GDPR-Like Law To Be Drafted In 2019, Democratic Senator Says

Privacy Cyber Security AH Nov 10 2018

The United States Congress may be able to draft a privacy bill akin to the European Union's General Data Protection Regulation as early as next year, Senator Richard Blumenthal (D-CT) said at this week's hearing of the Senate Commerce, Science and Transportation Committee. The 72-year-old said he's hoping the said law will be drafted "early" in the next caucus session which is kicking off in January. Senator Blumenthal revealed he and Senator Jerry Moran (R-KS) already discussed the matter and should be able to come up with a provisional draft through a bipartisan effort which already started.

Senator Moran publicly voiced support for federal data-privacy legislation, though the two major political parties in the country are still in some disagreements over how potential violations of the thereof should be penalized. E.g. the Republican legislator previously said he isn't convinced that the government should turn to civil penalties in case of privacy violations, though that's precisely what the political left currently has in mind. Senator John Thune (R-SD) confirmed the Commerce Committee is considering consumer-data legislation as well, though details on the matter remain virtually non-existent.

Background: The subject of data privacy has been garnering a lot of traction in the U.S. over the course of this year, primarily due to a number of high-profile scandals such as Facebook's Cambridge Analytica debacle and Google's oversight that potentially compromised hundreds of thousands of Google+ users and went undisclosed for months, ultimately prompting the firm to shutter its struggling social media network for good. Numerous advocacy groups called for Congress to draft legislation akin to GDPR, one of the strictest information privacy laws ever enacted in the West. The legislation in question went into effect in late May and already allowed for a wide variety of complaints against the world's largest technology companies, though its effectiveness has yet to be tested in the court of law.


Shortly after GDPR started being enforced, California Governor Jerry Brown signed the Consumer Privacy Act of 2018 (AB275) which provided its residents with similar rights, allowing them to request their digital data held by private entities to be deleted and control the manner in which it's collected and managed, in addition to finding out what exactly do Internet companies know about them. The law attracted significant criticism from the Silicon Valley, though the industry eventually stopped lobbying against it due to public pressure. A potential federal-level bill regulating data privacy may also pre-empt the said California legislation, though DNC lawmakers already publicly opposed such a turn of events. GOP members aren't as one-minded about the issue, though it's still unclear whether they'd be willing to agree to keep California's law intact.

Impact: While the current political climate in the U.S. heavily leans on the side of partisanship and polarization, data privacy appears to be one of the rare issues that both sides agree needs extra regulation. While that certainly doesn't spell good news for the tech industry's bottom line, it's unlikely that Capitol Hill enacts legislation that's anywhere close to GDPR in terms of strictness; according to the new EU law, privacy violators can be fined with up to two percentage points of their annual turnover or €10 ($11.38) million, whichever figure is greater, whereas American lawmakers still aren't certain whether civil penalties will even be their go-to form of punishment for such transgressions.