Public Knowledge says it does not think transferring E.U. privacy rules to the U.S. is the right way to go.
With the European Union's tough new General Data Protection Regulation online privacy framework taking effect Friday (May 25), there had been calls for U.S. policymakers to adopt those rules here, or for companies to voluntarily do so.
Public Knowledge is all for protecting online user's privacy, including using government levers to ensure that, particularly given various data breaches and privacy violations that have been much in the news lately, but not by grafting the E.U. regime on the U.S.
Gus Rossi, global policy director for Public Knowledge, says the E.U. effort has spotlighted the deficiencies of the U.S. patchwork of protections, but that "copying and pasting E.U. law would not be an efficient or reasonable way to protect Americans’ privacy," adding that the institutions, legal systems, and consumer preferences are just too different."
What should happen, he says, is that Congress should study the GDPR as it comes up with its own "American" privacy bill.
One issue with that, however, is that American companies doing business globally, which is most big layers, will still have to comply with the E.U. regulations, so where those don't rack with U.S. regs, the companies must provide bifurcated services.
Whatever the bill does, at baseline it should "encourage companies to rethink their data collection and processing practices to guarantee security of user information, require meaningful notice and consent for personal data sharing, list user rights, and designate at least one independent enforcement agency," he said.