Alec Stapp on GDPR

By Tyler Cowen

Here is just one segment of an excellent piece:

Compliance costs are astronomical

  • Prior to GDPR going into effect, it was estimated that total GDPR compliance costs for US firms with more than 500 employees “could reach $150 billion.” (Fortune)
  • Another estimate from the same time said 75,000 Data Protection Officers would need to be hired for compliance. (IAPP)
  • As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. (Joseph O’Connor)
  • Microsoft had 1,600 engineers working on compliance. (Microsoft)
  • During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. (Quartz)
    • However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” (The Washington Post)
  • “About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” (The Washington Post)

And another part:

Unseen costs of foregone investment & research

  • Startups: One study estimated that venture capital invested in EU startups fell by as much as 50 percent due to GDPR implementation. (NBER)
  • Mergers and acquisitions: “55% of respondents said they had worked on deals that fell apart because of concerns about a target company’s data protection policies and compliance with GDPR” (WSJ)
  • Scientific research: “[B]iomedical researchers fear that the EU’s new General Data Protection Regulation (GDPR) will make it harder to share information across borders or outside their original research context.” (POLITICO)

Do read the whole thing.