Protecting User Data: How Close is the US to its Own GDPR?
The use (and misuse) of user data has been thrust further into the spotlight, not only with new laws taking effect in many countries but also thanks to a slew of high-profile scandals, such as Cambridge Analytica. With the ongoing consequences of data breaches, people are demanding more transparency around how their data is used.
That’s as true of the U.S. as it is of any other country. And, on the back of public pressure, several states have implemented (or are in the process of implementing) regulations which share broadly the same goals as the European Union’s General Data Protection Regulation (GDPR).
As these laws, and the wider data transparency movement, gather momentum, there’s increased speculation around how far out the U.S. is from adopting its own GDPR-style legislation at a federal level.
Companies need to start asking themselves how ready they are for the laws in place and how ready they’ll be for any federal laws that may be instituted around data privacy.
The Impact of CCPA
While GDPR grabbed all the international headlines, the first U.S. regulations aimed at data transparency were actually signed into law at around the same time. The California Consumer Protection Act (CCPA) provides several important rights to residents of the state, allowing them to know what personal data is being collected about them, access it, request its deletion, and opt out of having their personal data collected.
All for-profit companies that do business in California (within certain thresholds) are required to comply with the law, which comes into effect on January 1, 2020. While the CCPA does differ from GDPR in several important respects (most significantly, it works on an opt-out basis, rather than the GDPR’s explicit opt-in requirement), it was still a significant step forward in the evolution of privacy laws in the US.
The depth of its impact becomes especially apparent when you consider that close to a dozen other states have either drafted or passed copycat legislation in the months since CCPA was passed. While some are less restrictive and others more stringent than CCPA, they all model themselves on it to some degree.
With these kinds of advances at the state level, there are increasingly loud calls for data privacy laws to be implemented at a federal level.
Federal Complications
These calls have come from independent commentators, as well as major industry players. Their logic is compelling too. Not only would a federal law be easier to comply with than a patchwork of state laws, but the greater resources available at a federal level would also make it easier to enforce.
Another advantage of a federal data privacy law is that it would allow data from the EU and EEA (European Economic Area) to be transferred to the United States without the need for any additional safeguards or agreements, as long as the E.U. sees the legislation as providing an adequate level of data protection.
However compelling the case for federal data protection legislation might seem, it’s unlikely that it will come to pass any time soon.
First off, any proposed federal law that comes before Congress may prove too weak for some states (Californian representatives have already argued that their law is the best and should not be subsumed) and too stringent for others.
The fact that there are already several competing federal data protection bills may also hamper the chances of any one of them passing successfully in the near future.
Pre-emptive Action
That does not, however, mean that organizations should proceed with the assumption that legislation won’t be passed.
Instead, they should act preemptively, readying themselves for any laws which do pass. If an organization is already GDPR compliant, for example, it should be well on its way to regulatory compliance, no matter which states it operates in.
Being ready early won’t just spare an organization the inevitable last-minute rush once legislation does pass, it also comes with a host of business benefits, including improved data management, increased trust, and improved customer loyalty.
Related Articles
Algorithms cannot work well on poor training data volume - and a deficit of this data leaves the system undernourished. With more data to consume, the system can be trained better and the outcomes are then stronger.
13 Nov 2019
The latest advances in speech-to-text technology enable analytics software to deliver the most accurate and complete customer insights. To do so, robust ASR solutions must be able to do five things.
16 Oct 2019
Businesses let hundreds of millions of dollars slip through their fingertips because they fail to recognize opportunities embedded in conversational nuance. But AI can help.
09 Oct 2019
It's now possible to detect everything from depression to Parkinson's disease with speech analytics, but privacy concerns are still being dealt with
05 Aug 2019
As the UK 's Information Commissioner's Office orders the nation's tax authority to delete 5 million voice recordings under GDPR, we offer 5 tips for staying out of trouble with privacy regulators.
11 Jun 2019
The results of Speech Technology Magazine's People's Choice Awards voting are finally here. The people have spoken.
29 Apr 2019
Earlier this year, Amazon added the ability for Alexa to read and delete emails. Google Home and other voice-enabled digital assistants will likely be developing this capability as well. That may present serious consequences for marketers.
20 Feb 2019