COMPAREX

Europe vs.  U.S.
A Digital Privacy Laws Comparison

Digital Privacy Laws: How Europe Protects Your Online Data Differently than the U.S.

Both Europe and the U.S. are facing far-reaching changes regarding digital privacy laws. However, the effects on data privacy differ drastically. Mukul Chopra sheds some light on the main differences between digital privacy laws in Europe and the U.S. and explains what multinational companies operating on both continents should know.

Digital Privacy in the European Union

On May 25, 2018 – less than a year from now – the EU will put into effect one of the most far reaching and punitive measures dealing with digital privacy. The General Data Protection Regulation - GDPR - is literally privacy on steroids and far beyond what we have ever seen.

A long list of identifiers (aka Personally Identifiable Information or PII) now fall within the purview of this regulation. In addition to the more recognizable PII like name, gender, sexual orientation, location data, economic, cultural, and economic data etc. we can now add IP addresses, genetic information and even biometric data.

Further, any EU resident may request access to their data and is entitled to enforce the “Right to be forgotten” whereby their personal data must be erased. The catch is that such erasure needs to occur from every instance where such data may have been shared! In cases where the data is deemed inaccurate, the data subject can enforce the “Right to restrict the processing of personal data”. Data subjects have the right to data portability and even to object to be evaluated based on automated processing systems. The list is very long indeed.

The law applies to any company doing business in the EU, and not just for companies based in the EU.

Breaches must be disclosed within 72 hours and if you have second thoughts about complying with the regulation, consider the penalties: 4% of global gross revenues or € 20 million – whichever is higher!

Based on 2016 revenues, a fine for Apple would be $ 8.6 billion. Think they are not going to take this seriously? Unlikely. By some estimates fully 95-98% of US companies doing business in the EU, are not prepared and are not on track to become compliant by May 2018. A frightening prospect.

Digital Privacy in the United States of America

On April 3, 2017, while the country was occupied with the latest crisis headlines, President Trump signed the repeal of the internet privacy rules into law. There was not even a comment from the White House and no photo opportunity of the President signing this law. Very few even noticed. The resolution passed by a 50-48 vote in the Senate and 215-205 in the House.

The repealed internet privacy rules had been aimed at preventing internet providers from selling personal data without permission.

This battle, which had pitted large internet service providers and tech giants against consumer advocates and privacy rights groups, became history, and those ISPs that were interested in selling private data, won the day. Privacy took a blow to the nose.

In one report, consumer and rights advocates were outnumbered 50:1 by the lobbyists for their opponents. Critics of the rules had argued that this was an example of government overreach. One of the arguments for eliminating the rules was that these rules “would cause consumers to miss out on customized promotions”.

Now experts argue that these huge new databases of personal information are likely to become targets for hackers, law enforcement and spies.

The tide of consumer complaints, as more citizens become familiar with what has transpired is now causing some lawmakers to consider the repeal of the repeal of the internet privacy rules! Time will tell.

What is a large multinational company doing business on both continents supposed to do?

EU residents want to enhance privacy and whereas in the USA privacy has just been shredded. With this diametrically opposed cauldron of laws to deal with, how should companies respond?

Unfortunately, this is now a very confusing and contradictory landscape with no quick and easy path to resolution. Angela Merkel recently called for international regulations for the digital world. She went on to say that Europe and the US need to work together to ensure sensible rules because the “standards had been very erratically set so far”. For many companies, the statements resonate but a collaborative approach between continents is an elusive dream.

In the meantime, global companies must deal with a bipolar set of regulations making compliance a nightmare scenario.

Get an overview of the data privacy laws in Europe and the U.S.

Looking for details?

Download our infographic to have all differences of the digital laws between Europe and the U.S. at a glance.

Leipzig, 07/14/2017

Comments

Write a comment