Six months in, Europe’s privacy revolution favors Google, Facebook

November 23, 2018

GDPR awakened the world to the importance of data — but it’s dampened investment in European tech startups.

Europe’s sweeping new privacy rules are fueling an explosion in complaints by individuals, reports of data breaches by companies, and greater awareness among Europeans about data protection.

But six months after coming online, research suggests the General Data Protection Regulation (GDPR) has also dampened investment in startups on the EU tech scene. Big companies like Google and Facebook are more dominant than ever in their markets, and no Silicon Valley giant has yet felt the sting of eye-watering financial penalties linked to the rules as regulators struggle to keep up with an increased workload.

These are some early lessons from the EU’s half-year experience with an unprecedented new privacy regime that U.S. lawmakers are considering whether to adopt, albeit in very different terms, according to conversations with senior EU officials, data protection watchdogs, privacy professionals, investors, entrepreneurs, lawyers and private citizens in several European countries.

Key findings include:

— More than 57,000 complaints have been lodged with national data protection watchdogs around the bloc over potential data misuse and more than 27,000 organizations have reported data breaches under the rules’ 72-hour time limits. National watchdogs are conducting dozens of investigations, including into the biggest U.S.-based tech firms.