I was at a conference last May, when GDPR was a year away and it was just coming on to everyone’s radar. I asked the keynote speaker, a former CIO at the White House, if she thought GDPR in some form would become an American regulation. She said no, she couldn’t see Congress getting its act together to come up with something, and that we might not need it at all, if most American companies have to follow GDPR regulations anyway.
Well, we’ve already seen that many American companies are either pulling out of Europe altogether rather than deal with compliance or are temporarily going dark until they figure out what to do, so it doesn’t seem like GDPR is going to be the solution to America’s data privacy concerns.
However, after the Facebook/Cambridge Analytica debacle, it seems like a lot more Americans are interested in having some kind of policy to protect their data. According to a recent study from Helpshift, while the vast majority don’t really know what GDPR is, two-thirds of the respondents like the idea of being able to be “forgotten,” or have their data no longer be stored, and almost as many, 62 percent, plan to take organizations up on that offer to see what personal information is on file. As Abinash Tripathy, Helpshift co-founder and chief strategy officer, said in an email comment:
With the EU enacting GDPR and the public outrage over Facebook privacy violations, it is clear that customers are starting to care a lot about their privacy. Businesses can expect customers to increasingly demand control over this data.
And it looks like at least one person in Congress thinks that the United States should follow the EU example. According to Boston.com, Senator Ed Markey wants to see similar data privacy regulations for American citizens. Markey is quoted:
The American people are going to wonder why they are getting second-class privacy protections. If companies can afford to protect Europeans’ privacy, they can also afford to do so for their American customers and users.
He, with three other senators, introduced a resolution to urge American companies to expand GDPR privacy requirements to American citizens. Based on the dozens of email notices I’ve received, I think some are already doing that, but clearly, many are not. If they are opting out of the EU because of GDPR, you know they aren’t going to step up to provide those options here in the U.S.
Will we see GDPR here on some level? My guess is yes, eventually, but not any time soon. I predict both American companies and American political leaders will want to see how it all plays out in the EU first.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba