The internet has been with us for a quarter of a century, but the US has still not passed a law requiring its companies to abide by meaningful data-privacy protections. This matters because most of the western world’s big technology companies are American. In 2020, America’s privacy bill will finally be settled.
In May 2018, the EU’s General Data Protection Regulation (GDPR) took effect, and it is already transforming American privacy law and practice. GDPR is a comprehensive set of regulations, and its extensive requirements are becoming a global market norm. In practice, if you want to do international business in personal data, you have to follow at least the spirit of GDPR, even in the US.
State legislatures have taken the initiative and called Congress’s hand on privacy, even if Congress hasn’t updated its approach to privacy in years. Influenced by the GDPR, states have started to pass their own data protection statutes, such as the new California Consumer Protection Act. And now, after years of opposition to regulation, big technology companies have started to call for a baseline US privacy law that everyone abides by. Congress now finds itself sandwiched between bottom-up momentum from the states, and sideways influence from the EU. In 2020 it will be forced to make a choice.
Read the full piece at Wired.