Can Europe Lead on Privacy?

[Commentary] What matters is not whether internet companies “deserve” our private information but why we as consumers do not have meaningful ways to protect that data from being siphoned for sale in the first place. The American government has done little to help us in this regard. The Federal Trade Commission merely requires internet companies to have a privacy policy available for consumers to see. A company can change that policy whenever it wants as long as it says it is doing so. As a result, internet companies have been taking our personal property — our private information — while hiding this fact behind lengthy and coercive legalese and cumbersome “opt out” processes. The European Union, however, is handling the problem differently. Starting in May, its General Data Protection Regulation will go into effect in its 28 member nations. The regulation is powerful in its simplicity: It ensures that consumers own their private information and thus have the right to control its usage and that internet companies have an obligation to give consumers the tools to exercise that control.

[Tom Wheeler, the chairman of the Federal Communications Commission from 2013 to 2017, is a visiting fellow at the Brookings Institution and a fellow at the Harvard Kennedy School.]