Common Cents for May 25, 2018

May 25, 2018, by John Norris

Back in early 2003, the finance committee of the City of Birmingham summoned me to explain the negative performance for 2002 in the account it had entrusted to my then employer’s care. To be sure, given the roughly 60% weight to stocks, it would have been a real magic trick to have generated a positive return in that portfolio for the year. What’s more, we had done much better than most, much, although I completely understand you can’t fold or spend relative outperformance to a benchmark index.

So, I walked up to city hall with some measure of trepidation. To be sure, I can explain the markets with the best of them, maybe even better than most. However, the politicians on the committee at the time were just that, politicians, and not investment professionals. When the S&P 500 is down over 20% in a given year and your firm is managing public money, I think you get the picture.

You can imagine my surprise when I walked into the chamber room to find any number of television cameras and reporters, some of whom I knew on a first name basis. Oh brother, I could just see it: Councilperson So & So asking some sort of aggressive rhetorical question barely on point, and the camera focused on my dumbstruck or bewildered expression. Shoot, they had thrown darts at me for years, but this was the first time the cameras had been there to watch me take them.

My “hat in hand” speech was second on the agenda, following the representatives from the convention center (CC). While I knew the guy from the CC back then, I am drawing a blank on his name today. Regardless, when he stood up, the lights, cameras, and tape recorders went on…it was show time. He proceeded to ask the committee for $2 million in order to purchase some real estate around the CC for future developments, meaning a domed multi-purpose facility.

He had all the charts, renderings, timelines, projections, and what have you, and he did a great job. Even so, the usual suspects on the committee lobbed, you guessed it, aggressive rhetorical questions barely on point (if at all) at him. Not surprisingly, he stood there baffled. While I felt for the guy, I was more worried about how foolish I was going to look on the set that night.

I mean, he was asking for $2 million for a public project…so much rearranging the assets on the balance sheet. I was there to explain where $4 million worth of assets had gone, at least on paper. Oh, this was going to be bad, real bad. There was NO way senior management wouldn’t see the broadcast. There was NO way this was good for my career, although we had clobbered the benchmark.

After they had pummeled him for a few minutes, the dude from the CC turned and left the room. Following him were the lights, cameras, tape recorders, reporters, and pretty much everyone and everything else. By the time it was ready for me to talk, perhaps only two other people remained besides the committee and me, and, most importantly no television cameras. How about that?

Five minutes later, I was on my way back to the office, absolutely no worse for the wear. In fact, I didn’t field a single question, rhetorical or otherwise….not a single one.

I tell you this little tale because, well, Mark Zuckerberg was in Brussels this past week to address the European Parliament about the latter’s concerns about Facebook’s privacy policies and the like. You might remember the Zuck did the same song & dance in Washington a little while ago. What did we learn then? Not all that much. What did the Europeans learn this week? About the same, perhaps a little less.

It isn’t necessarily because Zuckerberg is nefariously trying to obfuscate the issue, although there might be some of that in the mix. Still, based on my personal experience, as I have shared, I would contend it is more because: 1) the people asking the questions don’t know enough information on the topic in order to construct anything coherent, and; 2) politicians like to grandstand and ask rhetorical questions. This type of thing plays well with a certain voter demographic. It does. THAT is why the Congress summons CEOs to Washington to answer the supposed hard-hitting questions, whether they make sense or not. That is irrelevant. Increasing Washington’s (or Brussels’) oversight IS.

Consider what Sen. John Kennedy told Zuckerberg in April:

“Here’s what’s going to happen — there are going to be a whole bunch of bills introduced to regulate Facebook,” Sen. John Kennedy, R-La., told Zuckerberg. “It’s up to you whether they pass or not. You can go back home [and] spend $10 million on lobbyists and fight us, or you can go back home and help us solve this problem.”

Consider that: the implication is powers that be don’t really know all they should, but that isn’t going to stop them from drumming up some regulation anyhow.

Today, something called General Data Protection Regulation (GDPR) came into force. This is a piece of legislation with 11 chapters and 99 articles, which purports to give Internet users control over their personal information. It extends to any entity operating in the EU, hopefully making things consistent across Europe. I have read enough on the matter to know: 1) there is a lot I don’t really understand about the technology (just like a politician); 2) the legislation is pretty expansive and widely encompassing, and; 3) there will be unintended and/or ironic consequences.

To that end, as I type, Google and Facebook have already been hit with lawsuits in excess of $8.5 billion. This on Day 1 of enforcement. And why not? The language in the regulation gives the EU the ability to collect up to 4% of GLOBAL revenue for companies found out of compliance. Trust me, this will be a boon for the European legal community. After all, how many companies have some kind of direct or indirect presence in Europe?

But so what? Right? Consumers should be able to protect their information. No doubt. However, for every action, there is a reaction. How many firms are large enough to afford basic compliance? How many firms just throw their hands up and decide Europe isn’t worth the trouble or the expense? Let alone the threat of a spurious lawsuit?

Consider the following from an excellent article in the Wall Street Journal by Sam Schechner and Natalia Drozdiak:

 

“The EU’s General Data Protection Regulation authorizes steep fines for companies that don’t comply with the new rules, aimed at giving Europe-based users more control over the data companies hold on them. As of Friday, firms that violate the EU’s privacy rules risk fines as high as 4% of their global revenue….

News sites weren’t alone in feeling heat from GDPR on Friday. Privacy activists were quick to take aim Facebook Inc. and Alphabet Inc.’s Google, using the new law’s new provisions allowing consumer groups to file collective complaints. On Friday, a litigation vehicle started by activist Max Schrems alleged that the companies demand “forced consent” from users by applying new take-it-or-leave-it privacy policies.

Those complaints will be reviewed by Helen Dixon, Ireland’s Data Protection Commissioner, who is the lead regulator for Google and Facebook because they make their EU headquarters in Ireland. Ms. Dixon’s office is already reviewing along with other regulators what data companies can demand as necessary to fulfill a contract with consumers…..

“This is an issue we will be looking at immediately,” Ms. Dixon said on Friday. “We are going to have a lot on our plate.”

Companies say, however, that the potential for aggressive penalties is likely to affect some business decisions. Large enterprises acquiring small startups that use personal data might decide against launching a service in Europe, out of concern that the startup could expose the parent to a fine based on the entire enterprise’s revenue.

“If I could choose between [launching a data-related business] in Paris and in New York…I’m going to at least advise the business people to do it in New York,” said David Hoffman, global privacy officer at Intel Corp.”

 

It will be interesting to see how this all plays out, but I am afraid well-intentioned policies could lead to some pretty ironic consequences. Oh, maybe not for the “big guys” for whom the EU is a major market. No, they will pay to comply. It is for smaller companies and those thinking about expanding into Europe. Is it worth it?

Make no mistake about it: there is a lot right with the thought process behind GDPR. However, I have to wonder whether the bureaucrats looked past their agendas to determine the practical business applications. After all, complying with regulations costs money…period. Couple that with the potential for some very significant penalties/damages/lawsuits, and it will be surprising IF no small number of smaller companies/websites simply exit Europe.

Such things happen when people who don’t understand, in this case, business ramifications make the rules. To that end, consider what Andrea Jelinek, who heads up the European Data Protection Board had to say which kind of sums up, what I perceive to be, the smugness nicely:

 

“I’m convinced that the loss of information won’t be that big because I’m sure that the Los Angeles Times will reopen their website—I’m sure.”

 

This WILL be a topic of growing importance, one which could end up altering European growth projections in the future.