Will draconian privacy laws ever come to the United States as they have in Europe in recent days? The question is reasonable in light of ongoing news stories about Facebook’s cavalier treatment of user data. Now that the European Union has enacted General Data Protection Regulation (GDPR), we now have a template for stronger protection of consumer privacy, with businesses being held to more stringent privacy standards and facing steep fines for failing to uphold those standards.
The likelihood of GDPR-style regulation coming to the United States was one of several topics I discussed with a panel of journalists and industry practitioners recently. The panel, hosted by Chris Heine of the Bateman Group, focused on the many possible impacts of GDPR. Participants ranged from Gartner Analyst Andrew Frank to Kevin Scholl, director of digital marketing and partnerships at Red Roof Inn. My take: GDPR isn’t going to come to the United States anytime soon – especially during the Trump administration. Here’s why:
- Data privacy is not a priority at the Federal level. We’ve already experienced the mother of all data breaches – and nothing happened. Remember Equifax, whose failure to protect user data affected millions of Americans? If ever there was a reason to usher in more serious privacy laws, Equifax handed it to the administration on a platter. But in fact the Consumer Financial Protection Bureau actually scaled back its investigation of Equifax. And Americans moved on. Meanwhile, influential businesses such as Alphabet and Apple have too much lobbying power for GDPR regulation to take hold widely. (Google alone spent more than $18 million on lobbying efforts in 2017.) The corporate-friendly Trump administration will likely place the adoption of widespread privacy measures low on the priority list.
- The American won’t demand widespread regulation anytime soon. We may claim we care about privacy when we are asked– but our actions say otherwise. For example, the brutal Facebook/Cambridge Analytica scandal created a #DeleteFacebook spasm, which died away. It’s not that we want to give businesses unfettered access to our data. But we don’t have the time and energy to police them. Who really takes time to read the mind-boggling user agreements we are periodically asked to review when we update our Apple operating system or when LinkedIn or some other platform revises its practices? (Here’s LinkedIn’s privacy policy. I’m sure you’ve reviewed it carefully because you care about privacy, right?) In addition, and perhaps more importantly – big tech has the upper hand. We’re hooked to our devices and platforms. They fuel our lives. We’ve given them permission to manage us – which is a big reason why #DeleteFacebook died. We may be annoyed with Facebook the brand, but we want Facebook the community.
A more likely scenario: Facebook will take the fall. The company will become subject to more regulation and scrutiny, thus reframing a potentially more widespread issue as the problems of one company. Instead of inspiring Federal action to regulate privacy more broadly, Facebook’s failures will instead marginalize the issue. We’re already seeing Apple capitalize on Facebook’s problems by attempting to demonize the social media platform.
Tougher privacy laws may take hold at the state level, but don’t hold your breath waiting for a dramatic change to occur nationally.
For more insight into our panel, check out:
Adweek, “4 Big GDPR Concerns for Brands, Agencies, and Vendors,” Chris Heine, May 9, 2018.
Bateman Group, “Here Are 4 Big GDPR Concerns for Brands, Agencies and Vendors,” Chris Heine, May 23, 2018.
CNBC, “People will forget about data privacy issues soon — at least, that’s what ad experts expect,” by Michelle Castillo, April 12, 2018.
DMNews, “7 Ways GDPR Will Affect Your Marketing Efforts — According to Top Marketers,” Hillary Adler, May 28, 2018.
