Money managers around the globe are considering the impact on their technology sector investments of incoming rules over data and its use — with awareness heightened by recent issues related to social media platform Facebook Inc.
Starting May 25, the European Union's General Data Protection Regulation comes into force, and with it a set of stringent rules and penalties for non-compliance. The regulation puts the onus on all companies that hold personal data of EU citizens — regardless of the firm's location — to keep that information safe from privacy and data breaches. EU citizens will be able to manage the amount of information they are releasing, who accesses it, and how it is used.
Breaches can result in a hefty fine, with companies hit with penalties of up to 4% of annual global revenue or €20 million ($24.6 million) — whichever is greater.
Any regulation that affects the technology sector would be a serious consideration for investors; technology companies account for 25% of the S&P 500 index; 21% of the Russell 1000 index; and 20.5% of the Russell 3000 index.
Money management executives are working hard to figure out where the risks and opportunities might lie as a result of the far-reaching rules.
"It's really empowering the final client," said Lorenzo Angelini, portfolio manager-European equities at Amundi in Dublin. "It is a big change — if you look at the technology ecosystem in general, the flow of data has been a source of value (for some firms) and a way to understand client behavior, target advertising and enhance services."
While the rules were debated for years, and the enforcement date known for some time, the issue has been brought into sharp focus for money managers and analysts by recent allegations against Facebook Inc. and its data protection processes.
"The timing of the Cambridge Analytica scandal (regarding Facebook and its user data) was interesting as it was out before GDPR comes into effect, but serves as a timely reminder of what's required under regulation," said Neil Campling, co-head of the global thematic group, specializing in technology, media and telecoms at Mirabaud Securities Ltd. in London. "It doesn't matter if (a company holding and using information) is a small enterprise or a large, multinational corporation, the policies apply regardless" of size and company location.
The rules carry "a whole variety of implications — businesses based around using those data sets, for example for target advertising, could be severely impacted," added Mr. Campling.
Allianz Global Investors' analysts in Frankfurt spent time last year running "a very thorough in-house analysis of the legal text (which) led us to the view that GDPR is more than just a series of boxes that corporates must tick to be compliant," said Marie Rupp, analyst at the money manager. "We believe it will be a game-changer for business(es) dealing with private data. So we are prepared to spend even more time in the month ahead to scrutinize the way things will take shape in certain sectors, and from this, understand the impact on our investment portfolios."