EU Data Privacy Rules May Leave the US Behind
France made headlines on 21 January for fining Google with – the first fine to be issued for violations of the European Union’s newly implemented . GDPR, as it’s called, is meant to ensure consumers’ personal information is appropriately used and protected by companies. It also creates procedures to sanction companies who misuse information.
This case demonstrates the increasingly prominent role that the EU intends to play in policing the use of personal information by major companies and organisations online. The on this front. As a , I’d argue the US may have ceded regulatory powers to the EU – despite being the headquarters for most major internet service providers. Why has the US not taken a similarly strong approach to privacy management and regulation?
Do Individual Americans Even Care?
There’s no single answer to why the US hasn’t taken similar measures to protect and regulate consumers’ data.
Americans use online services in the same way as their European counterparts, and . And US consumers’ privacy has been harmed by the ever-growing number of data breaches . The federal government’s own , including Social Security numbers, names, addresses and other sensitive details, in hacks. My research demonstrates that hackers and data thieves through the sale and misuse of personally identifiable information.
2018's Biggest Hacks
There may also be generational differences in the perceived value of personal privacy in online spaces. Millennials, who have only known a world with the internet and social media, seem more willing to disclose personal details through online platforms compared to older groups. However, that younger generations may be willing to do so simply from online data collection and mismanagement as older generations are.
At the same time, studies demonstrate consumers may be willing to provide personally identifiable information in certain circumstances, especially if they . They likely do not fully comprehend how and why information collection poses a threat to their overall privacy.
Companies Don’t Want These Regulations
Social media sites’ and internet service providers’ resistance to external regulation is also a likely reason why the US has not acted.
Facebook’s practices over the last few years are a perfect example of why and how legal regulation is vital, but heavily resisted by corporations. After hearings and investigations into the role of Facebook in distributing Russian political disinformation, as well as in the Cambridge Analytica scandal, Facebook implemented a to help individuals understand who paid for content and why it’s being shown.
If the providers won’t protect data privacy on their own, I believe that the government needs to implement increased regulatory guidelines.
Should the US continue on its current path, it faces a substantial risk not only to personal information safety, but to the legitimacy of governmental agencies tasked with investigating wrongdoing. , , already see this happening in law enforcement investigations of cybercrime. The transnational nature of these offences, coupled with a lack of reporting to the police, has reduced the ability of local, state and federal agencies to respond.
Corporate entities are filling the regulatory gaps in cyberspace, whether it is in the response to or the . If the US continues to allow internet service providers to regulate themselves with minimal external controls over data privacy, it is not clear how to ever regain this lost ground.
(This piece was first published on The Conversation and has been republished with permission.)