Yes, if several leading IT industry executives get their way.
GDPR, as you may know, is short for Europe’s General Data Protection Regulation. This new law went into effect only in May. But already, several organizations — including Google — have been accused of violations.
GDPR’s sweep is wide. Basically, it applies to any organization holding personal data on any EU citizen. And its penalties are high: up to either €20 million or 4% of a company’s annual revenue, whichever is higher.
In recent weeks, top executives from IBM, Apple and Salesforce have praised GDPR and called for similar legislation to be passed in the United States.
Much of the concern stems from several large and well-publicized privacy breaches. These include Facebook’s Cambridge Analytica scandal and concerns about how it secures its users’ private information.
Earlier this week, the U.S. Postal Service revealed that a broken API exposed data from more than 60 million customers.
And consumer groups in seven European countries are now accusing Google of deceptively encouraging users to enable location and web/app activity settings, a possible violation of GDPR.
All this and more has led to what IBM’s CEO Ginni Rometty is now calling a “trust crisis.” She made the comment yesterday while speaking to the EU in Brussels.
To be sure, Rometty was trying to set IBM apart from the pack, showing that her company respects personal data. But to make her case, she also accused consumer-facing platforms of “irresponsible handling of personal data.”
IBM CEO Ginni Rometty warns of a 'trust crisis' in consumer privacy
In her speech, Rometty stopped short of calling for a U.S. version of GDPR. Instead, she called for the use of a “regulatory scalpel, not a sledgehammer,” according to the Wall Street Journal.
‘The new cigarettes’
Salesforce’s CEO, Marc Benioff, was even more forceful. Speaking in May on TV’s “CBS This Morning” show, he said it’s time for a national privacy law.
A national privacy law, Benioff said, “will really not just protect the tech industry, it’s going to protect all the consumers.”
What’s more, he added, “it’s going to protect our kids, which is really what this is all about, because we know that all these companies are looking to bring kids into their social networks as well.”
That also led Benioff to call Facebook the “new cigarettes.” Like tobacco, he said, the social-media service is both addictive and unhealthy.
Apple CEO Tim Cook was a bit more measured when he spoke at a privacy conference sponsored by the European Parliament last month. Still, he both praised GDPR and called for the creation of a comprehensive U.S. federal data-privacy law.
Cook got pretty specific. He said an effective U.S. law would “anonymize” all collected consumer data, give users full transparency into how their personal data is being used, allow consumers to edit or delete their personal data, and ensure that consumers’ personal data is securely stored.
“The crisis is real,” Cook said, adding that consumer information is being “weaponized against us every day.”
After studying GDPR, you and your customers may be thankful you're not based in Europe. But a better response might be to start preparing. The case for a U.S. privacy law is gathering force — and powerful backers.