Personal space
Should the US adopt an EU–style policy regarding data protection?
Does the US need EU– style data protection?
In Europe, implementation of the General Data Protection Regulation (GDPR) caused headaches for businesses and confusion for citizens. But the idea of protection for personal data was popular. In October, Tim Cook, speaking in Brussels, floated the idea of a US equivalent, stating: “We at Apple are in full support of a comprehensive federal privacy law.”
Cook’s theme, reflecting Apple’s aversion to the exploitation of personal data, was that users’ data was being traded for profit without benefit to them. It’s not a position that seemed calculated to win friends in big data, but when Time published an op–ed in January reiterating Cook’s views, data broking giant Acxiom backed his call for legislation.
This hints at one reason why giant incumbents may welcome regulation: compliance burdens can pull up the ladder on new entrants and smaller players, reducing bothersome competition. But a central tenet of GDPR is proper management of data transfers between controllers — something Cook raised in relation to data broking. Users should be able to see who has their data and request its global deletion, if necessary.
Also in January, another proposal was released by the Information Technology and Innovation Foundation (ITIF), a think tank respected for its nonpartisan expertise but seen as close to industry. Critical of GDPR, the ITIF wants new US rules to supersede all existing federal and state privacy laws. Among the casualties would be COPPA, the long–standing act protecting children’s data rights, and California’s robust digital privacy law, signed in 2018 and due to come into effect in 2020.
Some believe the ITIF proposal would amount to the data industry writing its own rules. Several senators, meanwhile, have put forward alternative federal data privacy bills, and the issue is sure to remain high on the agenda in the coming months.