). Let’s be clear, this is quite hard to put in place as teenagers can simply lie about their age when they register.
- The “right to be forgotten” is a key part of the new regulations. This gives the right for everyone in the EU to ask the service provider to remove any data about them which is no longer up to date or that they simply don’t want to be public. To an extent this is good because you might want to remove some of the information about yourself online. But this could come with a high price tag if companies constantly need to remove every little information that consumers created and shared in the first place. Not good for the scalability of the digital world.
- Regulators will be able to issue heavy fines to companies for any breach of compliance. If you are Facebook with more than a billion user, being 100% compliant all the time is hard as exceptions and new cases arise constantly. For small companies, this could mean the end to their dreams from one day to the other. It’s dangerous and could be disproportionate.
- Companies will be required to report breach of sensitive information within 3 days. This is more aggressive than in the US.
To make things more difficult (or sometimes better depending on your side), countries within the region will have significant leeway to adapt or modify some of these specific provisions. This means that it might be easier to comply with privacy laws in some countries than in others. It increases compliance cost and will make some developers absolutely crazy as the number of exceptions and use cases per country will increase exponentially. This also hampers the whole concept on the European Union as one large and consistent market to do business with.
Privacy will remain one of the important topics in the coming years as the digitalization of the world necessarily creates issues. The fact that the EU adopted today a large number of regulations just show to which extent regulators are ready to go to protect individual privacy. The objective behind it is important and respectable . Still, the way these laws impact the day-to-day operations of companies is probably misunderstood by regulators which are not always tech savvy. It is always better for the public and private sectors to closely work together to find appropriate solutions rather than having one-sided decisions.