5 lessons the U.S. can learn from European Privacy Efforts
Published on: January 7, 2021
The U.S. Can Avoid Mistakes Made By The E.U. in Digital Security
No one would disagree that the internet has reshaped the world. Business, government, and
people all need information. The question becomes, how do we keep the information safe from
criminals, hostile governments, and business competitors? Experts have wrestled with this
question since the birth of data mining. And now that cyber-attacks, including terrorist activity,
are a reality, the need for security is even more critical.
Protecting people is a demanding and complicated job. About eight years ago, the European
Union’s (EU) Commission acted on information protection. They felt compelled to upgrade the
rights afforded to people in the EU. A few years of research and planning resulted in the General
Data Protection Regulation (GDPR). A law whose foundation rested on seven fundamental
1. Lawfulness, fairness, and transparency
2. Purpose limitation
3. Data minimization
5. Storage limitation
6. Integrity and confidentiality (security)
Although the GDPR includes some of the most robust tools anywhere aimed at privacy
protections, there have been some issues.
One goal of the GDPR was that the U.S. would also follow the EU’s lead and create
complementary laws. Instead, many U.S. states are drafting their version of the protection laws.
[there is only 1 regulation- and many principles]
Businesses find it difficult to juggle multiple regulations, because of cost in terms of money and
in time dealing with multiple compliance requirements.
Regulators in Europe were busy educating businesses on their obligations and people as to their
obligations and their rights, but there remains some confusion as to the nature of those rights and
obligations. The dispute mechanism procedure, which is invoked where regulators dealing with
cross-border data flows cannot come to agreement on appropriate fines or sanctions, has not
worked smoothly, leading to delays in enforcement.
The EU effort and results serve also as learning opportunities for the U.S. and other countries:
Structure laws for ease of use. Develop privacy protections, but balance this appropriately with
allowing for innovation and for business opportunities. Data Protection is essential, but it does
not have to be costly in terms of economic growth. Compliance can come at an affordable price.