Why The U.S. Should Draft A Data Protection Bill Like EU’s GDPR

The EU Charter of Fundamental Rights passed the General Data Protection Regulation (GDPR) in 2016 for online consumer protection. The law takes effect on May 25, 2018, but it does not protect Americans which means that citizens are still susceptible to unethical mining campaigns.

The United States must pass a similar bill as 2016-679 that protects American citizens from data processing, migration, modification, and storage of identifiable information. A law would need to include security, compliance, encryption practices, and mandatory reporting when breaches occur.

Why We Need A GDPR In The United States

Americans must understand that data mining is legal. Cambridge Analytica obtained data because it asked for and received permission from Facebook users. The GDPR protects any data that consumers share on the internet, so it would have prevented any personal information from being extracted which validates the need for such a bill.

Businesses utilize highly skilled software to search for and extract vast amounts of data from social media, IP addresses, emails, and consumer transactional information. The scope of artificial intelligence today can not only search for datasets, but it can mine the essential content within minutes.

While social media users are focusing on the Facebook scandal, data harvesting is taking place on all of the platforms whether you are aware or not. You can not wait for a Twitter or Instagram scandal to demand legislation to protect against it as not every data mining company has ethics or morals about private data extraction.

How A US-GDPR Bill Would Affect US Companies

Right now, only international companies doing business in the EU or marketing to Europeans will be affected. However, a US-GDPR bill would stop U.S. companies from extracting personally identifiable information from Americans. It would protect data from storage and protection which would force companies to elevate security measures as well.

A US-GDPR bill would regulate identifiable information, consumer purchasing behaviors, and financial data. The law would need to protect all 50 states. It would also need to specify protection to ensure compliance.

  1. A bill would need to include any U.S. business or international business with a U.S. internet domain suffix that markets to American consumers.
  2. It would need to include any company that accepts U.S. currency or markets in the American English language.
  3. Security protocol compliance must extend to any company that collects data. The U.S. could set fines for non-compliance. The EU has set a cap of 4% of annual revenue if data leaks occur. This financial penalty will be a huge factor that must be included to enforce the regulation.
  4. Companies would need to provide rights and responsibilities and ask for permission to mine data. The form should also notify whether personal or non-personally identifiable information extraction will occur.

The U.S. government will not respond to this data breach unless consumers demand it. Contact your US Congressman to require consumer data protection like the EU’s GDPR. You can also speak with your local House of Representative member to begin legislation. Facebook could not have prevented what took place as data mining is legal. If consumers are going to demand a change, it must start with the citizens whose data is at risk.


Leave a Reply