[Feature Image: SMU Assistant Professor of Accounting Richard Crowley (left) and PhD in Accounting graduate, Zhao Yue]
By the SMU Postgraduate Research Programmes Team
Corporate organisations are increasingly reliant on digital transformation to drive growth and gain a competitive edge. To achieve business objectives, the use of data-driven technologies and processes is required. However, the uptick in data collection also creates new data privacy and security risks. In light of these risks, organisations need to understand how data protection laws such as the General Data Protection Regulation (GDPR) affect them.
In “How Accountancy Can Prevent Manipulation of Public Information” – the second episode of Theory of Curiosity, a podcast series where listeners get inside the inquisitive minds of SMU’s brightest researchers – Assistant Professor of Accounting Richard Crowley explores the intersection between online data, public trust in corporations, and accountancy with first-year PhD in Accounting candidate Zhao Yue.
Zhao Yue is a dual-degree PhD student at SMU and Renmin University of China. His research focuses on data assets and the governance of corporate digitalisation, and he is currently working on several research projects on the accounting of data assets, the General Data Protection Regulation (GDPR) of the European Union (EU), and corporate voluntary disclosure.
Influences of GDPR
The objective of the GDPR is to protect the data privacy and personal information of any EU resident and consumer, regardless if the data processors or controllers are American, Chinese or Singaporean firms. So how does GDPR affect our daily lives? We are constantly prompted to ‘accept cookies’ or ‘update cookie settings’ when visiting websites. Every time we download a new application, our permission is requested to allow the application to track our activities.
According to Zhao Yue, such moves impact hundreds of thousands of companies of varying scales – from multinationals (such as Mastercard) to small manufacturers and restaurants – and GDPR regulates how they gather and handle personal information. “The GDPR creates or toughens obligations for firms, such as measures to minimise the information collected,” says Zhao Yue.
“(GDPR) gives us individuals expanded rights, such as the right to see, correct or delete our personal information.”
The EU’s GDPR enforces rules about how companies collect and use information about individuals in the EU. It protects any EU resident and consumer’s data privacy and personal information, even if the data processors or controllers hail from overseas. The legislation could even apply to SMU, where European students are enrolled in the University. He adds: “It gives us individuals expanded rights, such as the right to see, correct or delete our personal information.”
However, companies or entities who run afoul of GDPR rules face more than a light slap on the wrists. Companies may be penalised for as much as four per cent of a company’s global annual revenue for severe violations. As examples – Amazon received a US$888 million fine over data violations, while WhatsApp was penalised for about €225 million. TikTok has also been fined for violating the privacy of young children.
“Firms respond to privacy regulations by changing board or management team composition, such as chief compliance officers, and disclosing cybersecurity risks and breaches or purchasing cybersecurity insurance,” shares Zhao Yue.
Data as assets
As data becomes increasingly critical to companies, regulating its use not only affects their operations and improves individuals’ privacy, but also requires a new accounting perspective, shares Professor Crowley.
According to Singaporean regulations, an asset is defined as an economic resource – something that has the potential to produce economic benefits – controlled by an entity.
“Now, when we think about data, we can see that has value,” adds Professor Crowley. “Companies that are massive may derive billions of dollars of revenue from data. The question then falls onto ownership, or how to actually establish what the actual value is.”
Zhao Yue mentions the concept of capitalisation of data, which aims to value these assets. However, it is a complex exercise as the data could exist in many contexts. For example, he cites how Twitter leverages user information to generate revenue, while Alibaba taps upon personal shopping data in its credit services.
“Although data resources generate economic benefits for these companies, we cannot find data assets in their financial statements,” explains Zhao Yue. “This is because data cannot be recorded as an asset under current accounting standards, which are revised very infrequently.”
But that might very well change if data is regarded as an asset that can be traded or exchanged in a market, much like a stock exchange. For now, China has established several data exchanges in Beijing, Shanghai and Guangzhou.
Truth be told
Besides accounting for the value of data and protecting personal information, digital interactions have also led to a spike in the spread of misinformation online – which has come under the scrutiny of regulators.
Corporations are generally transparent about balancing both positive and negative information, often because audited financial information is released to the public, states Professor Crowley. “Thus, corporations’ posts about financial information on social media are generally verifiable. However, in our research, we don’t find this pattern holds across all types of discussion online.”
The more negative the company’s ESG impact, the more they tend to talk about ESG on Twitter.
For instance, when it comes to environmental, social and governance (ESG) issues, Professor Crowley and his research team have observed an inverse relationship between what companies do and what they say; The more negative the company’s ESG impact, the more they tend to talk about ESG on Twitter.
“Companies have to report and disclose financial information under certain rules by global regulators,” shares Zhao Yue. “However, as the truthful representation of ESG disclosure is not as heavily enforced, companies are incentivised to greenwash. Even if they disclose some fake news about ESG, they are less likely to be involved in security class action lawsuits.”
Professor Crowley and his team are investigating how anti-fake news laws impact capital markets, companies, and investors globally. They aim to uncover whether companies react to these laws and change how they post information online. As part of the research, the team is leveraging an algorithm designed by the SMU School of Computing and Information Systems to analyse the social media content put out by companies – a testament to SMU’s interdisciplinary research pedagogy.
“Our programme does emphasise newer methodologies and boundary-crossing with other social science disciplines,” elaborates Professor Crowley.
“Nowadays, the boundaries between social science disciplines are pretty fluid, which means we can take measures from other disciplines and feed them back into our discipline and vice versa.”
With digital transformation reshaping how business is done, it seems only a matter of time before companies recognise the need for accountancy practices to be updated to reflect this shift in the global economy.
“How Accountancy Can Prevent the Manipulation of Public Information” is the second episode of the Theory of Curiosity podcast series. Listen to the full podcast here.