Privacy in America vs. Europe: Here’s why the EU does data better

Where Europeans have long since rallied for stronger privacy regulations, tech companies in the U.S. have been working overtime to develop new ways to commodify user data. In fact, it was The Economist that prophetically pegged personal data as the world’s greatest resource back in 2017, but it was only a few weeks ago that most of the world realized why.

Now, as the U.S. attempts to dig its way out of numerous data-mining scandals, Europe is getting ready to enact new privacy regulations to help keep public companies out of people’s personal lives. The wide-sweeping act, known as the General Data Protection Regulation (GDPR), will go into effect May 25.

The new data overhaul grants more power to consumers over how their information is used and gives them the ability to access and edit any data companies have on them. So how does this differ from data laws in the U.S.? Let’s dive in.

America’s backward stance on privacy

Europe’s move toward enacting the GDPR is so far removed from America’s current position on digital security that it’s almost like looking at two different worlds. Where the U.S. has just passed a nasty new piece of data-invasive legislation known as the CLOUD Act, Europe is hoping to bridge the widening gap between the public and the tech sector.

While Europe is taking a proactive approach toward greater digital privacy rights, America appears to be aimless.

According to the European Commission, the new regulations were created to help address the growing lack of trust people have in how their data is used.

This sentiment doesn’t seem to hold much water in the U.S. where, back in 2012, the Consumer Privacy Bill of Rights tried to introduce similar legislation. The bill was painfully picked apart and ultimately rejected.

Politicians on privacy and…ads about chocolate?

While Europe is taking a proactive approach toward greater digital privacy rights, America appears to be aimless. Look at Facebook CEO Mark Zuckerberg’s recent testimony before Congress as proof.

Instead of asking legitimate questions, lawmakers throughout both parties grilled Zuckerberg over ridiculous accusations and inane talking points, including whether Facebook was a monopoly and if the site had a “liberal” bias. One senator even asked Zuckerberg why they sometimes see chocolate ads on their newsfeed.

The whole escapade is further proof that many lawmakers aren’t able to grasp exactly how data is used, and why it’s important. That said, Europe’s elevated stance on the privacy field could leave a lasting impression on America as a whole.

How the GDPR could affect privacy in the U.S.

Under Europe’s new data laws, any company operating in the EU must abide by increased privacy regulations — regardless of where they’re headquartered. Companies like Facebook (among others) will have to systematically change their privacy settings to grant Europeans more access to their data and how it’s used. Unfortunately, the same principles don’t hold true for the U.S. — at least not yet.

As Europe is working to create a level playing field for every EU country to follow when it comes to data regulation, the U.S. appears to be doing the opposite. Oregon recently passed its own state-sponsored net neutrality bill, and California is currently working to set up its own privacy protections, which are similar to Europe’s.

Meanwhile, other states are stuck somewhere in the middle — toeing the line between appeasing the populace and abiding by Congress’ rules. But while privacy advocates and other digitally minded netizens applaud the steps some states are taking, they could unintentionally damage any possibility of a future nationwide homogeneity when it comes to privacy laws.

Under Europe’s new data laws, any company operating in the EU must abide by increased privacy regulations — regardless of where they’re headquartered.

Still, the fact that Facebook, Google, and other tech companies are changing their privacy protocols in Europe means, at least hypothetically, that they’ll have the blueprints to do the same in the U.S. Now, whether they replicate them remains to be seen.

The EU is working to minimize data breaches

The GDPR includes a clause that states companies must alert users in the event of a privacy breach within the first 72 hours of discovering it. Again, this is a stark contrast to current laws in the U.S., where companies have no legal incentive to notify users in the event of a hack.

Look at the painful string of recent big-name data breaches where tech giants like Yahoo, Equifax, and Uber waited months — sometimes even years — before alerting their users. In the last example, the company only went public with the information after a journalist had uncovered the story.

This invasive nature of hiding breaches also comes with a hefty price tag: With the rising occurrence of identity theft spreading across the U.S., the average consumer cost has exceeded $16 billion a year. By requiring companies to alert and help protect their users in the event of an attack immediately, this new law could help mitigate long-term costs, which is something the U.S. could look to adopt.

Could America eventually adopt Europe’s data reform? Is there a chance of both nations enacting the same types of privacy regulations? Maybe one day.

Originally published at Home of internet privacy.