Lawmakers are considering the passage of a national data privacy law that will resemble Europe’s General Data Protection Regulation (GDPR). Meanwhile, Big Tech is feeling the effects of the European law. In early 2019, Google received a fine of $57 million from CNIL, a French regulatory agency, for failing to comply with the GDPR.
California enacted the California Consumer Privacy Act of 2018, which takes effect in 2020. The law allows citizens of California to have their data deleted and allows them the ability to “opt out” of data sharing. Following California’s example, other states may enact their own data privacy laws.
Data Privacy Framework
Big Tech firms prefer a comprehensive federal law as opposed to a patchwork of data privacy laws. Therefore, firms are taking the initiative to be a part of the discussion regarding a federal data privacy law. Google and the Internet Association support several principles for a national framework, which includes:
- Access: Consumers need a reasonable way to correct and delete their data.
- Accountability: The law should set baselines but allow for flexibility in achieving compliance.
- Broad application: A data privacy law should impact all types of organizations.
- Controls: Consumers need control over how their data is collected, used, and shared.
- Data security: Companies must protect consumer data and notify consumers of a security breach.
- Global regulations: Privacy regulations need to be consistent across borders.
- Portability: Consumers should be able to transfer their information to another service provider.
- State laws: The law needs to create a national standard that preempts the patchwork of state data breach and privacy laws.
- Transparency: Consumers should know when a company uses their data.
The GDPR is a global standard for data privacy, so the U.S. will need to follow its direction. U.S. firms are already complying with the GDPR for European customers, so Big Tech understands the value of establishing a national data privacy standard.