U.S. Unlikely To Move On Data Privacy Despite GDPR

When its new data privacy law went into effect May 25th the European Union cinched its status as the global leader in data privacy. By contrast, the U.S. is a free-for-all, with a grab bag of federal, state and even local laws and regulations. Nevertheless, nothing similar to the GDPR appears to be in the offing in this country. There is no agency empowered to enforce such a sweeping set of restrictions and penalties here. The Federal Trade Commission is the main agency that enforces U.S. privacy policies, but it is toothless compared to its European counterparts. It has little to no oversight over many businesses and industries, among them airlines, universities, nonprofit organizations and banks. Privacy legislation far less comprehensive than the GDPR has stalled in Congress many times. For example, legislation to create a federal standard for how data breaches are reported has repeatedly died in both houses. The furor over misuse of millions of Facebook users’ data by Cambridge Analytica spurred lawmakers to introduce several new privacy-related bills, but nothing is close to passage. That same scandal has prompted a national debate about data privacy, elicited public apologies from Facebook CEO Mark Zuckerberg and even prompted some federal law enforcement investigations, but it does not appear to have caused enough public pressure to make a gridlocked Congress act.