Instagram is to leave Europe. How should GDPR change for EU millennials to keep posting stories.

Any fintech working in Europe would agree – I’m sure – that the growing user data-related regulatory pressure has been a major headache. There is as well an ongoing battle between Europe and U.S. Big Techs about the treatment of personal data, with even Meta now considering shutting down Facebook and Instagram in Europe if regulators fail “to adopt a proportionate and pragmatic approach” to data processing.

Furthermore, the implementation of the GDPR might take a new spin following the Austrian data regulator, Datenschutzbehörde, recent decision that the use of Google Analytics breaches the Regulation. While still not final and applicable only in Austria, this development, together with the one from the European Data Protection Supervisor, may result in many providers, especially those with a substantial share of web-based services, having to adopt more expensive in-house data-processing solutions and generally starting questioning with whom the responsibility for any user data-related issues lies.

The core principle of the GDPR – that user data belongs to the users, and not to banks or multinationals or tech giants – is indeed worthy to be universally applied and adhered to.

However, history teaches us that, ultimately, any prohibition without a viable alternative not only fails to achieve its goals but may, in fact, inspire unpredictable and, in some cases, devastating results. Therefore, we must approach the issue of (un)controlled personal data use with great care, obviously. A modern-day analogy: however imminent the challenges of climate change are, it would be impossible for the world to simply ban energy generation from non-renewable sources. At this stage, the use of alternative energy only is not sustainable. First, we need to nurture an alternative, gradually increasing the share of RES-generated energy and subsidising companies that develop solar, wind, geothermal, and other unconventional energy sources.

This situation can be seamlessly extrapolated to personal data use in Europe. What, for example, would be an in-house solution that could replace online B2C promotion on YouTube, Facebook, or Instagram? Unfortunately, there are currently no alternatives to American software that are comparable in their functionality, scale, and penetration. I am speaking from the experience of KoronaPay as before turning to the Google Analytics toolbox, we did try working with other, European-based providers.

This lack of alternatives can be, at least partially, attributed to the general lack of focus in Europe when it comes to creating and supporting such alternatives. There are, of course, multiple initiatives such as EIT or Digital Europe that “foster innovation”, but for any admirable idea born in the EU there is a fair chance it would not live to be, due to suffocating bureaucracy limbo of which the data-related policies are part.

I’m not arguing that we should drop all protective measures and give companies free rein to do with user data as they please; of course not. But nor should we throw the baby out with the bathwater. If we look at the countries whose approach to personal data differs from that in Europe, we see fintech growing explosively. Not being considered a financial institution, tech giant Tencent circumvents the regulations using the data generated through its non-financial services to offer – yes – financial services. WeChat, a super app, is an obvious product of this.

Companies like Tencent, Google, or Facebook thrive on the principle of “the winner takes it all”. They were lucky to ride the tech wave back in the time when the very concept of personal data was yet to crystallise, and today they continue to capitalise on this historical advantage. Again, for the common good, the influence the tech giants have today, should be limited through regulation to protect users and their personal data. And the GDPR is the regulation that was created to do exactly this, but at what cost? Ticking all the GDPR boxes is an expensive and demanding obligation, as this latest example with Meta shows. But what is “merely” expensive and demanding for multinationals can become prohibitive for companies with less leverage, particularly startups, that are often the drivers of innovation.

Perhaps, ironically, a more “personalised” approach to regulating personal data use – in the broadest sense of it – would facilitate creation of viable alternatives to foreign Big Tech solutions on which so many European companies rely in their daily operations. As with the progressive taxation of wealth, if major, well-established tech companies could be subjected to a range of regulations broader than an aspiring startup, it would allow to keep the former at bay when it comes to exploiting user data while alleviating the burden at a startup level and, thus, fostering innovation.

Thanks to the pandemic, some countries, in Europe and elsewhere, have recognised the importance of consumer-focused fintech and begun favouring the tiered e-KYC instead of viewing it as insecure and vulnerable to hacking. Providing guidelines on legal use of personal data, data protection regulators in Europe could give EU-based companies a competitive edge against U.S. and any foreign services that are not as bound by restrictions on the use of analytical services. Such guidelines would ensure that personal data is reasonably protected, and innovative companies have the leverage they need to bring their breakthrough ideas into this world. Hopefully, as the EU continues its negotiations with the US on the next data protection agreement, the above would be taken into consideration as well.