The General Data Protection Regulation (GDPR) is a set of rules enacted in 2016 by the European Parliament to give the European Union (EU) citizens more control over their personal data. According to the EU GDPR website (N.d), the EU GDPR “is the most important change in data privacy regulation in 20 years.” GDPR simplifies the regulatory environment for organizations so that businesses and citizens within all of the countries in the European Union can fully benefit from the digital economy. Under the terms of GDPR, organizations are required to gather personal information legally as well as under strict conditions. Also, the individuals involved in the collection and management of the data are obliged to protect the data from misuse and exploitation. According to Lahiri (2018), GDPR is composed of many essential items, which include “increased fines, breach notifications, opt-in consent, and responsibility for data transfer outside the EU. The aim of implementing the GDPR in EU was to ensure that control over personal data is improved for individuals as well as decrease the load for organizations.
Most people believe implementing regulation like GDPR in the US would hinder innovation. They contend that the End User Licence Agreements (EULA) provide sufficient protections and allow the citizens to make the choice of what is and what is not shared. However, I believe that an equivalent of GDPR should be implemented within the United States. There are numerous elements of the GDPR that the United States need to implement. One part of the GDPR that the United States should implement is the right to have data provided to a person regarding a consumer upon request. Principally, an organization would be required to provide information it has concerning a customer in case that individual has requested the organization to do so.
Delegate your assignment to our experts and they will do the rest.
The key difference between EU GDPR and the United States data privacy policies is the EU GDPR touts a “one-stop shop” approach to data privacy while the US privacy policy is state-by-state (Kurzer, 2018). Under the EU GDPR, organizations operating in EU member states only need to deal with one lead supervisory authority. The United States does not have a leading supervisory authority that covers all the citizens. Each state in the United has its data policy, and the federal data policies only govern specific verticals such as the Health Insurance Portability and Accountability Act (HIPPA). The states laws only have jurisdiction over its citizens, and thus, there is a need to pass federal data policy.
Therefore, the United States should implement GDPR to ensure all of its citizens and organization deal with one lead supervisory authority. More specifically, the United States should implement a single national liability scheme. This would enable the US to create data privacy and data protection from data breaches. Once the GDPR is implemented, all organizations would be required to report certain types of data breaches to the relevant supervisory authority. Reporting of data breaches vary from state to state. This is because each state has different laws than the federal government. Implementing a single liability scheme is beneficial in the sense that it would enable the United States to have clarity of the government’s ability to penalize organizations for breaches. Also, the victims of the data breach would have the ability to sue the organization responsible for the breach of their personal data.
Customers need to understand how organizations use their information as well as what will happen if they provide their data to an organization. Thus, lengthy user agreements ought to be replaced with simplified user agreements as they are easy to understand. In order to prevent data breaches and penalize organizations involved in such acts, the US should implement a GDPR. The GDPR requires that consumers actually opt-in to the collection and management of their personal data; this includes data such as email addresses, IP addresses, and device information. Many websites based in the United States have implemented these changes, and this has given consumers greater control as well as increased transparency around what happens when they use an online service. Since many websites in the US have already implemented these changes, GDPR should be officially implemented to give US citizens more control over their personal data.
The GDPR includes many provisions and arguably strengthens data protection for individuals within the European Union. The GDPR applies to both organizations within and outside the European Union. However, many organizations outside the EU are unaware of this. If an organization want to do any business with EU countries, it must meet GDPR compliance requirements (Lahiri, 2018). The US states should implement GDPR as the regulation will regulate and protect personal data and privacy. Companies will be accountable to protect the privacy of their customers. Once implemented, customers will become more protected as compliance gains more standardization across many websites, apps, and online services.
Overall, I believe that an equivalent to GDPR should be implemented in the United States. It will give the US citizens more control over their personal data. It would also simplify the regulatory environment for organizations so that businesses and citizens within the US can fully benefit from the digital economy
References
EU GDPR.ORG. General Data Protection Regulation. [Online]. Retrieved from: https://eugdpr.org/ . Accessed 11 th July 2019.
Lahiri, K. (2018). What is General Data Protection Regulation? [Online]. Retrieved from: https://www.forbes.com/sites/quora/2018/02/14/what-is-general-data-protection-regulation/#21f765d862dd . Accessed 11 th July 2019.
Kurzer, R. (2018). The United States finally starts to talk about data privacy legislation. [Online]. Retrieved from: https://martechtoday.com/the-united-states-finally-starts-to-talk-about-data-privacy-legislation-219299 . Accessed 11 th July 2019.
