Protecting User Data: How Close is the US to its Own GDPR?

Oct 03, 2019

Article ImageThe use (and misuse) of user data has been thrust further into the spotlight, not only with new laws taking effect in many countries but also thanks to a slew of high-profile scandals, such as Cambridge Analytica. With the ongoing consequences of data breaches, people are demanding more transparency around how their data is used. 

That’s as true of the U.S. as it is of any other country. And, on the back of public pressure, several states have implemented (or are in the process of implementing) regulations which share broadly the same goals as the European Union’s General Data Protection Regulation (GDPR). 

As these laws, and the wider data transparency movement, gather momentum, there’s increased speculation around how far out the U.S. is from adopting its own GDPR-style legislation at a federal level. 

Companies need to start asking themselves how ready they are for the laws in place and how ready they’ll be for any federal laws that may be instituted around data privacy.

The Impact of CCPA

While GDPR grabbed all the international headlines, the first U.S. regulations aimed at data transparency were actually signed into law at around the same time. The California Consumer Protection Act (CCPA) provides several important rights to residents of the state, allowing them to know what personal data is being collected about them, access it, request its deletion, and opt out of having their personal data collected.  

All for-profit companies that do business in California (within certain thresholds) are required to comply with the law, which comes into effect on January 1, 2020. While the CCPA does differ from GDPR in several important respects (most significantly, it works on an opt-out basis, rather than the GDPR’s explicit opt-in requirement), it was still a significant step forward in the evolution of privacy laws in the US. 

The depth of its impact becomes especially apparent when you consider that close to a dozen other states have either drafted or passed copycat legislation in the months since CCPA was passed.   While some are less restrictive and others more stringent than CCPA, they all model themselves on it to some degree. 

With these kinds of advances at the state level, there are increasingly loud calls for data privacy laws to be implemented at a federal level. 

Federal Complications

These calls have come from independent commentators, as well as major industry players. Their logic is compelling too. Not only would a federal law be easier to comply with than a patchwork of state laws, but the greater resources available at a federal level would also make it easier to enforce. 

Another advantage of a federal data privacy law is that it would allow data from the EU and EEA (European Economic Area) to be transferred to the United States without the need for any additional safeguards or agreements, as long as the E.U. sees the legislation as providing an adequate level of data protection. 

However compelling the case for federal data protection legislation might seem, it’s unlikely that it will come to pass any time soon. 

First off, any proposed federal law that comes before Congress may prove too weak for some states (Californian representatives have already argued that their law is the best and should not be subsumed) and too stringent for others. 

The fact that there are already several competing federal data protection bills may also hamper the chances of any one of them passing successfully in the near future. 

Pre-emptive Action 

That does not, however, mean that organizations should proceed with the assumption that legislation won’t be passed. 

Instead, they should act preemptively, readying themselves for any laws which do pass. If an organization is already GDPR compliant, for example, it should be well on its way to regulatory compliance, no matter which states it operates in. 

Being ready early won’t just spare an organization the inevitable last-minute rush once legislation does pass, it also comes with a host of business benefits, including improved data management, increased trust, and improved customer loyalty.

Related Articles

Customer communications management—or CCM—is a term that has been making its way into marketing and customer relations circles and conversations lately. But, is it something new, or just a repositioning of the same, classic approach to communication management that marketers have been using for years? Is this a term just used to apply to what is also known as digital marketing, or does it have an analog component as well?
Every industry is exploring the best use cases of the latest disruptive technology to demand our attention. The media publishing industry is no different. Especially with the ongoing buzz around Facebook and YouTube's data scandal, the topic of blockchain technology and its effectiveness has surfaced. While the benefits of security, efficiency, privacy, and authentication have been harped upon, understanding its full potential poses many questions.
From Consumers to Creators: The Digital Lives of Black Consumers is the third in Nielsen's 2018 Diverse Intelligence Series, which has focused on the digital lives of multicultural consumers.
On March 6, Mark Zuckerberg made a commitment to spending the next several years reorienting Facebook's apps toward encryption and privacy. Can we take him at his word? Find out what the digital marketing and data privacy experts think.
You've invested thousands of dollars worth of time and money in your marketing content. Don't let it go to waste by failing to optimize it across all of your channels and platforms.
Popular headlines would lead us to believe that cyberattacks are the most prevalent security-related threat. However, companies are actually 50% more likely to suffer a business loss from inadequate document governance than a digital data breach.
Content creators face growing monetization challenges as strategies evolve to overcome them.
Publishers that collect consumer data have skin in the game and will need to ensure that their data collection and security measures align with these emerging regulations. This may be easier said than done.