Category: gdpr

What a VC Learned by Visiting Congress

By Stephen Forte,

Last week, the Fresco team visited Washington DC and participated in a dialog with members of the US Congress. It was organized by a trade organization we are members of: ACT, the App Association.

ACT represents more than 5,000 tech companies in the United States. They advocate to the US government for a competitive environment that inspires and rewards innovation. Some of the issues ACT has prioritized this year involve law enforcement’s lawful access to data, cybersecurity, broadband, Net Neutrality and STEM education. ACT publishes an annual “State of the App economy” report that outlines broadband access and the number of tech jobs and Computer Science graduates.

The Cloud Makes Things….Complicated

We were the only VCs at the event, so you may ask, why should we care about policy in Washington DC?

To give you an example, Fresco invested in a SaaS startup based in Europe with customers all around the world. They also have several employees and a physical office in the United States. Their data is stored on Amazon’s AWS servers globally.

If one of those customers is accused of a crime and law enforcement demands the customer’s data, the startup has some legal problems. If they just hand over the data, they may be in violation of their local and EU laws. If they don’t hand over the data, they may be in violation of US or the accused’s country laws.

Very quickly a small startup may need lawyers in three or four different countries in order to solve the issue. That can get expensive, real fast.

The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) helps to solve this problem. Passed this year in the US Congress with the help of ACT, it states that law enforcement’s request for data housed in the United States must follow the due process for the country of the accused person’s citizenship. While it is not perfect and there are still many issues to iron out, by clarifying the rules, it will have immediate benefit to tech companies worldwide, drastically reducing the burden on startups.

“Sarbanes Oxley” for Data Privacy

The members of Congress and their staff are up to speed on most of the tech issues, however, they struggle to prioritize the issues important to our industry against the zillion of other things in front of them. That’s why we went to Washington DC to have a dialog. We visited several offices and had very deep conversations on the CLOUD act, cyber security, consumer privacy, broadband, and quantum computing (in regards to encryption). We were able to link the issues to the economy, national security, and most importantly-their districts.

With the EU’s new General Data Protection Regulation (GDPR) about to go into effect there is a bill in front of Congress today that would take GDPR and push it one step further in the United States. It is basically “Sarbanes Oxley” for data privacy, creating a ton of new regulations, reporting, and legal requirements that would drastically increase the cost of doing a SaaS or consumer business. In addition, it would be illegal to store several types of data which could effectively kill the business models of Facebook, Google, and hundreds of other companies.

We were able to describe to members how this would effect the business of the companies in our portfolio as well as drastically reduce our future deal flow. We stressed how this would stifle innovation and the members clearly got the message. Several offices have already followed up with me and other members of the delegation. When this bill is up for debate, it will take into account all the concerns we brought up and the final bill will be very different-in part because of our dialog.

Our Responsibility

As a VC, it is our job to stay on top of all the new technology, demographic, and macroeconomic trends in order to to spot opportunities and invest in the best companies. We also have to be up to speed on everything in the startup ecosystem in order to give our portfolio companies the best advice. (Like advice on crypto and ICOs, for example.) Understanding the current regulatory and policy environment is now something we have to be up to speed on in order to best serve our investors and companies. I never thought going to Washington DC would be part of the job description of being a VC, however, it clearly is.

What a VC Learned by Visiting Congress was originally published in Fusion by Fresco Capital on Medium, where people are continuing the conversation by highlighting and responding to this story.