In just a few days Facebook’s stock market value plunged by $100 billion in the aftermath of the scandal surrounding their use of user data and the involvement of research firm Cambridge Analytica
This comes at a sensitive time for the tech industry, where governments and constituents are exploring how to finally address the legal grey area in which tech companies currently operate.
Here are the biggest upcoming legal and regulatory issues for the industry in the rest of 2018.
MiFID 2 and PSD2
These two regulatory changes to be enacted in Europe will impact the entire industry in multiple ways. PSD2 is a ruling that requires banks to open up their data silos they have regarding customers to third-party API calls, allowing smaller startups to leverage that data for their own research and products.
This impacts banks in two ways: firstly by requiring them to get enough control of their legacy systems to enable easy querying of their data (which is no mean feat considering the outdated patchwork of tools many use), and secondly by levelling the playing field in giving more agile newcomers access to incumbent resources.
Either way, this is not a welcome development for banks.
MiFID 2 will be less of a shock, but will cause turbulence all the same. It involves a clarification of financial transactions as they are processed internationally. Again, the biggest impact is the amount of work it will take to become compliant.
In a nutshell, these measures make it a good time to be a FinTech startup or an IT consultant.
It is a complex time in the data management industry. Privacy Shield is a big regulation being brought in to protect the legal integrity of Europeans’ data when it is sent to the US. As of now, the standards of data protection in the US are much less stringent than in Europe. The results that it is hard to be compliment with the spirit or the letter of EU regulations regarding data handling.
Privacy Shield aims to resolve this issue, holding US based firms to a higher standard. However, the rollout of the agreement on the US side is apparently not up to scratch, which is particularly relevant because of..
The GDPR is a raft of new regulations and controls that significantly increases privacy and security of data in the EU. It will be a watershed moment for the tech industry, brought on because of high profile data breaches, the explosion of user data generated, and government surveillance in Europe and abroad.
Many companies are scrambling to get in order before rollout at the end of May. It could have as big an impact on technology in Europe as Sarbanes-Oxley had on the finance industry in the US.
And it feeds into the Privacy Shield complication: if the US doesn’t resolve the Privacy Shield shortcomings before GDPR rollout then the EU say they’ll bring the issue to the European Court of Justice. Could we be in for a tense stand off?
It seems crypto has an answer for everything, and they enter this list in a couple of interesting ways. Firstly, as implied by the name crypto has seen many offshoots aimed at facilitating privacy.
This is good in how it might simplify the lives of users. But in turn there is a debate about the level of regulation in the space: some want more regulation, in many cases to improve the industry rather than shut it down. Places like Gibraltar, Malta, and Wyoming are taking measures to adopt a light but transparent approach to regulating crypto platforms. China recently moved to ban all cryptocurrency trading.
Interestingly, there are several of these platforms targeting the data privacy and protection issues mentioned earlier.
There are a few converging trends: public wariness of data protection and privacy and the public conception of data hacks, the proliferation of quantified data on everyone, and regulation that has been in the works for a long time.
Taken together, 2018 could see events that define regulation in IT for the foreseeable future.