Last year the European Union (EU) adopted the General Data Protection Regulation (GDPR) in an attempt to protect the private data of people living and working within the EU. The regulation won’t go into full effect until May 2018, but it still provides a clear vision of how today’s countries should take data privacy seriously. The United States (U.S.) should take a close look at Europe’s GDPR to learn more about it can protect its citizens.
The US Needs to End Corporate Corruption
Image via Flickr by Harakir
The illusion of consumer choice says that people can shape how corporations behave by choosing where to place their money. In reality, consumers have very few options, especially when it comes to choosing banks.
Although the U.S. government continues to pretend that consumers have plenty of options, people know that they have to put their trust in untrustworthy corporations. Otherwise, they lose convenient features that only large companies can offer. This leads to several problems that the GDPR could potentially prevent.
Wells Fargo provides a good example of this. During the mid-2000s, employees gave intentionally misleading information to customers. In some cases, they outright lied to secure more accounts. When the misdeeds became public, Wells Fargo fired about 5,000 employees found guilty of manipulating customers. The company did not, however, fire upper management that encouraged employees to act unethically.
Instituting a regulation like GDPR would make it more difficult for companies to abuse consumers. It would also force companies to pay large fines when they misuse public data. As a result, more corporations would use data properly to avoid penalties.
Consumers Need Guaranteed Data Breach Notifications
According to GDPR organizations must inform local supervisory authorities of data breaches within 72 hours of any data loss. The local supervisory authority can take a closer look at the breach and determine whether individuals might be affected by the data loss. If private data has been breached, then the authority can force corporations to notify consumers immediately. This is one reason that computer security companies like Skyhigh Networks support GDPR.
California has a similar law, but the U.S. federal government doesn’t have anything similar to GDPR’s data breach notification guarantee. Other than companies and individuals in California, Americans have little to no protection unless corporations choose to disclose breaches.
This situation leaves people in a state of limbo. At any given moment, you don’t know whether your data has been compromised. Requiring organizations to notify individuals as quickly as possible would create a better atmosphere in which people could feel safer.
US Consumers Deserve Straightforward Agreements
User agreements in the U.S. have such complicated language that it practically requires hiring a lawyer to understand them. Agreements can run on for hundreds of words, making it difficult for average people to know what they’re signing. Because of this, corporations can legally gain access to private information without truly informing consumers.
GDPR eliminates this concern by forcing companies to use straightforward language in all of their user agreements. It also gives consumers the right to a simple process that lets them back out of agreements.
The U.S. needs to take data privacy more seriously by adopting regulations similar to GDPR. Until then, no one can feel certain about their privacy.