The GDPR highlights the problem in EU’s Cyber Posture

Any country’s cyber posture is the way in which it intends to react to the developments in cyberspace ranging from cyber threats, cyber-attacks, financial frauds to the innovation in technology that makes life easier, supports businesses, healthcare, education etc. In this backdrop, EU’s cyber posture prioritizes data privacy over data sharing and data integrity over data usage in the cyberspace. The problem with EU’s current cyber posture is that although it increases EU’s power and value in terms of norm building for the global digital order, it decreases its prospects of substantial development that an interactive cyberspace can bring with it.

The General Data Protection Regulation (GDPR) reflects EU’s cyber posture at its best, inspiring various countries like South Korea, Canada, Brazil etc. to adopt similar normative framework. But, there are several challenges to the GDPR, which are reflective of larger challenges to EU’s cyber posture.

Interestingly, the GDPR was passed as a protection mechanism against the Big-Tech to stop them from data stealing of the citizens. But, it has had the reverse effect. The Big-Tech could afford bureaucratic hassles and rigorous changes that the GDPR demanded and also found out its loopholes which helped them continue with their operations. The findings show that companies exposed to the new regulations saw 8% reduction in profits and 2% decrease in sales. But, the companies facing this dip are majorly Small and Medium Enterprises, who have been driven out of business further leveraging the Big-Tech’s position in the region. Apart from hefty fines that Google and Meta had to pay, such giant companies have cushioned themselves and heavy burnt is borne by smaller companies for whom compliance costs have become higher than operational costs.

But, it is not only the business sector that has faced the impact. Recent reports on Covid-19 showed how the GDPR proved to be a hindrance in the process of data-sharing and contact tracing of the patients, creating delays in generating data that could have effectively reduced the crisis in the region. The suggested alternatives were very expensive. EU’s cyber posture thus demands lot of resources and the regulations which are not as effective and useful as intended.

GDPR, reflecting EU’s Cyber Posture, in this manner slows the conversation between government and private data, which is important to develop effective digital public infrastructure. In today’s time, data can create an ecosystem that can address a lot of problems via the integration of digital identities. Digital Public Infrastructure models are based on the idea of interoperability among various digital blocks. For example, the healthcare ecosystem can combine citizen’s information, physical and mental health data, generate database of her/his vaccination status and update it in a common database which can be viewed and utilized by doctors. Similarly, a platform combining employment status of an individual with his work history can help her/him find more and better opportunities. In this context, EU’s Cyber Posture limits its capabilities of creating such an ecosystem. If we look at the Digital Economy and Society Index 2022, we can see that the pace of “integration of digital technology” is at a very low rate, even in the developed countries such as Germany and France.

Thus, the problem of maintaining such a Cyber Posture is two-fold: Firstly, it restrains the development of smaller businesses in EU, whose digital marketing and profit strategies depend on analytics using the consumer’s data. As explained, this does not affect the larger companies. Such stringent rules drive the companies away to other destinations where the rules allow them to function more efficiently, creating hindrance in full-realization of EU’s business potential. Secondly, even if it is assumed that EU’s posture at least saves it from the exploitation that the global internet brings with it, its own internet model that gives the citizens the “right to forget” and “right to data portability” hinders the effectiveness of positive outcomes that data sharing can create, especially in the field of integrated public services via digitalization.

Aishwarya Acharya
Aishwarya Acharya
Aishwarya Acharya has completed her Masters in International Relations and Area Studies from Jawaharlal Nehru University, New Delhi and is currently working as a Research Intern at Institute of Chinese Studies. Her interests lie in Security, Political Economy and Tech Geopolitics. She has written articles for Financial Express, Lowy Institute etc.