Security & Fraud

Why The EU Data Privacy Law Matters To US Companies


While Europe continues to usher in its newly passed data privacy law, U.S. companies are left to figure how the change in regulation will impact its businesses.

The law is expected to replace the patchwork of data-related protections and rules currently available in the EU. The EU Data Protection Reform also establishes fundamental rights for citizens, as well as modern guidelines and rules for companies of all sizes.

But according to several American companies, the EU-wide data protection law goes against many common practices within the U.S., The Wall Street Journal reported late last week.

For U.S. companies operating in Europe, the new law imposes stiff penalties related to collecting and analyzing Big Data from sensors, apps and other sources, specifically when it comes to user profiling and data mining.

“It’s going to be a game-changer,” Jack Yang, Visa’s chief privacy officer and head of data use, said during a conference last week in relation to how companies were handling the new legislation.

According to WSJ, the new law could impose massive fines of up to 4 percent on the global revenues of U.S. companies, while also bringing legal uncertainty on subjective notions that can be construed differently based on individual companies and regulators.

“Legal uncertainty and big fines are a toxic cocktail,” Allan Sørensen, a board member for advertising trade group IAB Europe, told WSJ.

While larger U.S. companies are beginning to lobby in response to the new law, European cyberinsurance providers are reveling in the growing demand for their services, Reuters reported.

“We have seen clients buying policies because they know that this is coming,” Paul Bantick, U.K. focus group leader at insurer Beazley, told Reuters.

“Breaches are going to get more expensive, they are going to get more complex and they [clients] want insurers to help with both of those issues,” Bantick said.

According to a survey of the cyberinsurance market called The Betterley Report, the cyberinsurance market in the U.S. has increased by more than a third this year, with premiums totaling $2.75 billion.

Stephen Ridley, senior development underwriter at Hiscox U.K., told Reuters that the U.K. cyberinsurance market is estimated to have tripled in size this year, with some insurers seeing demand increase each month.

The onslaught of high-profile data breaches, along with evolving regulations and guidelines surrounding cybersecurity, may contribute to the increased trend in cyberinsurance demand globally.

A report issued by PricewaterhouseCoopers earlier this year found that the global cyberinsurance market is expected to reach $7.5 billion in annual premiums by the end of 2020 and at least $5 billion by 2018.

The “Insurance 2020 & beyond: Reaping the dividends of cyber resilience” report also stated the market is primed for disruption from those seeking to capitalize on the cybersecurity opportunity.

“If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market. If the industry takes too long to innovate, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favorable terms,” Paul Delbridge, insurance partner at PwC, said in a press release announcing the report findings.


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.