U. S. Senator Kirsten Gillibrand (D-NY) introduced legislation to create a Data Protection Agency to, in her words, “bring the protection of your privacy and freedom into the digital age.
“Data has been called ‘the new oil.’ Companies are rushing to explore and refine it, ignoring regulations, putting profits above responsibility, and treating consumers as little more than dollar signs. Like the oil boom, little thought is being given to the long-term consequences.”
Sen. Gillibrand rightly calls out the United States for being behind most advanced economies that have national data privacy laws or agencies governing the collection and use of consumer data.
As noted in some media coverage, one important provision not included in the legislative proposal is the creation of a national data privacy law that preempts existing state laws, in effect leaving in place the patchwork quilt of state laws like the newly enacted California Consumer Privacy Act. This approach has been a non-starter amongst big tech companies and many Republican senators, bogging down progress on the issue in Congress for nearly two years.
Companies like Microsoft have led industry calls for a GDPR-like law in the U. S., but Congress has not taken any substantive action to date.
The companies with the most at risk are the data brokers—chiefly Google and Facebook—whose unmitigated access to our data has made them two of the six largest companies in the world by market cap.
As shared previously, from an investor perspective, executives and boards that don’t understand and communicate about new, complex risks lose money for shareholders. Though GDPR has not been the force many predicted (and feared) to date, and a new law in the U. S. could still be years away, data privacy falls into this risk category. But, regulation doesn’t have to be the driver of better governance.
After all, financial markets will reward great management teams who navigate ahead of the regulation curve via higher multiples than their peers receive—and, of course, the reverse is also true.