GDPR and the Law of Unintended Consequences

26 Jun 2017 | By Petteri Vainikka

Many things start with good intentions, but some end up causing more harm than benefit.

With less than 10 months to go until the GDPR becomes effective across the EU, there is a very real risk that the newly minted regulation will end up merely boosting the already monopolistic online businesses of Google, Facebook, Apple, and Amazon — thus further eroding any chance of fair competition from smaller online companies, such as national publishers, retailers, and marketers.

Armed with a borderline unfair access to incremental — as well as already accumulated — consumer data across their omnipresent consumer services, all with 1st party cookie privileges and most even with deterministic sign-in authentication, any regulation restricting data portability and exchange across online ecosystems by large will only propel those who by design are self-sufficient regarding their consumer data needs. Should a new data niche emerge that is outside of their Walled Gardens, it will only be a temporary matter — easily set right by an acquisition of the missing data asset.

So how can regulation designed to prevent the online ecosystem from becoming dominated by a select few American data titans — while guaranteeing European consumers far more control over their data than they have now — actually make the existence of all but a select few incumbent giants even more distressed that it already is?

 

Peer-to-peer data exchanges are critical

The answer lies of course in the data. And to be more specific, in the possible hurdles the new regulation may impose on the necessity of not only allowing for, but encouraging, frictionless transfer, sharing, and pooling of data across multiple independent smaller publishers, retailers, and other marketers. In other words, incubating so-called Peer-to-Peer (P2P) data exchanges that are vital for all smaller business to thrive and remain competitive in the online ecosystems.

So what exactly is Peer-to-Peer data? And why is it as critical as frictionless online payments and ubiquitous online access for the future of vibrant online ecosystems; ones where local and national companies can mutually coexist in fair competition with the handful of U.S. multinational titans?

 

What is peer-to-peer data?

Peer-to-Peer data, also called 2nd party data, is anonymous data — most commonly in the form of audience segments — that is deliberately, transparently, and securely exchanged between two friendly parties. These parties, or peers, willingly engage in an agreed and governed data exchange involving either one party’s 1st party data being licensed to the other, or, both parties’ 1st party data being licensed reciprocally. They choose to do so because no one alone has all the data they really need; in particular not unless they are one of the data titans.

Without the ability to securely and privately exchange data assets for mutual benefit amongst each other, it is hard to see how European publishers or marketers compete in an ever more data-driven digital future. For European businesses — and thus European economies, and with them European citizens — to thrive, Europe needs to embrace open, transparent, and frictionless data sharing models; not prevent data from driving tangible business value also for national scale businesses. There is today a very real concern that GDPR, together with the still fluid EU Cookie Law, will impose severe restrictions on data portability, and this to the emergence of value-creating Peer-to-Peer data exchanges in Europe.

Is such a clear call for a flourishing European Peer-to-Peer data exchange economy at odds with the need for stricter governance on consumer data handling and privacy? Of course not.

 

Balancing P2P data exchange with consumer privacy

Consumer privacy, which rightfully concerns itself with personal information (PII), and not with anonymous data (non-PI), needs to be balanced with what is best for consumers at large. Needless to say, maintaining fair competition, ensuring the continuation of a thriving national and local business sector, and affording companies of all sizes the ability to capitalize and leverage data in an ever increasing variety, is in the best interest of every European citizen.

So is protecting citizens’ right to their personal data equally of course. But herein lies the important distinction that is now at risk of being lost in the turmoil: cookies, and other forms of anonymous device identifiers — along with segments of devices exhibiting similar characteristics — are not personal information, nor should they be considered as such.

By possibly extending the scope of personal data to also include cookies and other clearly anonymous forms of device identifiers, Europe would yet again give U.S. data titans the upper hand across all European based businesses. Doing so would be the biggest mistake in EU digital policy ever.

 

The views and opinions expressed in this article are those of the author alone and do not necessarily reflect the official policy or position of Cxense ASA.

 

CONNECT WITH A CXENSE DATA EXPERT

 

About the author

Petteri Vainikka is VP of Strategic Business Development at Cxense. Prior to Cxense, Petteri was a co-founder of the Finnish game company Rovio, which developed the hit mobile game Angry Birds. He's a recognized digital advertising and marketing speaker and thought leader, and is driven by the thrill of using cutting-edge technology in unconventional ways.