In the US and Australia there seems to be much ignorance and complacency on the potential impact of the EU GDPR General Data Protection Regulation on private data, data collectors e.g. government agencies, and commercial entities, accessing and using data for commercial reasons; underpinned by lack of citizens’ rights?
January 24, 2019 8.03am AEDT
France made headlines on Jan. 21 for fining Google US$57 million – the first fine to be issued for violations of the European Union’s newly implemented General Data Protection Regulations. GDPR, as it’s called, is meant to ensure consumers’ personal information is appropriately used and protected by companies. It also creates procedures to sanction companies who misuse information.
According to French data privacy agency the National Commission on Informatics and Liberty (CNIL), which levied the fine, Google didn’t clearly and concisely provide users with the information they needed to understand how it was collecting their personal data or what it was doing with it. Additionally, CNIL said Google did not obtain user consent to show them personalized advertisements. For its part, Google may appeal.
This case demonstrates the increasingly prominent role that the EU intends to play in policing the use of personal information by major companies and organizations online. The U.S. lags behind Europe on this front. As a researcher who studies computer hacking and data breaches, I’d argue the U.S. may have ceded regulatory powers to the EU – despite being the headquarters for most major internet service providers. Why has the U.S. not taken a similarly strong approach to privacy management and regulation?
Do individual Americans even care?
There’s no single answer to why the U.S. hasn’t taken similar measures to protect and regulate consumers’ data.
Americans use online services in the same way as our European counterparts, and at generally similar rates. And U.S. consumers’ privacy has been harmed by the ever-growing number of data breaches affecting financial institutions, retailers and government targets. The federal government’s own Office of Personnel Management lost millions of records, including Social Security numbers, names, addresses and other sensitive details, in hacks. My research demonstrates that hackers and data thieves make massive profits through the sale and misuse of personally identifiable information….
Companies don’t want these regulations
Social media sites’ and internet service providers’ resistance to external regulation is also a likely reason why the U.S. has not acted.
Facebook’s practices over the last few years are a perfect example of why and how legal regulation is vital, but heavily resisted by corporations…..
….Should the U.S. continue on its current path, it faces a substantial risk not only to personal information safety, but to the legitimacy of governmental agencies tasked with investigating wrongdoing.’