Is the GDPR Right for the United States?

Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately -- and given that the GDPR will reshuffle privacy protection in Europe and beyond -- many in the United States are looking to the GDPR for ideas of what to do - and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law -- the institutions and legal systems are just too different. 

However, here are some aspects of the GDPR that we think Congress should pay attention to when thinking about how to protect Americans’ privacy. It is important to remember two things when thinking about the GDPR and internet platforms. First, the GDPR has not been implemented yet.Second, there is another piece of legislation, the ePrivacy Regulation, which clarifies the consequences of the GDPR for electronic communications, that is still in the European legislative process. We expect the ePrivacy Regulation to be approved before the end of 2019.