The EU's General Data Protection Regulation could "force big changes in the way US and European companies do business," Commerce Department Secretary Wilbur Ross says.
"As currently envisioned, GDPR’s implementation
could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US, but for everyone outside the EU," Ross writes in the Financial Times.
The GDPR -- which took effect in Europe last week -- aims to give consumers more control over data that is collected about them, including data used for targeted ads. Among other provisions, the regulations bar companies from processing consumers' data without their explicit consent. The new privacy rules also give people the right to know who can access their data, and to revoke their consent at any time.
Ross says in his op-ed that the White House supports the GDPR's goal of protecting personal online data while continuing to enable transatlantic data exchange. But he adds that complying with the rules "will exact a significant cost, particularly for small and medium-sized enterprises and consumers who rely on digital services and may lose access and choice as a result of the guidelines."
He also says the rules have created "serious, unclear legal obligations" for companies and government agencies.
"We do not have a clear understanding of what is required to comply," he writes. "That could disrupt transatlantic co-operation on financial regulation, medical research, emergency management co-ordination, and important commerce."
In addition, he says the new privacy rules could pose a public safety risk by preventing law enforcement authorities from discovering the identities of people who operate websites "that propagate terrorist information, sponsor malicious botnets or steal IP addresses."