How much does GDPR matter? It’s a piece of EU regulation about data. In a normal world, it should have sunk without a trace. But we don’t live a normal world and somehow, somehow we live in a world where data privacy is a massive topic of contemporary debate.

Somehow, the stars have aligned to let this piece of regulation reflect the prevailing mood of 2018.

People often describe the internet economy as being a data economy. The largest players are the ones that built services users signed up for at unprecedented volume, partly because those services were so well designed and partly because they were free.

We now know that ‘free services’ weren’t free, they were giant machines designed to hoover up personal data. That data got turned into fuel for advertising — the real basis of the internet economy — which has made the tech giants and a million other web services giving away things people want for free both very wealthy and remarkably well-loved.

It’s only in the last 18 months or so that the consequences of harvesting data and selling it onto the highest bidder has become impossible to ignore and people have begun to turn on the tech giants. GDPR Day, May 25th, was another marker of that wider trend.

The funny thing about the online ‘data economy’ is that many of the household names that are associated with it didn’t even really know what to do with all the data people gave them. They figured it must be valuable, somehow, so stockpiled it and tended it and tried to sell it as many different ways as they could.

Twitter was founded in 2005 but only had its first ever profitable quarter at the end of 2017. Famously, Amazon didn’t see any growth in profit for the first twenty years of its existence.

The serious revenue that has fuelled the rise of tech giants came relatively late in the game — before that, the ‘value’ of those companies was speculative. Once they figured out how to monetize all that data, there was no catching up and the profits soared, but that made them a target. In 2016, political events pushed the concerns over the reach and impact of these companies into the mainstream.

By 2017, Buzzfeed’s Editor-In-Chief compared them to “oil prospectors and junk bond traders” while regulators from both sides of the political spectrum began to pursue ways to limit their influence. Which leads us to GDPR.

This is a massive piece of regulation that introduces three changes to the way companies now have to handle data:

Personal data is special and has to be handled with care; If you collect it, you now have to say what you’re going to use that personal data for; And you have to get rid of it once it’s fulfilled that use.

This impacts any company that works with personal data in the EU28. This includes the big players — even though they’re all US based — but also just about every business. Hotels collect personal data every time you check into them, for instance.

And any company with a newsletter? They need to make sure their mailing list is made up of people who actually signed up to receive it — hence all those emails that have been cluttering your inbox for the last couple of weeks.

What impact will it have beyond all the emails?

GDPR is about big companies and curbing the way they operate. It is also about setting values to underpin coming tech driven changes in Europe because there is a sense of toxicity around the whole tech/big data world right now that undermines not just any investment going into new technologies but also bigger, more nebulous, more fragile things like a sense of collective identity or belief in representative democracy.

One of the outsider politicians that have arisen in this digital age, Emmanuel Macron, just met with Mark Zuckerberg and focused his rhetoric on values.

He declared that Big Tech companies need to ‘give back’ to society, in the form of 3% digital tax, by policing their platforms more closely and taking into account their impact on social and political life. By establishing data privacy as a vital norm, emerging digital companies have to build their businesses on different models, as Mozilla’s Cathleen Berger pointed out in her blog on the impact of GDPR on the Internet of Things.

For everybody who has lost faith in the unchecked marvel of the free market (i.e. Millennials), this seems like a self-evidently positive development. Government regulation should curb the abuses of major corporations who are influencing politics and society. Of course it should.

Long time Connected & Disaffected listeners won’t be surprised to hear the other point of view on this: regulation is always bad because it makes markets less competitive.

The argument, as put forward in a very earnest paper from the Center for Data Innovation, is that Europe has hopelessly crippled its emerging AI economy by putting in place a stringent regulatory framework (for the privacy of its citizens, but let’s not get distracted by minor details). Chinese and American competitors will be lapping European companies in no time!

Let’s set aside the fact that European tech companies have never been a significant competitor in this space. What I found baffling about this paper is how divorced it is from reality beyond economics.

It primly chastises people for wanting their privacy protected — “policymakers and citizens in the EU should understand that the GDPR will come at a significant cost in terms of innovation and productivity” — before listing the nine different ways AI companies will be inconvenienced by this regulation. Because we all know that a healthy economy is and should be the primary aim of all legislation.

Swing and a miss.

Doc Searls put his thumb on the central concern of GDPR: “tracking people without their knowledge, approval or a court order is just flat-out wrong. The fact that it can be done is no excuse. Nor is the monstrous sum of money made by it”.

The EU has undoubtedly not solved the big problems of contemporary society in the digital age with GDPR. But at least they’re actually answering the right question. It will likely have unintended consequences, just as all major laws tend to. Some will be negative, some positive. There is no denying those conclusions the authors at the Center for Data Innovation came to.

What makes GDPR important is that it channels deeper values than designing the economy; it’s about trying to shape the society we want to live in.The last time I checked, attempting to perfect markets and markets alone hasn’t resulted in the strongest societies. Perhaps it’s time to reframe the problem.