America should borrow from Europe’s data-privacy law

AMERICA rarely looks to the bureaucrats of Brussels for guidance. Commercial freedom appeals more than dirigisme (i.e “state control of economic and social matters”) …But when it comes to data privacy, the case for copying the best bits of the European Union’s approach is compelling.

The General Data Protection Regulation (GDPR) is due to come into force next month. It is rules-heavy and has its flaws, but its premise that consumers should be in charge of their personal data is the right one. The law lets users gain access to, and to correct, information that firms hold on them. It gives consumers the right to transfer their data to another organization. It requires companies to define how they keep data secure. And it lets regulators levy big fines if firms break the rules.

The failings of America’s self-regulatory approach are becoming clearer by the week. Large parts of the online economy are fuelled by data that consumers spray around without thought. Companies’ arcane privacy policies obfuscate what they do with their users’ information, which often amounts to pretty much anything they please.

Continue reading on