You’ll hear it mentioned in boardrooms, and in design sessions for company products and services around the world:
It’s the GDPR, Europe’s all-encompassing privacy law requiring companies to treat the personal data of European citizens with care. It’s unprecedented in various ways – for instance, teres nothing like it in the U.S. at large, although California has made it own similar law.
Today, we have new reports that European and American groups have backed the idea that parties can target some of the top U.S. FAANG tech companies for violations of these types of privacy laws. That comes through analysis and current exposition of the Digital Markets Act drafted under the aegis of European Commissioner Margrethe Vestager.
“The draft DMA sets out a list of dos and don’ts for online gatekeepers, in effect targeting Apple AAPL.O, Alphabet GOOGL.O unit Google, Facebook parent Meta FB.O, Amazon AMZN.O and Microsoft MSFT.O.,” writes Foo Yun Chee at Reuters. “It only allows business users to sue violating companies.”
Cited in the report are Privacy International, ADD and the European Consumer Organization (BEUC) – for its part, the BEUC has been researching data related to the business practices of these mega-firms, considering various compliance issues.
Stateside, there’s also the Center for Digital Democracy and the Consumer Federation of America; although the U.S. Congress has not been able to draft an “American GDPR,” different advocacy groups are active in calling for one.
Other signatories include European universities such as the Vienna University of Economics and Business (WU Wien), where researchers have made this statement as part of a joint project:
“In our increasingly digital societies, data is perceived as a key resource for economic growth. Among the highest-valued corporations today, many have business models that are essentially based on data of or about their users. This development has raised serious concerns about individuals’ right to privacy and their ability to exercise control over their own data, as well as about the broader shifts of power between data subjects and data controllers that this development entails. Consequently, European policy makers have passed the General Data Protection Regulation (GDPR), which has imposed stricter regulations on personal data handling practices within the EU.”
All of this underscores the reality for American tech companies that may have European users, or deal with European data in some way – follow the laws as they have been made, and comply with the standards for a more protective technology environment.
Factor this into your tech-related holdings in your portfolio.