Skip to main content
An Iphone demonstrates its digital assisstant Siri.
TechTank

A case against the General Data Protection Regulation

On May 25, the European Union started to enforce the General Data Protection Regulation (GDPR). As my colleague, Tom Wheeler, puts it “GDPR sets the New Digital World Order” by requiring the industry to fundamentally change its business processes and offer privacy by default and data protection by design. Rather than collecting as much data as possible, businesses are now required to collect only the minimum amount of data they need to offer a particular service. The effects of this new policy will spread beyond the EU. Since the requirements cover all data collected from EU citizens, American corporations that do business in the EU or with EU partners will have to comply with the GDPR.

Changing data collection, sharing, and analysis processes places significant financial burdens on business. For example, businesses cannot transfer an individual’s data out of the EU unless they have obtained explicit consent and have put adequate safeguards in place to ensure the security of transfer. Furthermore, they have to promptly notify citizens in case of a breach and allow sharing of data between entities upon request of an individual.

A major step forward?

While GDPR is widely perceived as a major step forward, it is not yet clear how much of a meaningful impact it would have on consumers’ privacy and whether it will ultimately lower the cost and raise the quality of the services they receive. GDPR could increase the cost of the services that consumers are so used to receiving free of charge. In the pre-internet era, services cost actual money. With digitization, consumers are now able to pay for the services they receive with their private information rather than their money.

We can connect with our friends and family on Facebook without having to pay Facebook in dollars because instead we are paying Facebook with our private information, which then allows the social network to generate a source of revenue off it. By limiting the capability of Facebook to collect and use such data, GDPR effectively limits the ability of consumers to pay for such services with their private information. The obvious result is that Facebook has to either reduce its “free” services or start charging subscription fees in order to remain profitable.

Less data, lower quality

The other rarely discussed consequence of GDPR is the lower quality of services and products. An obvious example is the relevance of the search results on Google. Without collecting extensive data on users and their preferences, Google will not be able to provide its users with tailored and highly relevant results every time they enter a search phrase. Targeted advertisements are another example; according to a recent PWC report, a 9.9 percent compound annual growth rate from 2016 will make online advertising a $116 billion market by the end of 2021. A further example is Amazon’s Alexa and Apple’s Siri. These artificial intelligence inventions become smarter with the amount of data they collect and analyze; with limited collection and analysis of personal data, Alexa and Siri would be much less intelligent.

Finally, it is worth noting that despite the growing concerns over privacy, in reality, people continue to share more of their data not because they have to but because they want to. No one needs to provide their HIV information on Grindr, and despite peer pressure and social expectations, no one’s life will be disrupted if they choose not to sign up for Facebook or not to use Amazon Alexa. Instead, people give up their information to enjoy the benefits of these services at a much higher quality and a much lower cost. Without sharing personal information, we would never have social networks, our search engines would return irrelevant results, and Amazon Alexa would be much less intelligent. They would all be available at a much higher price, if at all. By setting strict yet unnecessary privacy restrictions, GDPR creates an illusion of privacy for a few at the expense of the many.


Apple, Google, Facebook, and Amazon are donors to the Brookings Institution. The findings, interpretations, and conclusions posted in this piece are solely those of the authors and not influenced by any donation.

Get daily updates from Brookings