Could the EU’s Data Privacy Laws leave the U.S. languishing in the dust?

Last week’s headline news announcing the €50 million ($57 million) fine imposed on GOOGLE LLC proves once again, that the European Union’s General Data Protection Regulation (GDPR) has sharp teeth.

French data protection authority, CNIL, said Google had violated GDPR rules by misleading users into “consenting” to allowing their personal information to be used for advertising purposes, when setting up new accounts. It remains to be seen whether the search giant’s appeal against the punitive fine, on January 25, is likely to hold water.

In other parts of the European Union, similar investigations are ongoing against Facebook and Instagram.

The case against Google demonstrates the increasingly prominent role that the EU intends to play in the policing the use of personal information by major companies and organizations online. The U.S. clearly lags behind Europe on this front.

So, why has the United States not taken a similarly strong approach to privacy management and regulation?

Do Americans even care?

It’s difficult to find a concise answer to why the U.S. has not yet implemented similar measures to protect and fully regulate the use of consumers’ data.

The same online platforms and services are being used by Americans as their European counterparts. And American consumers’ privacy has been similarly harmed by ever-increasing occurrences of data breaches. Retailers, financial institutions and government departments have been targeted by data thieves. The federal government’s Office of Personnel Management lost millions of records containing Social Security numbers, names, addresses and other personal details in cyber-attacks.

 Biggest cyber-attacks in 2018

Picture1.png

Chart: The Conversation, CC-BY-ND Source: Wikipedia Get the data

It’s just possible that the American people no longer react to the loss of personal information, because it seems there is not much we can do to stop the problem.

There could also be the generational differences in the perceived value of personal privacy online. Young people have grown up with the internet and generally aren’t shy of posting almost every event of their lives on social media, compared to older groups. Interestingly, several studies have indicated that millennials are more willing to be so transparent because they are not aware of the dangers they face from online data collection and mismanagement.

Meanwhile, studies suggest that consumers may be willing to provide Personally Identifiable Information (PII) in some situations, if they think they may gain some benefit. It’s likely that they do not fully comprehend how and why information collection poses a threat to their overall privacy.

Companies do not want these regulations

It seems pretty clear that certain social media platforms and internet service providers are resistant to external regulation. Could this be another reason why the U.S. is dragging its feet?

Facebook’s practices and conduct in recent years are a perfect example of why data privacy legislation is vital, but still vehemently resisted by large corporations. After court hearings and investigations into Facebook’s role in distributing Russian political disinformation, not to mention the Cambridge Analytica scandal, Facebook implemented a new set of political transparency rules to help individuals understand who paid for content and why it’s being shown.

The new approach followed weeks of criticism from publishers who argued that Facebook’s decision to categorize promotion of their news articles as political content would serve to further confuse readers about what is fact and what is opinion.

And while all this is happening, Facebook’s management team took extraordinary steps to target public critics calling for increased oversight, sowing confusion as to why Facebook should be regulated at all. Indeed, previous attempts to regulate the social media platform appear to have been completely ignored by Facebook for years.

If the service providers won’t commit to protecting people’s data privacy on their own, then the U.S. government needs to step in and implement increased regulatory guidelines.

So, what now?

If the U.S. continues along its current path, with states like California making some impressive headway, with its own CCPA, while federal government has only just arrived at the starting line, the country faces an up-hill struggle, not only to protect personal information, but to back-up the legitimacy of government agencies tasked with vital job of investigating wrongdoing.

Many data privacy practitioners, including us, can already see this happening in the growing numbers of privacy violations, and numerous investigations into cyber-crime. The nation-wide impact of these offenses has reduced the ability of local, state and federal agencies to respond appropriately and swiftly.

If the U.S. continues to allow big tech corporations and platforms to ‘regulate themselves’ with minimal external controls over data privacy, who knows how it will ever regain this lost ground.

Sources and credits: Bloomberg, CSO, UPI, PWC