HomeWorld NewsGeopolitics looms large on data privacy horizon – Verdict
Geopolitics looms large on data privacy horizon – Verdict
September 1, 2023
Fines relating to the EU’s General Data Protection Regulation (GDPR) have risen drastically over the past two years, surpassing $4bn (€3.68bn) as of June 2023 amid concerns around artificial intelligence (AI) ethics, geopolitics and online harm, according to GlobalData’s Thematic Intelligence: Tech Regulation report.
The EU’s Digital Market Act (DMA) poses the most significant threat to large online platforms, which have been forced to operate under heavier regulation across Europe and worldwide as data has become increasingly intertwined with national security.
Disruption of the Big Tech monopoly
Big Tech companies have been far from exempt. In May, Meta was fined a record $1.3bn for transferring European Facebook users’ private data to the US, while Amazon also received a $750m fine from Luxembourg authorities in 2021.
Through the conduit of the GDPR, the EU has been a primary adopter of technological regulation – evidenced again on 14 June when the bloc passed the EU Artificial Intelligence Act, the first global legislation on AI.
GDPR enforcement is changing the landscape of digital advertising and could see the “end of the Meta-Alphabet duopoly”, according to the report. Apple’s decision to let users choose if they want to be tracked is a prime example of market disruption driven by data regulation.
From 2024, Google will end support for cookies in the Chrome browser, delivering what the report describes as “the final blow to behavioural targeting”, an advertising practice mired in privacy concerns around tracking search activity and harvesting data without explicit consent.
Geopolitical tensions drive global tech regulation
As animosity continues to fester between Beijing and Washington, Sino-US sanctions are becoming increasingly problematic for CEOs of AI and tech companies.
Among Chinese AI companies, Megvii, SenseTime and Hikvision stand to lose most from US sanctions, particularly since the US Department of Commerce placed the trio on its Entity List.
The blacklist, which requires US organisations to apply for licenses before doing business with listed companies, also contains Shenzhen-headquartered telecommunications giant Huawei. The Justice Department charged Huawei with financial fraud, technology theft and violating US sanctions against Iran in 2019.
Multinationals that rely on China for a significant chunk of sales – such as Nvidia, AMD and Apple – are also at risk. But as a trend, tech regulation transcends the EU and US, spreading to nearly three-quarters of countries worldwide, according to UNCTAD.
Countries including Russia, China and India – which once permitted international data transfers whenever foreign third parties are deemed to provide adequate protection – have now put data localisation laws in place.
Russia was the first country to enshrine data localisation in its data protection framework. Overseen by Roskomnadzor, a super-regulator with extensive federal law powers and entangled Kremlin influence, Russia’s data laws inspired China and India.
Similar to the GDPR, China’s Personal Information Protection Law (PIPL) restricts cross-border data transfers, authorising fines of up to $7m or 5% of a company’s turnover from the previous financial year.
India, meanwhile, is in the process of approving a Digital Personal Data Protection Bill tabled in July 2023. This replaces a 2021 proposal that was unexpectedly shelved following criticism by human rights groups for giving the government excessive control over personal data.
As data regulation becomes progressively more stringent across geopolitical agendas worldwide, from the expanding BRICS alliance to the upcoming New Delhi G20 Summit in September, companies specialising in adaptive – and potentially invasive – technology will have to keep a close eye on legislation, restrictions and sanctions.