Is GDPR Coming to the USA?

Is GDPR Coming to the USA?
30
TL;DR
  • GDPR aims to gives consumers in the EU more rights and information about how their private data is used by businesses.
  • Trust in business in the USA stands at just 43% in 2018.
  • With trust in business so low, and with members of the US Senate keen to pursue data privacy legislation, it would seem likely that a form of GDPR is on its way to the States.
  • Businesses which have already taken steps with EU legislation will find themselves one step ahead should similar legislation come to the USA.

Since the start of the year, it seems like you can barely go near the internet without being reminded of the General Data Protection Regulation (GDPR) in the EU.

Now the personal data protections are in place across the bloc, attention is turning to the USA. Suffice it to say, the debate over whether similar legislation will appear here is brewing.

What is GDPR?

In simple terms, GDPR aims to provide greater levels of privacy for all individuals in the EU. It is designed to give consumers a heightened level of control over their personal data and how it’s used.

Data has become an invaluable resource for most businesses, especially those trading online, so this legislation has left a trail of change and compliance challenges in its wake.

It has meant that every organization with European clients has been required to change the way their data on individuals is collected, stored, and used.

How does GDPR affect US companies?

GDPR also applies to organizations located outside of the EU if they collect or process personal data on EU residents. In today’s global economy, that means GDPR has consequences for US companies too.

With the risk of significant fines and reputational damage, it’s foolhardy for American businesses to ignore GDPR simply because it originated across the pond.

To get an idea of the scale of the disruption, some American firms have said they will no longer serve EU residents as a result of the GDPR compliance requirements.

Verve is one such example. The mobile advertising brand began operating in Europe just two years ago but has recently said it will shutter its EU operations, citing GDPR as a root cause. It’s not the only business to decide to pull out of the bloc rather than contend with the latest regulation, either.

Is there an appetite for similar regulation in the US?

With GDPR already affecting US companies, it should come as no surprise that many are now wondering if something similar will appear in US regulation. Privacy around personal data is already a topical subject thanks to multiple high-profile cases of data breaches, lawsuits, and eroded trust.

According to the latest Edelman Trust Barometer, just 52% of the global general population trust businesses, a figure that’s unchanged from 2017 despite numerous efforts to boost perceptions.

In the US, the figures are even more startling. Across the general population, average trust is pegged at just 43%, down from 52% in 2017. This decline crosses the line from neutral territory into active distrust.

Among the ‘informed public’ (those that are college-educated, in the top 25% of household income, and report significant media consumption and engagement in business news), that fall was even more significant, dropping by 23 points to 45%.

It’s only too easy to find culprits for the growth of distrust

Facebook is the highest profile example of this. The scandal with Cambridge Analytica, in which 50 million profiles on the social media platform were harvested in a bid to influence choices during the US election campaign, has hit the company hard. Facebook’s shares have collapsed by 18%, wiping more than $119 billion off its market valuation, with the reputational damage arguably being just as significant.

Despite embarking on a global campaign to reassure users, many are now concerned about how Facebook will use their personal details.

When you add in other cases of data breaches and endless reports of tech companies facing lawsuits, it should come as no surprise that US consumer trust is on the wane.

The US Senate touched on ways to restrict the use of private data throughout the Facebook inquiry and, considering current trust levels, it seems as though at least a portion of US citizens would back such a move.

Senators Amy Klobuchar and John Kennedy are among those backing a reform of data protection legislation. There are said to be plans to draft a new GDPR-style bill that will gives individuals recourse options if their data is breached, the right to opt out of data tracking, a requirement for terms of service agreements to be written in plain language, and the ability for individuals to obtain greater control over their own data.

Klobuchar has commented,

“Consumers have the right to know if their personal information is being sold and they have the right to easily see what data has already been sold and distributed. The digital space can’t keep operating like the Wild West at the expense of our privacy.”

Kennedy has also been vocal about Facebook’s user agreement throughout the inquiry, stating to CEO Mark Zuckerberg,

Your user agreement sucks. The purpose of that user agreement is to cover Facebook’s rear end. It’s not to inform your users of their rights.”

It may only be a matter of time before businesses face some level of regulation similar to that of their European counterparts.

What would a form of GDPR mean for US businesses?

At the moment, the use of personal data in the US is largely unregulated, with many companies using the data they collect or buy to support a wide variety of business operations, including fulfilment, marketing, and improved customer experiences.

The introduction of such legislation would lead to a significant change in the way that many businesses operate. Those that have already taken steps to comply with EU legislation will be at least one step ahead.

So, with the likelihood of similar data protection regulations coming to the USA, what steps should you be taking to prepare?

  • Move away from purchased lists – Purchased lists of contact details can provide you with plenty of lead generation prospects, but they also affect trust. Instead, focus on encouraging potential customers to leave their details (our Agency Lead Generator does a great job of this for marketing agencies) or, if bought-in lists are essential, choose a partner that has ethical standards in place.
  • Allow consumers to opt-in to marketing communications – Most receive dozens of emails daily but often don’t know where some of them come from. Give your customers the option to opt-out if they choose; it may seem counterproductive at first, but it does mean that you have engaged lists that actively want to hear what you have to say.
  • Focus on adding value – This ties into the previous two points. If you’re no longer buying lists and giving customers a choice on whether or not they receive marketing communications, you need to be creative. From fascinating blog posts and resources to genuine promotional offers the recipient will be interested in, adding value is set to become even more important.
  • Offer a transparent cookie policy – When you set out to build trust in your brand name, an open, transparent approach will go a long way. Be clear about your cookie policy and how you’ll use the data you collect. Include details about the consumer’s right to be forgotten, too, and how to stop cookies being collected.
  • Assess your cyber security – Data breaches erode trust hugely, so it may be time for you to look at the security measures you have in place and how you respond to threats. Under GDPR, businesses must inform individuals as soon as possible when their data has been breached, and it’s likely this will be the case in the USA, too, if a form of GDPR becomes law. It might damage trust initially but, for the most part, consumers will recognize the challenges of cybersecurity and welcome being informed.

While a form of GDPR would undoubtedly affect how businesses operate, there are business benefits as well as challenges to consider. Consumers are increasingly aware and concerned about how their personal data is being used. Embracing ethical trading practices can help you establish a trustworthy image, build sales, and can act as a brand differentiator in a competitive environment.

We’d love to hear your thoughts

Do you think a form of GDPR should be introduced in the USA? Would this help to restore trust in big businesses in the US? We’d love to hear your thoughts! Share your opinions and experiences with us in the comments below.

Share this article

4 thoughts on “Is GDPR Coming to the USA?”

  1. We got compliant for GDPR and talked over adopting it for the rest of the globe at the same time knowing that it would be implemented world wide shortly. It’s just easier to put in place once.

    1. Hi Rob, thanks for your comment.

      That sounds like a sensible plan. It’s more about gearing up for a new age than trying to ‘get around’ something. Hope it works out for you!

      Jamie

  2. My feeling is that implementing something similar to GDPR is to be recommended for all forums, whether or not you have members from the EU, and whether or not there is local legislation compelling you to do so.

    If it does nothing else, it delivers a clear message to your members that you take their privacy seriously and that you have taken all available measures to secure that information. Additionally, it tells them what they need to do to remove their information and accounts if that is their wish.

    It’s only a matter of time before this sort of thing is legislated in non-EU countries in the west as well. Think of GDPR as a wake-up call for forum owners. It’s already woken up consumers (your visitors and subscribers) to their rights and to the issue of how you are safeguarding their data.

    And by the way that includes converting your site to HTTPS (SSL), if you haven’t already done so. Asking your members to enter email addresses and passwords on non-encrypted connections is basically saying, “Yeah. We don’t really care if your information is intercepted or stolen – that’s your problem, not ours”.

    1. Hi, thanks for your comment!

      I’m inclined to agree with everything you’ve said. This isn’t a wobble that will end up with a return to status quo. GDPR is the first ripple of the wider appreciation of data privacy issues and it makes sense for non-EU businesses to start thinking about how reliant they are on non-compliant data before the full wave hits.

      Thanks

      Jamie

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.