The tough new privacy laws coming to Europe tomorrow, when the General Data Protection Regulation takes effect, are sparking calls for new standards in the U.S.
This morning, a coalition of Senate Democrats introduced a resolution urging companies covered by the EU's rules to treat Americans' data comparably to Europeans' information. “If companies can afford to protect Europeans’ privacy, they can also afford to do so for their American customers and users," Senator Ed Markey (D-Massachusetts) stated. "Under the European rules, privacy is not an afterthought, and consumers, not corporations, are in charge of personal information."
Markey was joined by Democratic Senators Dick Durbin (Illinois) and Richard Blumenthal (Connecticut) and Independent Bernie Sanders (Vermont).
The GDPR aims to give consumers more control over data that is collected about them, including the type of data used for targeted ads. Among other provisions, the regulations bar companies from processing consumers' data without their explicit consent. The new privacy rules also give people the right to know who can access their data, and to revoke their consent at any time.
It's not clear whether this resolution will go anywhere -- especially considering that lawmakers have been unable to advance even modest privacy proposals in the past.
But even if the odds of action on Capitol Hill are remote, companies are facing some public pressure to rein in their data collection efforts. A coalition of 28 advocacy groups -- including the Center for Digital Democracy, Consumer Federation of America, Electronic Privacy Information Center and Public Citizen -- today urged large companies to extend their GDPR compliance plans to America.
“Strong privacy standards should apply to everyone who uses online platforms and services no matter where they live,” states the letter, which was sent to Facebook, Google, Amazon and other companies. “Since you will be providing these protections for hundreds of millions of people in Europe, there is no question that you are capable of applying the same protections worldwide."
So far, some large tech companies have taken steps toward tightening their privacy rules in the U.S. -- although to varying degrees. Facebook said today that it plans to send people individualized messages that explain how the company uses data for ad targeting. (CEO Mark Zuckerberg earlier said the company would extend the "spirit" of the GDPR worldwide -- which obviously leaves the social networking service with a lot of wiggle room.)
And Microsoftsaid this week that it will "extend the rights that are at the heart of GDPR" to people everywhere.
"We believe privacy is a fundamental human right," Microsoft deputy general counsel Julie Brill, a former Federal Trade Commission, wrote on the company's blog. "Companies like ours have a huge responsibility to safeguard the privacy of the personal data we collect and the data we manage for our commercial customers."