U.S. data protection laws fall short in the age of big data Posted on : Apr 10 - 2018

Data breaches and a history of data abuse led the EU to adopt GDPR, but it might take massive scale data security crises for the U.S. to legislate similar data protection laws.

The European Union's data protection laws to safeguard consumers' personal data and limit what companies can do with the data they collect is set to crack down on the Wild West era of data collection, use and abuse.

In other words, the party's over; data protection officers are on their way.

The EU's General Data Protection Regulation, or GDPR, enforceable beginning May 25, requires that personal data be collected with structure and purpose. This set of data protection laws limits how much personally identifiable information companies have the right to collect from their European customers, how they can use it and how long they can retain the data. Companies with an EU presence not in compliance with the data protection laws risk penalties of up to 4% of their annual total revenue.

Why Europe takes data privacy more seriously

At its core, GDPR prioritizes EU citizens' rights to privacy above corporate interests in the collected data. For that reason, I'm skeptical that broad data protection laws will come to pass in the U.S., where companies view data as currency and corporations hold sway over legislators.

Anne Marie Smith, vice president of education and chief methodologist at the data management consultancy EWSolutions, is far more optimistic -- though she believes it will take a data breach bigger than anything we've seen for legislators to take data privacy protection more seriously.

In her experience working with multinational companies, Smith sees how strongly European companies value data privacy compared to those in the U.S., and she believes it has less to do with America's money-making culture than it does with history.

"If you think about what happened in Europe during the Second World War and the way Nazi Germany used data to manipulate populations across Europe, the fear European governments have around use and misuse of data is clear," Smith says. "The European economic community is trying to combat laws that were written in Germany in 1933 and the ways [Germany] manipulated data in countries they conquered and aligned with. That's the driving force behind a lot of these data privacy regulations. The U.S. never experienced having their personal data used in that way."

U.S. companies also aren't keen on the government setting any restrictions on their business practices. That's not to say they don't abide by any consumer privacy standards at all; there are a number of rules and regulations companies are supposed to follow. View More