The fourth of July saw millions of Americans celebrating independence. Independence from the laws and regulations of Europe, the most recent being the EU General Data Protection Regulation, known as GDPR. Most agree the GDPR is a great step in the right direction for Europe. While many imagine the EU leading the way with GDPR, this isn’t quite the case, as way back in 2003, California introduced its SB1386 bill. The bill pioneered mandatory data-breach notification throughout the US, leading to many organisations to increase their investment in data protection.
The US has a patchwork of laws and regulations from different states which overlap and even contradict each other. What is needed is a national data regulation to monitor and restrict the collection and use of personal data; a standardised regulation to replace the mix ‘n’ match chaos it currently has.
Redefine personal data and collection consent
The US is home to the global hub of technology, Silicon Valley, and as such gave birth to the tech giants like Google, Facebook, Apple and Amazon. These behemoths draw in petabytes of data on their customers, everything from consumer locations to IP addresses, likes, dislikes and political alignment. What we have learnt from the recent Facebook and Cambridge Analytica scandal is that data regulations like GDPR are critical to restrict the amount of customer data tech giants can collect.
As part of GDPR, anyone can now request to receive the data that a company has on them, and the organisation has no choice but to provide it, all of it. One such request found Google had 5.5GB of data on an individual, which roughly translates as over three million Word documents of information. A part of GDPR sees a redefinition of personal data, opening the category up to include any information that can be used to identify an individual. This new regulation will mean organisations must ask customers for permission before recording information on that individual.
As may be expected, US tech giants aren’t so happy about GDPR, and do not want to see an equivalent travel across the pond. So much so, Facebook, Google, Comcast, AT&T and Verizon all donated $200,000 to create a $1m fund to oppose California’s newly passed Consumer Privacy bill. While Facebook has since withdrawn its opposition, the other four are likely aiming to dilute the law before it comes into play.
California - birthplace of data protection regulations
As the home of Silicon Valley, California often faces new technologies pushing the boundaries of the law in different ways as each year goes by. Whether it’s the popularity of drones causing trouble for commercial jets or self-driving cars riding along on their own. As such, the state often finds itself introducing pioneering new laws, such as the previously mentioned SB1386 bill of 2003 and the landmark privacy bill that Google, Comcast, AT&T and Verizon are all teaming up to oppose.
The state of California seems to be leading the rest of the US in the right direction, but there’s still more to be done to catch up with the EU’s GDPR. Instead of one state steering the pack, the US Government should take a lead. Big Data LDN’s Fourth Industrial Revolution research discovered 46% of respondents believed the UK Government did an excellent job in educating organisations about GDPR. However, now that the regulation is in effect, will this still be the prevailing opinion?
When it comes to data regulation, the United States needs a single, national ruling to ensure its tech giants don’t misuse customer data for their own gain. We’re beginning to understand the level to which these organisations have been recording customer data and we’ve seen what it’s been used for. There’s no getting around it, tech giants have had a great time up till now squeezing value from our data. However, with the help of a US GDPR equivalent, American consumers will be able to sleep easy knowing their personal information isn’t being misused.