User privacy on the Internet is a bad joke at the user’s expense. That didn’t stop Europe from strong arming U.S. businesses with its sweeping new EU privacy law, the General Data Protection Regulation (GDPR).*
The GDPR took effect last Friday. Internet privacy is still a bad joke. The difference is that the new privacy law gives EU residents and our own legislators the illusion that regulation makes the Internet a safer, more private place.
It certainly isn’t safer for companies that have to navigate a veritable minefield of new regulations that could put them out of business if they don’t comply. That’s where Washington should have stepped in.
EU privacy law controls the uncontrollable
Privacy regulations in the U.S. don’t live up to the stringent demands of the EU privacy law. We chose a more minimalist approach to protecting users and their information because precious little can be done to guarantee safety online. This isn’t a government regulation problem. It’s a user common sense problem.
Every day we have to make decisions about risky behavior whether that means having another drink or climbing up on the roof to replace a missing shingle. The Internet is no different, no matter what privacy experts tell us. Just because big companies aggregate unbelievable amounts of data about us doesn’t change the simple fact that they only use what we decide to give them by visiting their websites and doing what we are told.
Now any unsuspecting U.S. small business with a website risks violating a law that never set foot on Capitol Hill. It’s hard to imagine that we were worried about extending U.S. privacy protections to the EU shortly before the GDPR was passed, but the “EU is better than us” rhetoric had already started:
Our allies provide our citizens basic privacy protections. The least the United States can do is reciprocate in kind. The current inconsistency breeds distrust and harms the competitiveness of American businesses trying to serve customers around the world,” [Washington Rep. Suzan] DelBene said.1
Distrust? The GDPR gives us even more reasons to distrust not only the EU and the motives behind this global privacy law, but also our legislators for standing mute or supporting regulations that threaten mind-bending fines for violations that may not be preventable.
U.S. businesses have every reason to feel that their government hung them out to dry.
EU privacy law is coercion, not leadership
This is the Internet. It’s free, but you still pay.
If freedom is what you’re looking for the Internet is the place to be. It’s all available for the asking, from your church’s website to the most offensive pornography imaginable.
If it’s privacy you want, cancel your online plan. With so much offered for free, who in their right mind would think we aren’t paying a price?
Politicians like nothing more than regulating dangerous behavior. That includes venturing online, but the U.S. didn’t take a stand so the EU assumed the privacy leadership role. Now post-GDPR we’re still not taking a stand to protect businesses governed by a law from abroad with implications legislators either haven’t considered or agree with.
Instead of saying no, Rep. Rho Khanna (D-CA) and 15 cosponsors proposed H.R.5759 to bring Washington into the digital age:
Restoring the United States Government’s global leadership position in technology and electronic government requires a new approach–one that narrows the growing gap between the digital demands of citizens and the fashion in which the Government provides digital services to the American people.2
Their buzzword-laden write up misses one important point: our businesses have the same data challenges without public money to pay to make things right or defend against fines levied by the EU. Nevertheless, the 16 lawmakers behind the IDEA Act made a promise:
The 21st Century Integrated Digital Experience Act (IDEA) will lower federal costs and increase efficiency by digitizing government processes and establishing minimum standards for federal websites, including mobile-friendly interfaces in compliance with the latest security protocols.3
We’ve heard that one before. Digitizing D.C. won’t help U.S. businesses struggling to live up to new regulations because our government submitted to the EU privacy law and Europe’s new role as global digital leader.
Legislators supports EU regulators instead of your business
If you need further proof that our lawmakers speak first and think later, consider this comment from Massachusetts Senator Ed Markey one day before the GDPR became global law:
When the European privacy law takes effect, the American people are going to wonder why they are getting second-class privacy protections,” said Senator Markey. “If companies can afford to protect Europeans’ privacy, they can also afford to do so for their American customers and users.4
Instead of explaining why he sided with the EU instead of American companies, Markey presented a Senate resolution that also cracks down on businesses trying to implement the new EU privacy law by:
Encouraging companies to apply privacy protections included in the General Data Protection Regulation of the European Union to citizens of the United States.5
The senator doesn’t mention fines that can total millions and even billions of dollars, the cost of implementation, or the difficulty in securing personal information that our own government has proved unable to cope with.
Three Democrats signed on to Markey’s resolution: Richard Durbin (D-IL), Bernie Sanders (D-VT), and Richard Blumenthal (D-CT).6 If it goes anywhere their next resolution should explain to U.S. companies what steps Washington is taking to prevent unreasonable fines that can put them out of business or better yet, to block American GDPR implementation outright and leave privacy up to our own legislators.
Instead of acknowledging the importance of protecting U.S. companies from the EU, Illinois Rep. Bobby Rush pointed his finger at America:
“I don’t understand how we’ve reached a point where we, in the United States, are reliant on a foreign regulation to protect our data.7
Perhaps he’s not familiar with the regulations. That’s a problem. The GDPR doesn’t protect our data. Ostensibly it protects EU residents’ data from us. Nevertheless, Congressman Rush found a way to turn this into a partisan dispute:
In the absence of GOP leadership, American companies must set an example that they are truly committed to safeguarding user privacy in our nation by clarifying what aspects of the GDPR will and will not be implemented.8
He also sided against a U.S. business that has never hidden the fact that it’s all about collecting user information:
It was encouraging to learn that Mark Zuckerberg has embraced the ‘spirit’ of the European Union’s new law on data privacy but his intention falls flat when he has not committed to this type of privacy guarantee — that would deliver much needed assurance — to users in the United States and across the globe.9
There is a better way to ensure the privacy of your data. Facebook is a free service. You get what you pay for. If you are worried about your information don’t give it away.
If protecting data is so easy, lawmakers should start with the information that Washington collects about each and every U.S. citizen. The agency most invested in our financial issues admits there is a problem with fraudulent refunds. Social Security, Medicare, and Medicaid have problems with fraud and identity theft. Federal workers have suffered breaches of their data. These are security problems that would likely be punishable by the GDPR if they impacted an EU resident. They don’t, of course. These are problems Americans have to deal with. That’s a good reason to get our privacy house in order starting with our own legislators and why we should refuse to subject U.S. businesses to an onerous new EU privacy law that voices on Capitol Hill are already defending.
June 2, 2018: EU privacy fines OK, U.S. tariffs not OK
One week after the EU inflicted its privacy law on America it cried foul over new U.S. tariffs on steel and aluminum.
Legislators aren’t supporting American companies subjected to the GDPR but they were quick to cry foul when we leveled the playing field on trade.
Texas Republican Kevin Brady worries about the impact of the new tariffs on Europe and our own businesses:
I call on the Administration to continue the exemptions and negotiations with these important national security partners to find a solution and address the damage caused to American exporters. And the Administration will need to come to Capitol Hill to provide answers about the indiscriminate harm these tariffs are causing our local businesses.10
New York Democrat Brian Higgins characterized the steel and aluminum tariffs as “bizarre” and questions why we didn’t give our allies a pass11 while Ohio Democrat Tim Ryan “Condemns President Trump’s Canadian and European Tariffs.”12 Ryan vexed over the impact on jobs and the economy. Perhaps he didn’t read up on the vast sums businesses must spend to comply with the EU privacy law, as detailed in this article on CSO.
Now every day going forward U.S. employers will fear EU computer users because our allies would rather fine our companies than work together to find a privacy solution. As far as tariffs are concerned, the same lawmakers who failed to cry foul over privacy can be relied on to soothe the EU’s financial worries.
1. “DelBene: We Must Protect Privacy Rights of U.S. Citizens, Allies.” Suzan DelBene. October 20, 2015. https://delbene.house.gov/news/documentsingle.aspx?DocumentID=1770, retrieved May 31, 2018.
2. “H.R.5759 – To improve executive agency digital services, and for other purposes.” Congress.gov. https://www.congress.gov/bill/115th-congress/house-bill/5759/text?q=%7B%22search%22%3A%5B%2221st+century+idea%22%5D%7D&r=3, retrieved May 30, 2018.
3. “Release: Reps. Khanna and Ratcliffe Introduce Legislation for More Efficient Digital Government.” Rho Khanna. May 10, 2018. https://khanna.house.gov/media/press-releases/release-reps-khanna-and-ratcliffe-introduce-legislation-more-efficient-digital, retrieved May 30, 2018.
4. “Senator Markey Introduces Resolution to Apply European Privacy Protections to Americans.” Ed Markey. May 24, 2018. https://www.markey.senate.gov/news/press-releases/senator-markey-introduces-resolution-to-apply-european-privacy-protections-to-americans, retrieved May 31,
5. Retrieved from https://www.markey.senate.gov/imo/media/doc/GDPR%20Resolution%20.pdf on May 31, 2018.
6. “Senator Markey Introduces Resolution to Apply European Privacy Protections to Americans.” Ed Markey. Op. cit.
7. “Rush Asks Airbnb, Fitbit, Google, Lyft, Snapchat, Twitter, and Uber About Their Commitment to User Privacy.” Bobby Rush. May 18, 2018. https://rush.house.gov/media-center/press-releases/rush-asks-airbnb-fitbit-google-lyft-snapchat-twitter-and-uber-about, retrieved May 29, 2018.
9. “Rush Sends Letter to Facebook Requesting Commitment to Data Protection.” Bobby Rush. April 4, 2018. https://rush.house.gov/media-center/press-releases/rush-sends-letter-to-facebook-requesting-commitment-to-data-protection, retrieved May 31, 2018.
10. “Brady Statement on Administration’s Action on Steel and Aluminum Tariffs.” Kevin Brady. May 31, 2018. https://waysandmeans.house.gov/brady-statement-on-administrations-action-on-steel-and-aluminum-tariffs/, retrieved June 2, 2018.
11. “Congressman Higgins Responds to Imposition of Steel Tariffs.” Brian Higgins. June 1, 2018. https://higgins.house.gov/media-center/press-releases/congressman-higgins-responds-to-imposition-of-steel-tariffs, retrieved June 2, 2018.
12. “Congressman Tim Ryan Condemns President Trump’s Canadian and European Tariffs.” Tim Ryan. May 31, 2018. https://timryan.house.gov/media/press-releases/congressman-tim-ryan-condemns-president-trump-s-canadian-and-european-tariffs, retrieved June 2, 2018.
Image: “Look For The Harvest Moon This Weekend.” NASA. September 27, 2012. Retrieved from https://blogs.nasa.gov/Watch_the_Skies/tag/harvest-moon/ on May 31, 2018.
*You can read a good summary of what the GDPR does on Export.gov.