- GDPR, Europe's tough new privacy rules, haven't had much impact on Facebook.
- But analysts are warning there could be bigger risks on the horizon if regulators decide to take aim at the company.
- If this happens, it could "spook" marketers and seriously impact the social network's bottom line — a risk one analyst says investors are far too "complacent" about.
It's been a month since Europe passed tough new privacy rules, and Facebook isn't breaking a sweat.
Analysts are predicting that GDPR (General Data Protection Regulation), the EU's new rules on how companies can handle European data, won't have any meaningful impact on Facebook's bottom line — but it might mask bigger dangers on the horizon.
Brian Wieser, an analyst at Pivotal Research Group, warned in a recent research note that investors may be getting "too complacent" over the risks to Facebook. But there's a growing sentiment that Facebook isn't properly compliant with the law, and this could come back to bite them.
"We think investors are too complacent on this matter, and probably will become more so when 2Q18 results are reported with no apparent negative impact from GDPR," he wrote. "What we think will happen is that at some point in the months ahead, regulators in some markets will attempt to take actions which will illustrate the potential financial consequences of violations of the law."
"While those actions will likely take years to work their ways through the courts and probably won’t cause Google or Facebook to change their behaviors, they probably will spook marketers who have generally taken too casual an approach to GDPR to date. This would be the sort of event that would cause a meaningful change in the trajectory of growth in spending within the region."
In other words: Regulators are likely going to try their luck against Facebook, and when that happens, expect marketers — the drivers of Facebook's revenues — to freak out. (Facebook has previously said it is fully compliant with GDPR.)
Deutsche Bank analysts have previously warned of similar risks. While privacy activists are already lining up to sue the likes of Facebook and Google over GDPR right now, in the investment bank's opinion the greater risk is national governments and regulators taking direct action.
"While we do not opine on the likelihood of these [activist] lawsuits being successful we believe the sheer volume of lawsuits could be cause for concern, and if nothing else, a distraction for FB and other tech companies alike (e.g. Google)," the analysts wrote. "We would be far more alarmed by regulators directly litigating" — citing a report on how UK regulator the ICO is growing its staff by 40% over three years to enforce the new legislation.
Companies found to violate GDPR don't just get a slap on the wrist — regulators have serious teeth to punish non-compliance. Organisations can be fined 4% of their global annual revenue (i.e. not just revenues generated in Europe) or €20 million ($24 million), whichever is higher.
Join the conversation about this story »
NOW WATCH: 6 TV babies you never knew are twins in real life
0 Comments