cyber security

Will GDPR-Style Rules Be Coming to America Any Time Soon?

security

It was only a matter of time before the United States thought about regulations like the EU’s General Data Protection Regulation (GDPR). These are rules that protect individual users from having their data sold or used in a way that they don’t consent to. In fact, if an organization uses an individual’s data, they will have to pay a fine for doing so. And as I said, it was only a matter of time before the U.S. started to think about or see these kinds of regulations.

In fact, those who are pushing for a U.S. version have found an ally in the Government Accountability Office (GAO). Why is this important? The GAO recommended establishing comprehensive legislation on internet privacy and suggests that the FTC be put in charge of enforcing the rules, which would be designed to give people more control over their own data. The FTC is already in charge of internet privacy-related cases, so this kind of oversight wouldn’t be much of a stretch. But because they have limited powers, they haven’t been able to do much over the last ten years in this regard. Rules, similar to the GDPR, however, would give the agency much more power and provide the opportunity to levy penalties, where appropriate.

The report published by the GAO, heavily citied Facebook’s Cambridge Analytica scandal as an important reason why a federal-level internet privacy law is necessary. The report also named a handful of other privacy concerns that became a lot more prominent over the last few years. One of the concerns is the rise in popularity of “Internet of Things” devices, which increase the opportunity for security and privacy breaches. Another cause for concern is that automakers don’t always clarify their data-sharing practices, which could become a massive issue as more cars become “connected”.

https://www.youtube.com/watch?v=u07prA3aLlo

As of right now, in the United States, there are no overarching laws in place to govern how companies collect and then ultimately sell personal information. So what was the outcome of all of this? The GAO concluded:

“Recent developments regarding Internet privacy suggest that this is an appropriate time for Congress to consider comprehensive Internet privacy legislation… Comprehensive legislation addressing Internet privacy that establishes specific standards and includes APA notice-and-comment rulemaking and first-time violation civil penalty authorities could help enhance the federal government’s ability to protect consumer privacy, provide more certainty in the marketplace as companies innovate and develop new products using consumer data, and provide better assurance to consumers that their privacy will be protected.”

Where does that leave consumers? Right now, without any kind of legislation, but it does seem to be moving in that general direction. In fact, this kind of legislation even has the support of Tim Cook. While I can’t predict the outcome, I do believe that we will see this kind of legislation in the next few years. Large tech companies need to understand that they can’t just take user data and sell it, without informing the people it’s taking data from. I mean, I say they “can’t”, but that’s what they’re doing right now. The better question is – how long are you willing to stand for it?