Everyone’s always talking about online privacy, but this past week or so has brought a meaningful uptick in that ongoing discussion, including a debate that could shape privacy regulations throughout the United States. Such is life in the post-GDPR world.
GDPR, of course, stands for the General Data Protection Regulation, the recently enacted European Union regulation that aims to boost personal data privacy rights, and whose impact has reached far beyond the EU’s member states. From time to time, PYMNTS is proving updates on the consequences of the new de-facto global privacy regime, an effort that includes previous looks at online advertising and email marketing.
More recently, regulators from North America, Great Britain and Asia have requested a formal exemption from the data privacy law that they said could potentially interfere with cross-border investigations.
A New Privacy Law?
Much of the main GDPR-related action in the last week or so has happened in the United States.
On Thursday (June 28), for instance, California state lawmakers were reportedly still debating a bill that would tighten data privacy for consumers and impose penalties on companies that violate those protections. The debate — influenced by the issues surrounding the GDPR — is significant because any digital privacy law enacted by California promises to influence business and regulations in the rest of the United States, if not other countries.
Those California lawmakers on Thursday were racing against legislative and state deadlines to try to head off a Nov. 6 ballot initiative called the California Consumer Privacy Act that would also offer protections and the threat of corporate penalties — though not as stiff as the fines allowed by the GPDR.
The man behind that ballot initiative, San Francisco real estate investor Alastair Mactaggart, reportedly has given his support to the legislative effort, saying that he thought it would “greatly advance California consumers’ privacy.”
The California Chamber of Commerce opposes the bill, with its legislative lobbyist telling reporters that the “bill is flawed” and the “stakes are astronomical.” But she said the Chamber prefers the bill over the ballot initiative because lawmakers could later amend the bill once its impacts become clear.
Were lawmakers to approve the bill, and Gov. Jerry Brown to sign it, it would take effect in 2020 — providing more time for potential fixes. The state attorney general’s office would work out the specific privacy regulations.
Industry and D.C. Action?
Technology companies are understandably anxious about the prospect of more regulations governing how they handle digital data. In fact, online privacy was the reason executives from major companies such as Facebook, Google and Apple were reportedly set to meet this week in San Francisco at a conference organized by the Information Technology Industry Council, a trade group.
No information about discussions at that meeting, which reportedly took place Wednesday, had emerged from reliable sources 24 hours after the event. But the meeting does highlight the increasing focus on digital privacy in this post-GDPR world.
Meanwhile, in Washington, D.C., the Trump Administration reportedly wants figure out what “a federal approach to online data privacy should look like,” according to Axios. Gail Slater, President Trump’s special assistant for technology, has already met with industry groups about that topic — meetings that included discussion of “ways to put in place guardrails for the use of personal data.”
It seems clear that the GDPR will spark further regulatory pushes in favor of more protections and penalties involving consumer data. The consequences of those efforts are a long way from revealing themselves.