Government Technology: The current attention on the Facebook/Cambridge Analytica scandal has caused numerous commentators to suggest that the United States should adopt a law modeled after the European Union’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. Indeed, even Facebook itself offered to provide its American users with the same protections provided for its European users. Interestingly, even as more and more Americans are citing GDPR as a model, very few seem to understand what GDPR actually demands. For example, in just the past couple of weeks I have heard GDPR summarized by a supposed expert as “a law that requires the consumer to opt-in to sharing their data;” a law that “establishes the right to be forgotten;” and “Europe’s data breach notification law.” Though there is truth in each of these claims, such summaries skip over so much about what GDPR mandates that it leaves people more, not less, confused as to what GDPR involves, and perhaps not coincidentally, allows companies to claim they are providing GDPR-like protections without really committing to very much.
The most significant government policy, business, and technology news and analysis delivered to your inbox.
Subscribe Now