EU’s Proposed Data Laws Can Only Produce One Thing: Outsourcing User Data

In 2011, Sony had several major security breaches: Sony Online Entertainment, Sony Pictures, and Playstation Network all were attacked and private data was successfully stolen. Their handling of the attacks, particularly the larger PSN one, was widely criticized.

Many users are either unaware or acutely aware of how many sites and services have financially or personally sensitive information on record. Events like the Sony hacks do not reassure them, and actions like Google’s yesterday (though arguably innocuous) may alarm them. Users want more control and more security.

And the EU is looking to give it to them. But with the threat of enormous fines, many companies will find that the most logical thing to do is move away from the entire business of storing and serving user identities.

It’s a simple fact that maintaining a database of a hundred thousand or a million (or far more) active users is a serious engineering problem in both software and hardware. Keeping things secure but still accessible, staying abreast of new regulations (like those proposed in the EU), providing localized support on billing and user data issues — it’s quite a task. Web enrollment in software and services is growing at a huge rate, and many products and “real” items such as cars and banks are increasingly reliant on online services as well. It’s been happening for a long time, sure. But the stresses are starting to get out of hand.

If you’re a car company, or a movie distribution service, or a game publisher, the process of keeping and tracking your users securely is becoming too great of a portion of your business. And with increased regulation and requirements like the EU’s (which some are calling “onerous” and a “tax” on businesses that keep electronic records, but are probably nevertheless inevitable), it’s not something on which they can get by with minimal effort.

So what will happen? The same thing that happens whenever a part of an industry begins to outgrow its role: new, dedicated companies sprout up and the world offloads the task onto them.

This already happens to some extent, of course. It’s not like every company in the world maintains an independent and proprietary database of its users. There are services and software for this purpose, and the user-management business is plenty real already.

But for the millions and millions of people and accounts still internally managed (numbers that are growing worldwide in any market you can think of as online services gain more traction), the situation no longer makes sense. Why should a company that runs a movie distribution service also be running a world-class user-management service? It doesn’t make any sense. It’s like a restaurant making its own forks.

It was logical for a while that data related to Sony services should reside on Sony servers, administrated by Sony. But in a day where our logins transcend sites, and everything we do is personalized, that no longer really rings true — to Sony, that is. Regular humans want to go to a site, put in their user name and password, and have their data retrieved. They don’t really care if the data is served by Sony or a third-party site because it’s never said one way or the other.

But for Sony and companies like it, the increasingly expensive and complicated user-management part of their business is starting to look like an attractive target for spinning off to third-party services. And third-party services are going to start revving their engines to attract these user-weary multinationals. This doesn’t apply to services like Instagram and Spotify, naturally; they’re account-focused to begin with.

It will be much easier for a company built from the ground up for user databases to handle these requirements and adjust to local laws. They can do it faster, better, and cheaper than an internal team, and compete directly with each other. It’ll be good for the user data sector and good for the multinationals hoping to offload this burden. Not to mention good for the users: the EU regulations require fast turnaround on data, instant notification of security breaches, and impose heavy fines for abusive or neglectful companies. Sony wants to worry about the quality of its games and devices, not about whether each of its 20 internal user-tracking divisions is jumping through legal hoops.

Secure account management isn’t the most exciting business, but you better believe it’s going to show some serious growth over the next few years, and everyone will gain by it.