Lagging behind the rest of the world puts U.S. consumer privacy protections and business innovation at risk.
Europe made history in 2016 when it passed the General Data Protection Regulation (GDPR) to protect the privacy of consumers across the European Union. The EU passed this law in an effort to give consumers more transparency and control over what data is collected about them, how their data is used, and with whom it is shared. But the far-reaching law has had significant unintended consequences for consumers, businesses, and the economy.
GDPR spurred the review of international privacy protections around the globe. Now, there are more than 120 countries that have put in place legislation to secure the protection of data and privacy. Even China, known for its digital surveillance of citizens, has data privacy legislation that is likely to pass this fall. A number of other countries have taken steps that strike a better balance between protecting consumers while allowing reasonable data practices that benefit consumers and society.
That’s where the United States comes in. Noticeably absent from the global data privacy debate, Congress has an opportunity pass a federal privacy bill now that reasserts U.S. leadership in this space and sets a new, enhanced global privacy standard – one that would ensure consumers have real privacy protections while preserving the responsible use of data by businesses.
Because the United States hasn’t acted yet on privacy, GDPR is currently seen by some as the global standard for data protection rules. But the regulation has many flaws, including providing imperfect protections for consumers that have led to burdensome privacy notifications as they browse the internet, which could confuse consumers even more about how they are protected.
The law has also created an enormous compliance burden for businesses. A 2018 EY and International Association of Privacy Professionals report found companies reported spending an average of $1.3 million per year on GDPR compliance costs – costs that are incurred not only by European companies but also by U.S.-based companies with a European presence.
All of this has a tremendous impact on both the European and the U.S. digital economies and innovation. A new study published in Marketing Science found that investment in European startups has dropped by 36% compared to American or other global startups since the rollout of GDPR. A number of U.S. companies, including leading news organizations, stopped offering their services in Europe in response to the law, with one analysis estimating that 42 percent of U.S. news sites flatly blocked connections from Europe rather than apply GDPR’s provisions. Advertising also decreased as a result of GDPR – initial reports estimated that programmatic ads dropped by 20 percent immediately following the law’s implementation. A 2021 study found that the use of ad tech vendors for EU users fell 15 percent, which led to an increase in market concentration among ad tech vendors by 17 percent. And because publishers rely on advertising, a 2019 study estimated that there was a 10 percent drop in pageviews and recorded revenues for publishers following the implementation of the law.
The good news is that the United States has the benefit of taking lessons learned from international laws and making sure there is a stronger and more clear set of data privacy rules that work best for consumers and businesses in the U.S. Privacy for America has put together a framework for a federal bill that would provide broad protections for consumers and clear rules of the road for all businesses to ensure that everyone can continue to benefit from a free and open internet. And most importantly – our framework for a federal bill would put the United States on the map when it comes to data privacy, helping to establish us as a strong leader in protecting our citizens from data misuse and abuse while preserving the many benefits that accompany the responsible use of data.
Learn more here: https://www.privacyforamerica.com/overview/