As countries across the globe progress with new cybersecurity and data privacy regulations, the United States continues to get by with a patchwork of state and industry-specific regulation.
There is little cohesion and there are currently over 90 different digital privacy proposals and over 50 different data breach notification laws – one for each state as well as Washington, Guam, Puerto Rico, and the Virgin Islands.
High profile backers of a US-style GDPR include Facebook founder Mark Zuckerberg and Apple’s chief Tim Cook, who have both called on the US to adopt strict privacy protections —the same as those in Europe.
There is a worry that the U.S. is becoming more isolated globally on data policies, with many companies in reactive mode as new data rules increasingly shape operations in major markets globally.
So now there are increasing calls for America to step up and implement a similar GDPR that we have here in Europe.
When GDPR legislation was passed in Europe last year, it prompted interest in creating similar Federal legislation in the United States. However, in the absence of such legislation, some states have taken matters into their own hands and passed their own legislation.
The need for such regulation was never more apparent just months before the GDPR came into effect last year, when whistle-blower Christopher Wylie exposed how the political research outfit Cambridge Analytica had obtained the personal data of tens of millions of Facebook users without their consent.
The GDPR serves two main purposes: to harmonize data privacy law across the EU and to make sure the fundamental privacy rights of Europeans can be upheld in the context of the age of “big data.”
However, as much of the Internet is funded by the exploitation of personal data for targeted advertising; tech-industry lobbyists in the U.S. were warning of terrible new burdens on companies and new costs for consumers all the way up to when the GDPR went into effect.
Marc Rotenberg, president of the Electronic Privacy Information Centre, a Washington, D.C., advocacy group said: “The GDPR is setting a global standard, and U.S. companies will need to comply
“Big U.S. firms are already required to comply with the GDPR for European markets, so it makes sense to extend a similar approach to the U.S.”
A step in the right direction has been the California Consumer Privacy Act of 2018, which was signed in June last year.
Like the GDPR, the bill gave people the right to know what data businesses hold on them, where it comes from, and where it’s going. Starting in 2020, Californians will be able to demand the deletion of their data and to opt out of the sale of their data to third parties.
Data privacy laws
Tech firms across American have suddenly had to face the prospect of disparate data privacy rules across different states. And that’s when their calls for a comprehensive federal law began to escalate.
The U.S. is becoming more isolated globally on data policies, with U.S. companies in reactive mode as new data rules increasingly shape operations in major markets globally.
What is also clear is that the World Wide Web is becoming more segmented, with different rules in different countries and regions that go far beyond the Chinese firewall or Iranian Internet isolation.
Across the pond this week, the EU’s top privacy official urged Donald Trump’s administration to adopt an equivalent to Europe’s tough new privacy law as a precursor to broader talks between Brussels and Washington on the transatlantic sharing of data by big business.
At a Congressional hearing, when the Senate Committee on Banking, Housing, and Urban Affairs met for a hearing on privacy rights and data collection in a digital economy, Vera Jourova, EU commissioner for justice, made an impassioned plea for regulation.
Later, she told the Financial Times that an American privacy law — like the EU data protection regulation GDPR — would make the US “perfect partners” for a data flow agreement that would allow American and European businesses to freely share the personal information of its citizens.
Ms Jourova, who this month was listed in Time 100’s most influential list for her privacy activism, said that the Trump administration was unlikely to “copy and paste” the GDPR after complaints that it imposes too much red tape on small businesses.
The commissioner welcomed steps to adopt a federal law which would significantly upgrade digital privacy protections for US citizens.
She said: “A fully fledged federal law would enable us to see things which are hardly seen now. For instance, the clear recognition of the protection of privacy as a fundamental right [in the US], the categorisation of sensitive data, and a more comprehensive approach to privacy. “
The Financial Times also said that US companies can rely on another arrangement, known as Privacy Shield, which allows them to freely transfer information, such as pictures and emails, from European and American citizens across the Atlantic. But Privacy Shield is also subject to a legal challenge in the European Court of Justice after campaigners complained that the US cannot ensure the privacy of European data.