|
Eakinomics: Privacy
at all Costs?
Guns versus butter. Vacation versus college education. Twizzlers versus
cabernet franc. Economics is all about deciding among alternatives and
evaluating the tradeoff of adding more of one option at the expense of the
other. AAF’s Jennifer Huddleston has a new piece on privacy regulation reminding us that the
same tradeoffs exist when protecting rights. Huddleston makes three main
points.
First, the more stringent is the privacy regulation, the more costly is
complying with the law. Huddleston reports that “according to a 2017 PwC survey more than 40
percent of responding firms spent over $10 million on GDPR compliance
efforts. A 2018 EY and International Association of Privacy
Professionals report found companies reported spending an
average of $1.3 million per year on GDPR compliance costs. These costs are
undertaken not only by European companies but also by U.S.-based companies
with an EU presence.” As U.S. states such as California, Virginia, and
others implement their own privacy regulation, complying with the expanding patchwork becomes increasingly
costly.
Second, the costs of compliance hamper other economic objectives. The fixed
costs of compliance are a greater burden on startups and young firms, raising
the specter of reduced economic vitality. The compliance resources come at
the expense of investment and employment. Huddleston notes that a “National Bureau of Economic Research (NBER) working
paper found that venture capital investment in small and
micro companies decreased by $3.4 million per week following GDPR’s
enactment. This finding is not surprising since investor confidence about
such companies’ ability to comply, given the costs associated with
compliance, has understandably been shaken.” The same paper estimated that
GDPR cost 3,000 to 30,000 new jobs.
Third, increased privacy protection can come at the expense of other
rights and values. To begin, the amount of privacy a person prefers is a
choice, and the regulatory regime preempts that choice. But there are others
that I hadn’t appreciated. Huddleston notes that: “For example, an EU-style
'right to be forgotten' can force the removal of online content and could be
abused to silence dissenting voices or journalists.
Other concerns could arise as well regarding, for example, the ability to notify consumers during a product recall if
companies are limited in their ability to collect or retain certain
information.” These tradeoffs extend well beyond just the standard
conversations around online platforms as even numerous cross-border
scientific studies have found themselves caught in GDPR compliance quagmires.
Greater privacy is often portrayed as an unambiguous good. Huddleston’s piece
is a reminder that there are always tradeoffs in making policy decisions.
|
No comments:
Post a Comment