Data privacy regulation is an ongoing hot topic within the industry, but employees hold mixed feelings about its effectiveness.

New research from Snow Software shows that 34% of workers feel more secure about data privacy regulation, but 34% say they don’t feel like anything has changed. Respondents from the US, in particular, were most skeptical about the positive effects of regulations.

Overall, nearly three-quarters (74%) of global workers said the tech industry needs more regulations. Snow surveyed 3,000 professionals across the US, Europe, and the Asia-Pacific region to determine how employees felt about about data privacy regulation standards. As technology enables more organizations to harbor personal consumer data, standards must be put in place to make sure this information isn’t exploited.

SEE: IT pro’s guide to GDPR compliance (free PDF) (TechRepublic)

The most well-known data privacy regulation is the EU’s General Data Protection Regulation (GDPR), which went into effect on May 25, 2018. Any company that collects data from an EU country is subject to the rules of GDPR, no matter the size or scope. With GDPR implemented a little over a year ago, Snow Software found that nearly 50% of employees in the Asia-Pacific region reported their data being more secure, and 40% of European employees felt the same.

“The purpose of data regulation standards is to create uniformity in the way individuals exercise control over their data and prevent others from using it in ways that may extend beyond the approval of the individual,” said Kirk Larson, general counsel and senior vice president of corporate development for Snow. “GDPR sets a standard for data privacy across Europe, but each country in the EU also sets additional standards based on the GDPR, and in many instances they impose stricter standards than the GDPR.”

Where the US stands

While members of the EU may feel more secure, US employees do not, the report found. Only 30% of US employees feel like their data is more secure now, which is probably due to the lack of federal data protection regulations in the country. Some progress has been made at state levels, such as with the California Consumer Privacy Act (CCPA), but the US doesn’t have a nationwide compliance standard.

Europe’s historical context actually plays a massive role in its progression with data regulation, Larson said. “Many of these regulations have origins that trace back to mid-twentieth century Europe, where authoritarian regimes used the private data of their citizens to enforce measures that caused significant harm to the individuals,” he noted. “This is why we tend to see stricter regulations in the areas where the greatest harms occurred.”

Since the US doesn’t have the same history, the country is already set up for a less restrictive regulation climate, according to Larson. US tech companies also assert that self-regulation practices are more beneficial for the marketplace, as data policy passed through legislation takes more time.

“Several high-profile data breaches have given consumers greater awareness of the risks associated with granting major corporations unfettered access to their private information,” Larson added. “As a result, we will see regulations become more stringent and more defined as the US government catches up with how businesses are using personal data.”

Mixed feelings about regulation

Millennials were more likely to feel like their data is protected by regulations (44%) than baby boomers (21%), the report found. Some 55% of tech company vice presidents and 52% of directors also said they feel more protected from data breaches, while only 27% of entry-level employees said the same.

The rise in data regulation has resulted in more pop-up and opt-in messages for employees, but opinions are split down the middle whether these messages are disruptive to their workday or not.

“But at the same time, the increase in regulation makes administratively navigating the internet much more difficult, and some might find this to be an annoying and tedious user experience,” Larson said. “Regulation moves so slowly, but we will continue to get better–technology around browsers will get better–and we will get smarter, but right now the increase in regulation creates a difficult user experience.”

GDPR has a long road ahead of itself, drawing attention to the need for transparency and communication about data regulations, especially as government’s role out fines to companies that haven’t set standards, he said.

For more check out, How more countries plan to pass stringent privacy laws in 2019 on TechRepublic.

Also see

Image: iStockphoto/steved_np3