Our Firm

Data Privacy: The Right to Be Forgotten

Print Version

New legal requirements are giving consumers more control over how their data is used. These legal changes are also affecting the way companies do business online, increasing their exposure to stiff fines if they fail to protect their customers’ privacy rights. Thus, companies’ adherence to the law is an important consideration for investors.

European Law with a Global Reach

The European Union’s General Data Protection Regulation (GDPR), which became law in May of this year, includes important advances in consumer privacy rights. One of many new rights provided in the GDPR is the right to be forgotten, which can now be asserted by revoking consent to companies that are using certain types of a person’s online data.

The GDPR aims to make companies more accountable for how they handle data. This law mandates rigorous cybersecurity measures and fines that could total 4% of a company’s annual revenue for non-compliance.

Although the GDPR is a European law, it has global repercussions. American tech companies have been working to comply with its provisions, because they sell their products and services globally. In some cases, US companies have removed products from European markets to comply with the GDPR, but in others, they have redesigned products so they can continue to offer them in Europe.

The Challenge for Tech Companies

In addition to regulatory risk, companies face reputational risk if they are negligent in handling consumer data. For example, the highly publicized misappropriation of consumer information by Cambridge Analytica created significant reputational risk to Facebook. When Cambridge Analytica closed its operations, Facebook was left to explain why it had failed to protect customer data from misuse by third parties.

However, not all tech companies are lax with consumer data. Apple has consistently promoted online privacy as a human right. This fall, its Safari browser (ITP 2.0) will feature new antitracking features that will require users to consent to cookies and will prevent third parties from tracking individual Apple users by making their “fingerprints” indistinguishable from those of other Apple users. Not only will this version of Safari provide groundbreaking privacy protections, its debut may also encourage non-Apple users to switch to Safari as a first step into the Apple ecosystem.

Protecting Privacy is Good for Business

User data has become commoditized, and consumer privacy risks have dramatically risen with the adoption of the internet. Although regulatory protections can help protect the public, leading technology companies have an obligation to vigorously address these risks, because neglecting to do the right thing for customers will—sooner or later—be reflected in the company’s bottom line.



As of 6/30/18, Apple Inc. represented 2.2% of TNA of the Parnassus Core Equity Fund, 1.7% of Parnassus Fixed Income Fund due 5/13/2045, 0.9% of Parnassus Fixed Income Fund due 2/23/2023, 0.1% of the Parnassus Endeavor Fund.