America prides itself on being innovative, industrious, and independent—all commendable attributes. Until, as with any polarity, they swing too far in one direction. This appears to be the case when it comes to being slow on the uptake in regulating consumer privacy and data protection on the internet. Today’s commercial practices have grown over the past decades, unencumbered by regulatory constraints, and have increasingly threatened these American ideals of self-determination, fairness, justice, and equal opportunity.
In May of 2018, the EU took some bold, forward-looking steps by implementing an updated system of checks and balances with the General Data Protection Regulation (GDPR), now the world’s strongest mandate of data protection. The regulation was designed to modernize the Data Protection Act, originally put into place in the 1995 to protect the personal information of individuals.
Fines and Regulation Will Become Steeper
The year 2018 has been a rocky one for big tech, from Wall Street to Washington to Silicon Valley. Companies like Google, Amazon, and Facebook have made vast sums of money with nearly zero oversight or regulation, leveraging currency that does not belong to them—more specifically, in the form of user data. Americans are just starting to realize the risks involved with not maintaining control over their own personal information, and congress has declared “the era of the wild, wild west in social media has come to an end”.
With GDPR, Europe is now the world’s leader in data protection. This law dictates that consumers own their own data. The European Union leaders believe that exacting steeper fines on these big tech companies will deter them. Until recently, it was easier to ignore the previous laws, and cheaper for these U.S. based companies to pay a relatively small fee with a maximum limit of about $20K Euros. Now, this fine could be up to 4% of their global revenue if they do not comply, which means billions of dollars. For reference, Facebook reported $13.2 billion in revenue in the last quarter alone.
Taking a Page from Europe’s Book
Apple CEO Tim Cook is one of the U.S. executives leading the charge. He believes that in the Information society people have a right to control their own data. In a recent impassioned and forceful speech in Brussels, Cook called for new digital privacy laws in the United States, warning that the collection of huge amounts of personal data by companies is harming society.
Another organization calling for increased privacy and personal data regulation is the 20-year-old, U.S. based Center for Digital Democracy (CDD). The CDD points out that children under 13-years-old are the only people guaranteed privacy on the internet. Companies can do whatever they want, because there have never been limits established. The CDD’s Executive Director Jeff Chester characterizes the way companies like Google gather consumer data as “coercion.”
None of Their Business
The CDD mandate is to fight the increasingly intrusive and pervasive nature of commercial surveillance, which has the effect of controlling the thoughts and attitudes of consumer and citizen alike, and which sorts and tracks us as “winners” and “losers.” It also states that it’s now time to address the following developments: to grant basic rights to individuals and groups regarding data about them and how those data are used; to put limits on certain commercial data practices; and to strengthen our government to step in and protect our individual and common interests vis-à-vis powerful commercial entities.
On its website, the CDD lists its Principles for U.S. Privacy Regulation as:
- Privacy protections should be broad: Set the scope of baseline legislation broadly and do not preempt stronger legislation
- Individual privacy should be safeguarded: Give individuals rights to control the information about them
- Equitable, fair and just uses of data should be advanced: Place limits on certain data uses and safeguard equitable, fair and just outcomes
- Privacy legislation should bring about real changes in corporate practices: Set limits and legal obligations for those managing data and require accountability
- Privacy protection should be consequential and aim to level the playing field: Give government at all levels significant and meaningful enforcement authority to protect privacy interests and give individuals legal remedies
In a country, like the U.S., that touts values such as freedom and individual rights, more regulation is not necessarily welcome. If history is any indication, it is not likely that these big data companies will do more in terms of giving Americans the same rights that the Europeans now have until they are forced to. Industry watchers and influencers believe this will be a hot button issue in 2019, so stay tuned. And, be sure to check your privacy settings.
The GDPR Redefining The SME Business
Hefty Penalty Forcing Ransomware Victims To Pay Up
The European Union’s GDPR Policy
How California’s Privacy Law Has Left The GDPR