By Alex Malouf, IABC Chair for Europe, Middle East and North Africa
I was glued to my screen twice in the last month. The first video was of Facebook’s CEO Mark Zuckerberg apologizing for the Cambridge Analytica scandal, which is continuing to engulf the social media giant. The second also made for compelling viewing. A video of a government committee in Singapore may not sound particularly exciting, but it was fascinating to see Facebook’s Simon Milner, vice-president of public policy for APAC, arguing with Singapore committee member K Shanmugam, who is the country’s Law and Home Affairs minister.
This back-and-forth between the two made headlines globally, partly because of Milner’s combative approach (I cringed through the course of his testimony), but also because of the point that Shanmugam made about how governments around the world are watching the fallout of the Facebook-Cambridge Analytica scandal and what this will mean for impending regulation in countries such as Singapore, which ostensibly had little to do with events that occurred in the UK and US.
For years, technology and technological developments surged ahead; policy makers struggled to keep up with the IT industry. This situation is changing rapidly. And just like our data is held on servers around the globe, policymakers aren’t confining themselves to a single jurisdiction. Take the example of the European Union’s General Data Protection Regulation (GDPR), which relates to data protection and privacy for both people living in the European Union as well as all EU nationals globally.
Europe’s regulators understand the Internet better than most – the GDPR’s objectives are to protect the “digital citizen”. All data relating to an EU citizen is considered ‘personal’ under the GDPR, regardless of where a EU citizen is located, or if they have been identified directly. Essentially, from May 2018 when the legislation comes into effect, the GDRP’s set of rules will provide both legal certainty and create trust across the whole of the EU as well as outside of the EU for the bloc’s citizens.
The GDPR is an example of what new legislation will look like – with implications for both marketers as well as the public.
Firstly, data regulation will be as borderless as possible. Firms that misuse data will be punished and overseen by both monitoring and enforcement mechanisms no matter where those firms are located. With the GDPR, any firm that is found to have misused the data of EU nationals will face fines – which will be levied on the firm’s Europe-based operations and their ability to win future EU contracts will be at risk, – and could be at the risk of being publicly sanctioned.
Secondly, as Singapore’s Shanmugam pointed out, governments globally are watching and learning. There’s little appetite among policy makers to see data being misused, especially when both, the data and platforms, are present in pretty much every single jurisdiction where there is an Internet connection. We’ve got to remember that it’s not only the data which is borderless; how many of us have family and friend connections from people in more than 10, 15, or 20 different countries. With few exceptions (China being the standout), social media is prevalent. Of the seven billion people in the world, 2.2 are on Facebook and over one billion use Google Search.
The online tools we use and the data sets collected on us are ubiquitous. The one national exception to our online experience is the set of laws we are subject to. Given the precedent of the GDPR, the implications of Cambridge Analytica, and the inability of the Internet’s dominant players – the likes of Facebook, Google and Twitter – to effectively self-regulate on big issues such as data protection, fake news and public rights, it’s likely that we will see more co-operation between policy makers when it comes to drafting and enforcing new legislation.
And that affects us all, including the Middle East.
I’ll leave the last words to Singapore’s Shanmugam himself: “If you thought that you [Facebook] could turn up here today, not answer questions on Cambridge Analytica, and explain (away) your answers today with your answers five weeks ago to a different parliament. We are all sovereign parliaments but we look at your conduct all over the world.”