The GDPR is now in force for a few months and has changed the way companies in Europe deal with personal data – of employees, clients, patients, service providers and every other data subject. Now, several US companies state that a GDPR-like U.S. federal privacy law could be a solution for the US data protection world….
Tim Cook supports GDPR-like US law
Tim Cook – the Apple CEO who has long been committed to privacy protection – said in his keynote address on the first day of the International Conference of Data Protection and Privacy Commissioners last week that he supports a GDPR-similar US law to tackle the internet giants’ “surveillance” of internet users via the control of massive amounts of personal data. That information, he said, was “being weaponized” against internet users with “military efficiency.”
He also said, according to the BBC:
“We at Apple are in full support of a comprehensive federal privacy law in the United States.”
Other tech companies should do the same
Cook also called for his fellow tech companies to also promote such a law:
“Some oppose any form of privacy legislation. Others will endorse reform in public and then resist and undermine it behind closed doors”,
According to the IAPP, Facebook CPO Erin Egan said that Facebook would support a GDPR-like privacy law in the United States. Also, Google and Microsoft representatives seem to be in favor of such a legislation. Microsoft Corporate Vice President and Deputy General Counsel Julie Brill even mentioned that Microsoft has already implemented a lot of the GDPR’s requirements to its customer base.
GDPR as a model for the US?
Before the GDPR came into force, US tech lobbyists were afraid that the new legal framework would bring a lot of problems for data flows, especially via the internet. However, the internet is still alive – despite the GDPR.
And then, in June this year, California passed a new privacy law, which also requires businesses to disclose information they store, what purpose it’s for, and with which third parties it’s shared. For data breaches, consumers may be able to sue for up to $750 for each violation, while the state attorney general can sue for intentional violations of privacy at up to $7,500 each.
But could it really be good to have several different privacy laws in the US, which may even contradict each other? No, that would make life difficult for businesses trying to operate across state lines. A federal law could be the solution.
EU applauses Cook’s remarks
Of course, the EU is more than happy about Cook’s comments.
“I think that this confirms once more that Europe got it right with the GDPR,”
Commission spokesman Margaritis Schinas said, according to dw.com.
Also, EU Commissioner Věra Jourová, „welcomed these announcements“, and CNIL President Isabelle Falque-Pierrotin noted in her address that she welcomes “the commitments to data protection and ethics” made by Apple, Facebook, Google, and Microsoft:
“I can only be pleased to hear the GDPR has been a major step for these companies in advancing toward more privacy, using it as a model.”