How are international data privacy laws affecting global tech companies?

By Albert Gorani, St. Christopher's Bahrain

Devices imprinting, storing, saving, every letter typed through our screen, with our data flooding digital archives with our personal information. However, ever-growing possibilities in the digital world compelled the EU to question: Where are companies’ binding obligations to guard our data, our livelihoods, from misuse? This mounting pressure from data subjects fueled EU’s GDPR (General Data Protection Regulations) enactment in 2018 ^[4]. Some multinational tech corporations (MTCs) myopically viewed GDPR as a financial and operational threat. However, other MTCs capitalised off GDPR through advertising their consumer-prioritising business structure.

The EU enacting data privacy (d.p.) demands, mainly through GDPR in 2018, financially impacted MTCs. Tech companies needed more data privacy attorneys to mitigate the risk of massive fines accompanying non-compliance of GDPR. This increased compliance costs, with the largest US megacorporations globally spending an estimated $7.8B on compliance ^[6]. Yet despite legal guidance supporting companies in creating robust data-handling infrastructures which satisfy GDPR data subject rights, GDPR’s Article 82 still puts corporations under consumer litigation risks, as data subjects can sue for material and non-material damages (distress) despite the tech company’s resolution of the breach ^[5]. Thus, GDPR exacerbated MTCs’ financial exposure to litigation from breaches, despite data breaches being uncontrollable, even by the most diligent companies. Concurrently, EU’s prospective GDPR enforcements caused tensions between the EU and MTCs, such as Google, who lobbied the government, spending over five million euros annually to influence EU policymakers away from new regulations, harmful to their modus operandi ^[2]. One instance is when EU policymakers were planning on, minimally, profound surveillance advertising restrictions ^[3]. Google argued that this would harm small businesses. However realistically, banning surveillance advertising would lessen recommended advertisements’ accuracy to users, with Google disallowed from constantly tracking user activity, lessening Google’s advertising revenue.

Despite negative short-term operational effects, long-term effects look promising with 94% of organisations globally believing consumers wouldn’t buy from them, without their proper data protection (Cisco, 2023). This highlights how augmenting awareness of data mismanagement through GDPR’s enforcement of full data-usage transparency from applications, is increasing data-management demands globally. Hence, leading to d.p. becoming a powerful marketing tool, capitalisable by tech corporations through advertising. Apple for example, advertised themselves since GDPR enforcement, as a privacy-prioritising tech corporation with its “Privacy, That’s iPhone” campaign (Wuerthele 2019), highlighting the inherent competitive advantage to MTCs of marketing commitment to data protection. Additionally, Apple’s ATT feature further complicated apps’ nonconsensual continuous data tracking, contributing to advertising revenue loss for MTCs like Meta (The Guardian, 2022), and Apple’s competitive advantage. Hence, international d.p. laws transformed d.p. into a powerful marketing tool, enabling companies’ data-protection improvements, preempting companies from reputation-damaging breaches.

Regulations, enactments, international d.p. laws have initiated a market revolution of corporations navigating the chaotic current of responsibilities in protecting data subjects’ privacy. Some companies like Apple realised that consumer awareness was in fact an opportunity to distinguish themselves as trustworthy in an unpredictable digital era. However, other profit-prioritising companies (Google) still lobby for minimal data protection. This shows GDPR’s improper enforcement. Therefore, to ensure a sustainable digital ecosystem where tensions between lobbying MTCs and GDPR enactment are avoided, GDPR must be integrated as a standard globally rather than a bargainable punishment only enacted by the EU. One way the EU is already ensuring this is Adequacy decisions: where the EU only chooses data to flow freely to and from non-EU countries that have data privacy laws enacted similar to GDPR’s. The economic threat of discontinuation of EU data flow to other countries creates a powerful economic incentive to make GDPR a global standard. Consequently, GDPR and its impacts highlight the beginning of global disenablement of data-exploitative MTCs.

References

1. Cisco (2023) ‘2023 Data Privacy Benchmark Study’, Cisco https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2023.pdf (Accessed: 12 September 2025).

2. Corporate Europe Observatory (2021) ‘The lobby network: Big Tech’s web of influence in the EU’, Corporate Europe Observatory (https://corporateeurope.org/en/2021/08/lobby-network-big-techs-web-influence-eu) (Accessed: 12 September 2025).

3. Corporate Europe Observatory (2022) ‘How corporate lobbying undermined the EU’s push to ban surveillance ads’, Corporate Europe Observatory (https://corporateeurope.org/en/2022/01/how-corporate-lobbying-undermined-eus-push-ban-surveillance-ads) (Accessed: 12 September 2025).

4. European Commission (2015) ‘Questions and answers – Data protection reform (25 November 2015)’, European Commission (https://ec.europa.eu/commission/presscorner/detail/en/memo_15_6385) (Accessed: 12 September 2025).

5. European Union (2016) ‘Art. 82 GDPR, Right to compensation and liability’, GDPR.eu (https://gdpr-info.eu/art-82-gdpr) (Accessed: 12 September 2025).

6. Fazal, D. (2020) ‘The Cost of GDPR Compliance’, Medium (https://drfazal.medium.com/the-cost-of-gdpr-compliance-8e58a2b5232e) (Accessed: 12 September 2025).

7. The Guardian (2022) ‘$80bn wiped from value of Facebook and Instagram owner Meta’, The Guardian (https://www.theguardian.com/technology/2022/oct/26/meta-earnings-report-facebook-stocks) (Accessed: 12 September 2025).

8. Wuerthele, M. (2019) ‘Privacy. That’s iPhone’ ad campaign launches, highlights Apple’s stance on user protection.’ , AppleInsider (https://appleinsider.com/articles/19/03/14/privacy-thats-iphone-ad-campaign-launches-highlights-apples-stance-on-user-protection) (Accessed: 12 September 2025).