Touted the most important data privacy legislation in 20 years, the GDPR is a mandate that the EU issued to protect the data of its residents. However, since the mandate addresses the export of personal data overseas, it created tremors far beyond the borders of the EU, even bringing American business giants to their knees.
US Companies Stand to Lose Millions
Within 8 months of enaction, consumers had reported over 59,000 data breaches across Europe[1]. Interestingly, the GDPR shed light on data management and governance in global companies, revealing that only less than 50% of companies worth more than $100 million are GDPR-compliant.
The GDPR particularly targeted Google, Apple, Facebook, and Amazon, calling them out for long-term violations. Early this year, the EU slapped a $57 million fine on Google for violating GDPR regulations with its ad-bidding service, Google Exchange[2], single-handedly making up 90% of the sum total of GDPR-related fines. Streaming behemoths Amazon, Apple, Netflix, YouTube, and Spotify are also awaiting judgment, which could result in huge fines up to 4% of their worldwide revenue[3].
No Sign of US Federal Privacy Law
Refusing to take a leaf out of the EU’s book, the US doggedly continues to attempt state-level legislations[4]. Around 20 states have proposed data privacy bills but none other than California’s Consumer Privacy Act (CCPA) have seen the light of day. However, we must note that 31 states have enacted laws for the secure disposal of personal data[5].
The CCPA will come into effect in January 2020 and “grant a consumer the right to request a business to disclose the categories and specific pieces of personal information” it collects and how they collect it, why they collect it and who they give the data to[6].
Since California is the largest economy in the US, experts say the CCPA may cause a domino effect resulting in other similar state legislations. But as for federal privacy regulations, the prospect looks bleak what with the current administration exhibiting a pattern of deregulating privacy laws.
How the US feels about data privacy
Consumers are finally becoming informed and increasingly concerned about data security[7].
Recent surveys show that 57% of consumers are anxious about their data privacy, 44% said they would never share their information with organizations, and only 4% trust them with their personal data. 41% of respondents went as far as to say that data security is their topmost concern at the moment[8].
But on the other hand, only 54% of consumers had heard about the GDPR, showing its underwhelming pervasion through the US consumer population[9]. Even lesser so is the percentage of population that knows of CCPA (51%)8. Concerningly, one-third of the surveyed consumers want no GDPR-style legislation in the US to protect their data.
Making matters much worse, lawmakers appear to be divided regarding the country’s data privacy laws. While some believe that a unified federal-level law similar to the GDPR will provide a systematic framework and ease the reporting of data breaches, others believe that such a law might, in fact, undermine stricter state-wide laws such as the CCPA[10].
Conclusion
Experts foresee a “patchwork of state regulations[11]” in the near future which will confuse both companies and consumers. Ultimately, it lies in the hands of the Congress to synthesize a cohesive federal privacy law that will facilitate compliance for organizations and help consumers in all states of the USA sleep peacefully at night, knowing their data is safe.
LegalEase Solutions offers corporate legal departments and law firms innovative support with regulatory compliance, Contract Lifecycle Management, legal analytics, and legal research and writing. Our team is designed to function as an extension to your legal practice/department, providing you the capabilities and resources to stay up to date with your needs. If you have a project you need a hand with, feel free to reach out to us at contact@legaleasesolutions.com. Our team is happy to assist.
[1] https://www.dlapiper.com/en/uk/insights/publications/2019/01/gdpr-data-breach-survey/
[2] https://www.theverge.com/2019/1/21/18191591/google-gdpr-fine-50-million-euros-data-consent-cnil
[3] https://www.bbc.com/news/technology-46944694?intlink_from_url=https://www.bbc.com/news/topics/cp846mrw2w0t/gdpr&link_location=live-reporting-story
[4] https://www.ciodive.com/news/the-not-yet-united-states-of-data-privacy-1-year-after-gdpr/554957/
[5] https://www.helpnetsecurity.com/2019/05/23/american-gdpr-awareness/
[6] https://www.ciodive.com/news/when-it-comes-to-privacy-california-is-out-front-will-the-rest-of-the-cou/527767/
[7] https://www.akamai.com/us/en/multimedia/documents/report/akamai-research-consumer-attitudes-toward-data-privacy.pdf
[8] https://www.helpnetsecurity.com/2019/05/23/american-gdpr-awareness/
[9] https://www.ciodive.com/news/the-true-impact-of-gdpr-is-emerging-now/555120/
[10] https://slate.com/technology/2019/03/gdpr-one-year-anniversary-breach-notification-fines.html
[11] https://thenextweb.com/podium/2019/05/25/why-the-future-of-us-data-regulation-must-come-from-congress/
