{"id":5465,"date":"2018-02-02T18:16:11","date_gmt":"2018-02-02T22:16:11","guid":{"rendered":"http:\/\/ncjolt.org\/?p=5465"},"modified":"2020-06-04T20:52:34","modified_gmt":"2020-06-04T20:52:34","slug":"eus-new-sweeping-privacy-law-u-s-take-note","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/eus-new-sweeping-privacy-law-u-s-take-note\/","title":{"rendered":"The EU&#039;s New Sweeping Privacy Law and Why the U.S. Should Take Note"},"content":{"rendered":"<blockquote><p>The European Union is implementing a new law that is being heralded as\u00a0\u201c<a href=\"https:\/\/www.reuters.com\/article\/us-cyber-gdpr-consultants\/business-booms-for-privacy-experts-as-landmark-data-law-looms-idUSKBN1FB1GP\">the biggest shake-up of personal data privacy rules since the birth of the internet.<\/a>\u201d<\/p><\/blockquote>\n<p>The new law is titled the <a href=\"https:\/\/www.eugdpr.org\/\">General Data Protection Regulation (GDPR<\/a>), and it is slated to take effect in May. The GDPR comes as companies in the United States and throughout the world have succumbed to massive data breaches. Most notably in the United States, Equifax suffered a breach which put approximately <a href=\"https:\/\/www.consumerreports.org\/privacy\/what-consumers-need-to-know-about-the-equifax-data-breach\/\">143 million American\u2019s<\/a> social security numbers at risk. The GDPR is not a direct response to the Equifax breach, but it does show a changing mindset among world governments in regards to personal data.<br \/>\nThe GDPR is significant as it sets <a href=\"https:\/\/www.reuters.com\/article\/us-cyber-gdpr-consultants\/business-booms-for-privacy-experts-as-landmark-data-law-looms-idUSKBN1FB1GP\">new standards<\/a> in the industry to protect consumer\u2019s personal data. For example, the law significantly increases fines for failure to comply and requires companies to <a href=\"https:\/\/www.eugdpr.org\/the-regulation.html\">report data breaches<\/a> to authorities \u201cwithin 72 hours of first having become aware of the breach.\u201d Additionally, one of the most important changes is an <a href=\"https:\/\/www.eugdpr.org\/the-regulation.html\">increase in the scope<\/a> of who the law applies to. The law \u201c<a href=\"https:\/\/www.eugdpr.org\/the-regulation.html\">applies to all companies<\/a> processing the personal data of data subjects residing in the Union, regardless of the company\u2019s location.\u201d This requires companies that do not reside in the European Union to abide by the new procedures.<br \/>\nThe GDPR\u2019s impending enactment has resulted in an <a href=\"https:\/\/www.reuters.com\/article\/us-cyber-gdpr-consultants\/business-booms-for-privacy-experts-as-landmark-data-law-looms-idUSKBN1FB1GP\">increased demand for cybersecurity tech companies<\/a> around the world in order to make private companies compliant. Additionally, companies are doing things that they have not previously done. For example, Facebook announced that they are <a href=\"https:\/\/www.reuters.com\/article\/us-facebook-privacy-eu\/facebook-makes-privacy-push-ahead-of-strict-eu-law-idUSKBN1FI0DO\">publishing their \u201cprivacy principles\u201d<\/a> that describe how they use their user\u2019s personal information. Facebook claims these principles <a href=\"https:\/\/www.facebook.com\/about\/basics\/privacy-principles\">give users the control<\/a> over their privacy while also helping \u201c<a href=\"https:\/\/www.facebook.com\/about\/basics\/privacy-principles\">people understand how their data is used<\/a>.\u201d Going above and beyond, Facebook has <a href=\"https:\/\/mashable.com\/2018\/01\/29\/facebook-privacy-principles-education-videos\/#Jiob40vVBmqg\">even rolled out videos<\/a> aimed to help users learn to better control their personal data. Admittedly, <a href=\"https:\/\/www.reuters.com\/article\/us-facebook-privacy-eu\/facebook-makes-privacy-push-ahead-of-strict-eu-law-idUSKBN1FI0DO\">this is a direct response<\/a> to the GDPR and allows users to have more control over how their information is used. It is an example of a global company bowing to the pressures and requirements of the GDPR. Fortunately, this results in Americans getting the benefits of a law that technically does not govern them.<br \/>\nThe United States should consider adopting the GDPR or something comparable. It seems every day we hear of a new data breach\u2014almost to the point where it is expected. The best way to get companies to better protect their customer\u2019s personal data is to increase the penalties for non-compliance. Fortunately, because a lot of American companies also do business in Europe, they are already making changes, such as Facebook\u2019s actions mentioned previously. However, our current privacy data laws are insignificant compared with the GDPR.<br \/>\nThe United States differs significantly from the European Union in regards to data protection laws. For starters, the United States has no sweeping data protection legislation, instead relying on multiple pieces of legislation that cover specific legal areas. For example, <a href=\"http:\/\/searchhealthit.techtarget.com\/definition\/HIPAA\">healthcare privacy<\/a> is governed by the Health Insurance Portability and Accountability Act, colloquially known as \u201cHIPAA.\u201d Meanwhile the GDPR in the European Union works as an all-encompassing law protecting personal data as a whole. This overarching law helps guarantee that there are no gaps in data security. The current statutory model in the United States would require a specific law for every single sector of our lives. Practically, this is infeasible. Thus, a better alternative is something along the lines of the GDPR.<br \/>\nCompanies know they need to better protect customer data. However, they are not the only ones that are feeling pressured to do so. The recent data breaches could and likely will lead to increased political pressure on representatives to enact legislation to better protect their constituent\u2019s data. With the GDPR as a model, the ball is in Congress\u2019s court to ensure that our data is adequately protected.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The European Union is implementing a new law that is being heralded as\u00a0\u201cthe biggest shake-up of personal data privacy rules since the birth of the internet.\u201d The new law is titled the General Data Protection Regulation (GDPR), and it is slated to take effect in May. The GDPR comes as companies in the United States <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/eus-new-sweeping-privacy-law-u-s-take-note\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":5466,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5465"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=5465"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5465\/revisions"}],"predecessor-version":[{"id":6989,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/5465\/revisions\/6989"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media\/5466"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=5465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=5465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=5465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}