GDPR: Paving the way to Privacy Legislation in the US

Data Protection

There is no denying that GDPR is driving data privacy conversations across the world. When Scott McNealy, then the CEO of Sun Microsystems, called consumer privacy a “red herring” in 1999 when he famously said “you have zero privacy anyway, get over it,” I’m not sure he could have pictured the post GDPR landscape as it stands today.

GDPR has changed the conversation around data privacy, as for the first time in the digital age, a major geopolitical power has decided to invest in protecting the data of its citizens. By providing a path for citizens to be informed about what their personally identifiable information is being used for, GDPR has shown a framework to the rest of the world. Individuals like Max Schrems, who has already taken Facebook and Google to court (and won) in the past, are using GDPR to accelerate lawsuits against organizations that are violating GDPR. In fact, over 1000 complaints were lodged in the first month after GDPR went into effect.

However, the United States currently has no overarching data privacy policy in place. There was an effort to implement a national standard under the Obama administration, and while data privacy is typically a bi-partisan concern, there was considerable backlash from major corporations and their lobbying groups. To that end, the US has fallen behind the EU, China, Russia, and Brazil when it comes to adopting an overarching policy. What we currently have is a hodge-podge of local, state, and industry specific laws and regulations of varying ages and effectiveness.

While there may be no US based version of GDPR on a federal level, California is the first state to pass a comprehensive data privacy legislation, the California Consumer Privacy Act of 2018. This law, which goes into effect 1/1/2020 allows for fines to be imposed when records are breached, and allows for individuals to seek remuneration and damages from companies that are careless with their data. This legislation, along with GDPR, will have wide reaching impact, as California is the 5th largest economy currently in the world. Furthermore, experts like Marc Gorman and Karen Kornbluh have predicted the new California legislation will lead a drive for a more uniform and national standard.

Data privacy experts aren’t the only ones who are calling for more privacy legislation. In the wake of Cambridge Analytica/Facebook incident, consumers are now being faced with an existential crisis: how much sharing is too much sharing? We are at a tipping point where convenience is turning into coercion and misinformation. Of course, we have no goal posts by which to judge this issue. As Klaus Schwab points out, we’re in a new historical epoch, the Fourth Industrial Revolution, which “has the potential to empower individuals and communities…but it also could lead to the marginalization of some groups, exacerbate inequality, create new security risks, and undermine human relationships.” As with all major shifts in the framework of society, the sudden interconnectedness of humanity has brought unique challenges with it. Data privacy as a fundamental human right is now very much on the mind of U.S based consumers. A Pew Research Center survey found only 9% of social media users were very confident that social media companies would protect their data, and 64% said the government should do more to regulate data privacy.

It is only a matter of time before consumer distrust turns into a call to action, and GDPR is helping to pave the way for new legislation. With GDPR, and now the California Consumer Privacy Act driving this conversation, we are poised to see a new era of privacy for individuals. Organizations that mishandle the data of the consumers are in danger of people abandoning their brands. The pendulum has clearly swung from those famous remarks back in 1999: we not only have a right to privacy, but we are starting to demand it.

For more information about GDPR training and certifications visit the CITI website:

Jon O’Keefe
Sales Manager, Logical Operations
Jon O’Keefe was Deputy of Counter Intelligence for Geek Squad/Best Buy from 2005-2011. He then worked at SSH Communications Security as a Federal Channel Manager and Solutions Architect in Data in Transit Security. He joined Logical Operations in 2016, and is a Territory Sales and Account Manager and Data Privacy/Cyber Security Expert. He has held A+, Network+, Security+, and MCSA status. O’Keefe is passionate about security and privacy, and believes that human beings as content curators should have an automatic right to online privacy. Logical Operations is partnering with UConn’s Connecticut Information Technology Institute to offer certificate courses on data privacy. View Posts