Lawmakers are considering the passage of a national data privacy law that will resemble Europe’s General Data Protection Regulation (GDPR). Meanwhile, Big Tech is feeling the effects of the European law. In early 2019, Google received a fine of $57 million from CNIL, a French regulatory agency, for failing to comply with the GDPR.
California enacted the California Consumer Privacy Act of 2018, which takes effect in 2020. The law allows citizens of California to have their data deleted and allows them the ability to “opt out” of data sharing. Following California’s example, other states may enact their own data privacy laws.
Data Privacy Framework
Big Tech firms prefer a comprehensive federal law as opposed to a patchwork of data privacy laws. Therefore, firms are taking the initiative to be a part of the discussion regarding a federal data privacy law. Google and the Internet Association support several principles for a national framework, which includes:
- Access: Consumers need a reasonable way to correct and delete their data.
- Accountability: The law should set baselines but allow for flexibility in achieving compliance.
- Broad application: A data privacy law should impact all types of organizations.
- Controls: Consumers need control over how their data is collected, used, and shared.
- Data security: Companies must protect consumer data and notify consumers of a security breach.
- Global regulations: Privacy regulations need to be consistent across borders.
- Portability: Consumers should be able to transfer their information to another service provider.
- State laws: The law needs to create a national standard that preempts the patchwork of state data breach and privacy laws.
- Transparency: Consumers should know when a company uses their data.
The GDPR is a global standard for data privacy, so the U.S. will need to follow its direction. U.S. firms are already complying with the GDPR for European customers, so Big Tech understands the value of establishing a national data privacy standard.
Alice M. Porch, Esq., CIPP/US, C|EH, Security+
Alice is a member of the Florida Bar, and she focuses on data privacy and cybersecurity compliance. She attended the Warrington College of Business at the University of Florida and earned a Bachelor of Science in Business Administration. After graduating, she earned a Juris Doctor at the Stetson University College of Law. During law school, she served as an Assistant Executive Editor for Stetson Law Review and also as a Staff Editor for Stetson Journal of Advocacy and the Law. She also served as a member of The Florida Bar Journal/News Editorial Board from 2018-2024. She is currently a member of the Florida Bar Cybersecurity and Privacy Law Substantive Law Committee.
