Connect with us

Business

Europe’s tough new data-protection law

Published

on

BOOK clubs usually meet to discuss literature. But members of DataKind, a group of volunteers that helps charities use data to improve their services, are gathering in London to study a legal text. The General Data Protection Regulation (GDPR), set to come into effect on May 25th, is arguably the most complex piece of regulation the European Union (EU) has ever produced. A thick print-out includes its 99 articles and 173 preliminary comments. Gianfranco Cecconi, a data scientist leading discussions, is poring over a lengthy section he has annotated in red pencil.

After years of deliberation on how best to protect personal data, the EU is imposing a set of tough rules. These are designed to improve how data are stored and used by giving more control to individuals over their information and by obliging companies to handle what data they have more carefully. Recent revelations that Cambridge Analytica acquired data on Facebook users in underhand, and possibly illegal, ways has underscored the need to tighten lax regimes. On April 4th Facebook raised its estimate of the number of people involved from 50m to 87m and admitted that many more may have had their details scraped from its website.

Mr Cecconi is not alone in trying to get to grips with the GDPR. The tentacles of the new regulations reach far beyond Europe. It applies to businesses and other organisations around the world if they collect or process the personal data of EU residents.

Unsurprisingly, there are many complaints from companies about the law’s complexities and the bureaucratic burden it will impose. Critics also argue that the GDPR will stymie innovation in Europe: for instance, by making it more difficult for firms to develop artificial-intelligence services, for which data are the main input. When firms launch a new offering, they may have to ask people again whether they can use their information even if they have already stored it (although the GDPR allows for use of data for scientific and statistical purposes without further consent in some cases).

Yet amid the gripes, there are also positive noises. “The text is actually quite easy to read and it makes organisations like ours aware of the data they hold,” says Mr Cecconi of Datakind. “It has helped us to put our data house in order,” agrees Daniel Ross, a lawyer at Allscripts, an American firm that helps hospitals and doctors manage electronic health records. The unexpected welcome stems from the fact that the GDPR is “two-faced”, in the words of Viktor Mayer-Schönberger of Oxford University. It imposes costs but also structure.

The new law was mostly written by privacy-conscious Germans. Consent to collect and process personal data now has to be “unambiguous” and for “specific” purposes, meaning that catch-all clauses hidden in seldom-read terms and conditions, such as “your data will be used to improve our services”, will no longer be sufficient. “Data subjects” can demand a copy of the data held on them (“data portability”), ask for information to be corrected (“right to rectification”), and also request it to be deleted (“right to be forgotten”).

The GDPR is prescriptive about what organisations have to do to comply. They have to appoint a “data-protection officer” (DPO), an ombudsman who reports directly to top management and cannot be penalised for doing his job. They also have to draw up detailed “data-protection impact assessments”, describing how personal data are processed. And they have to put well-defined processes in place to govern the protection of personal data and to notify authorities within 72 hours if there is a breach. Companies that persistently ignore these rules face stiff fines of up to €20m ($25m) or 4% of global annual sales, whichever is greater.

As a result the GDPR ensures that all organisations which collect and keep data will take their use (and abuse) much more seriously. Take the fines. Under the GDPR’s predecessor, an EU directive dating from 1995, fines were negligible. The upshot was that firms gave data protection little attention and few resources. But the risk of hefty penalties has raised privacy to a board-level matter. “We have support from the top down,” says Susan Bandi, who is in charge of data security and privacy at Monsanto, an agrochemicals company.

The GDPR obliges organisations to create an inventory of the personal data they hold. With digital storage becoming ever cheaper, companies often keep hundreds of databases, many of which are long forgotten. To comply with the new regulation, firms have to think harder about “data hygiene”, explains Ms Bandi: what type do they have, what are the risks in keeping the data, how do they have to protect them and, not least, do they really need to keep them?

Mastercard, for instance, has built portals for card holders to check what data are being kept. Efforts of this sort have made the company “more mindful” about how it treats personal data, says JoAnn Stonier, Mastercard’s chief data officer. Such mindfulness will spread. Firms have to make sure that businesses from which they receive personal data, and ones to which they send such information, are also in compliance. The idea is that the GDPR should become self-policing.

As the requirements for handling personal data become more testing, many organisations will increasingly outsource the task. According to Richard Hogg, IBM’s “GDPR evangelist”, they will eventually “run their business without even touching such information at all.” IBM uses artificial intelligence to sift through a firm’s contracts with business partners to find any privacy clauses that need upgrading. Teaming up with Mastercard, IBM also recently set up a data trust called Truata that offers to manage, analyse and protect data on behalf of other companies.

Many of Microsoft’s products also come with data-protection features. Azure, its computing cloud, offers tools that help firms with data-subject requests. To get there will take some time, but the GDPR is clearly speeding up the construction of a global “privacy infrastructure”, in the words of Peter Swire of Alston & Bird, a law firm. The big questions are how far and fast this infrastructure will extend.

So far, of the many companies that need to comply, nearly 60% are not ready, according to some estimates. In some cases, cluelessness is the cause. Many smaller firms, says Liz Brandt of Ctrl-Shift, a privacy consultancy, do not have the resources to organise themselves, at least not in the time European lawmakers have given them. Others are simply content to wait and see what transpires.

Indeed, the eventual impact of the GDPR will largely depend on how regulators and courts interpret the requirements. “The legislation is four to five times more complicated than existing law,” says Eduardo Ustaran of Hogan Lovells, a law firm. “We’ll probably spend the next 20 years figuring out what it means to be compliant.” Mr Cecconi’s optimism may fade if his book club is meeting to analyse the GDPR’s text for years to come.

Source link

Business

Japan still has great influence on global financial markets

Published

on

IT IS the summer of 1979 and Harry “Rabbit” Angstrom, the everyman-hero of John Updike’s series of novels, is running a car showroom in Brewer, Pennsylvania. There is a pervasive mood of decline. Local textile mills have closed. Gas prices are soaring. No one wants the traded-in, Detroit-made cars clogging the lot. Yet Rabbit is serene. His is a Toyota franchise. So his cars have the best mileage and lowest servicing costs. When you buy one, he tells his customers, you are turning your dollars into yen.

“Rabbit is Rich” evokes the time when America was first unnerved by the rise of a rival economic power. Japan had taken leadership from America in a succession of industries, including textiles, consumer electronics and steel. It was threatening to topple the car industry, too. Today Japan’s economic position is much reduced. It has lost its place as the world’s second-largest economy (and primary target of American trade hawks) to China. Yet in one regard, its sway still holds.

This week the board of the Bank of Japan (BoJ) voted to leave its monetary policy broadly unchanged. But leading up to its policy meeting, rumours that it might make a substantial change caused a few jitters in global bond markets. The anxiety was justified. A sudden change of tack by the BoJ would be felt far beyond Japan’s shores.

One reason is that Japan’s influence on global asset markets has kept growing as decades of the country’s surplus savings have piled up. Japan’s net foreign assets—what its residents own abroad minus what they owe to foreigners—have risen to around $3trn, or 60% of the country’s annual GDP (see top chart).

But it is also a consequence of very loose monetary policy. The BoJ has deployed an arsenal of special measures to battle Japan’s persistently low inflation. Its benchmark interest rate is negative (-0.1%). It is committed to purchasing ¥80trn ($715bn) of government bonds each year with the aim of keeping Japan’s ten-year bond yield around zero. And it is buying baskets of Japan’s leading stocks to the tune of ¥6trn a year.

Tokyo storm warning

These measures, once unorthodox but now familiar, have pushed Japan’s banks, insurance firms and ordinary savers into buying foreign stocks and bonds that offer better returns than they can get at home. Indeed, Japanese investors have loaded up on short-term foreign debt to enable them to buy even more. Holdings of foreign assets in Japan rose from 111% of GDP in 2010 to 185% in 2017 (see bottom chart). The impact of capital outflows is evident in currency markets. The yen is cheap. On The Economist’s Big Mac index, a gauge based on burger prices, it is the most undervalued of any major currency.

Investors from Japan have also kept a lid on bond yields in the rich world. They own almost a tenth of the sovereign bonds issued by France, for instance, and more than 15% of those issued by Australia and Sweden, according to analysts at J.P. Morgan. Japanese insurance companies own lots of corporate bonds in America, although this year the rising cost of hedging dollars has caused a switch into European corporate bonds. The value of Japan’s holdings of foreign equities has tripled since 2012. They now make up almost a fifth of its overseas assets.

What happens in Japan thus matters a great deal to an array of global asset prices. A meaningful shift in monetary policy would probably have a dramatic effect. It is not natural for Japan to be the cheapest place to buy a Big Mac, a latté or an iPad, says Kit Juckes of Société Générale. The yen would surge. A retreat from special measures by the BoJ would be a signal that the era of quantitative easing was truly ending. Broader market turbulence would be likely. Yet a corollary is that as long as the BoJ maintains its current policies—and it seems minded to do so for a while—it will continue to be a prop to global asset prices.

Rabbit’s sales patter seemed to have a similar foundation. Anyone sceptical of his mileage figures would be referred to the April issue of Consumer Reports. Yet one part of his spiel proved suspect. The dollar, which he thought was decaying in 1979, was actually about to revive. This recovery owed a lot to a big increase in interest rates by the Federal Reserve. It was also, in part, made in Japan. In 1980 Japan liberalised its capital account. Its investors began selling yen to buy dollars. The shopping spree for foreign assets that started then has yet to cease.

Source link

Continue Reading

Business

Page not found | The Economist

Published

on

We are unable to find the page you’re looking for.
 
Try exploring the navigation links above to locate what you’re after,
or use the search box at the top of the page.

Source link

Continue Reading

Business

Page not found | The Economist

Published

on

We are unable to find the page you’re looking for.
 
Try exploring the navigation links above to locate what you’re after,
or use the search box at the top of the page.

Source link

Continue Reading

Trending