Why the Rest of the World Can’t Free Ride on Europe’s GDPR Rules

The digital industry is riding an important – and turbulent — wave of change right now, led by social giants like Facebook. Companies and analysts are scrambling to figure out how to make privacy rules clear, protect user data, and evolve the business models that made them successful in the first place. A rising chorus of voices suggests that there is a readymade solution to these pressures around data — and it has already been prepared by regulators in Europe. The EU’s upcoming General Data Protection Regulation (GDPR) will put in place the world’s most demanding set of rules on how user data can be collected and used. GDPR could become a model for the rest of the world. But the rest of the world cannot free-ride on Europe’s policy decisions. Nor can consumers rely on Facebook CEO Mark Zuckerberg’s self-described sense of “responsibility.” Business leaders and policymakers alike need to remember that technology changes fast and rules are rarely “one size fits all” and that the developing world faces troubling risks that often fall second to attention around U.S. and EU markets.