Premium

It's time to press delete on Europe's failed data protection rules

GDPR

Technology start-ups are booming across the Continent. Consumers are feeling safer and more secure online. Politics is becoming calmer, more reasonable, and more rational while competition is increasing and choice is being expanded.

One year on from the introduction of the massively expensive GDPR legislation across Europe presumably we have far better control over the internet and technology is serving society rather than the other way around.

After all, it has cost somewhere between $10bn (£8bn) and $20bn to implement, so it should have achieved something.

Except, it doesn’t quite look like that. Instead, venture capital investment has been crippled, the existing web giants are more dominant than ever, competitiveness has been shattered and Europe is falling even further behind in the single most important technology of our industry.

In truth, the cumbersome rules on data protection have turned into a classic case study in how the European Union keeps making bad laws that entrench existing companies, stifle competition and hurt consumers.

It is hard to imagine anyone will be celebrating the date but Saturday marks the first anniversary of the introduction of the cumbersomely named General Data Protection Regulation.

Imposed on the whole of the EU, it was a sweeping reform of the rules governing the internet, and forced companies to scramble to make everything from email lists to data storage completely secure and voluntary and to protect the way companies track us and communicate with us.

We all started being barraged by pleas from online business for permission to contact us, and accept data tracking, and some websites in the US and Asia even started blocking Europeans, so draconian were the potential penalties for any breach of the rules. It was expected to set a global standard for the regulators worldwide.

For all that hassle and expense, you might have hoped for some improvement in the way the internet operates. The trouble is, there isn’t much sign of it so far. In fact, in some ways it seems to have made it worse.

Take venture capital investment for example. A study led by Jian Jia of Stuart Business School found that following the introduction of the new law there was a 17pc overall drop in funding for European companies compared with their American rivals, and for companies less than three years old (the potential stars of the future) the decline was almost a fifth.

Overall, the paper estimated an 11pc drop in new jobs created in the technology sector as a result of the new law. Why? Because the rules are so cumbersome, a start-up couldn’t afford to comply.

Or take the dominance of big companies. Rather than getting smaller, that problem seems to be growing. In the UK, for example, Google and Facebook’s combined share of the digital advertising market has risen in the past year, not fallen, and now stands at 64pc compared with 59pc in the United States.

The same is true in most other European countries. The really great thing about the web was the way it levelled the playing field between small and big firms. GDPR tilted it back in favour of the old giants.

Sure, consumers need to be protected. And yet there isn’t much evidence that the occasional bit of spam in your email box was really that terrible, and no one was dying from a few data breaches.

In truth, the legislation of data protection is a perfect example of how the EU steadily erodes the competitiveness of Europe.

Its natural way of operating is to force through lots of overly complex regulations driven by lobbyists and pressure groups, most of them generously funded by existing dominant corporations, all of which ends up costing smaller companies money, suppress entrepreneurship, and curb competition.

In themselves, none of them are fatal. The world doesn’t grind to a halt. But it does spin a bit less quickly. The net result? A moribund economy, with a pitiful rate of start-ups, and hardly any tech stars to speak of.

The best thing the EU could do is admit GDPR has been a costly failure and repeal it as quickly as possible – before it does any more damage.