Internet Privacy Laws in America vs. Europe

The new European General Data Protection Regulation law gained a lot of media attention over the last few months. Considering everything that it stands for, it’s no surprise. The law is far from perfect, but it represents a huge improvement for online privacy and consumers’ rights.

With the GDPR, citizens within the EU are now in control of what kind of information online companies keep on them, and how they use this information. In other words, no more selling your data to third parties! And if something happens in the meantime, or a company disobeys this rule, the fines are enormous.

But that’s Europe. When it comes to the “land of the free”, data privacy laws are slightly different. Unfortunately, the USA falls way behind when it comes to consumer privacy. Instead of moving forward, America has actually gone in the opposite direction. However, recently, despite the condemnation of Europe’s GDPR, the country is starting to show signs that this situation might eventually turn for the better.

Does this mean that the USA will finally take users’ data privacy seriously?


The GDPR is a well-thought-out law that allows consumers to be in charge of their personal data. This means that after the law came into force, users can access, correct, or even erase information that websites store on them.

The rule stands for every online business that has a connection and offers some kind of service to citizens from European Union. It has primarily been created to protect their privacy on the Internet. However, considering that it targets companies all around the world, it was inevitable that it would induce huge changes on a global level.

Every company had to update its Privacy Policy and become compatible with the new regulations. Otherwise, they would’ve been legally obligated to pay enormous fines. Before the GDPR, Europe had very outdated regulations that were not compatible with the fast digitalization that was happening on the continent.

Additionally, the new European law states that in case of a privacy breach, companies are bound to report this within 72 hours and inform all of their customers. This clause from the GDPR is one step forward in the attempts to minimize data breaches.

Where Does The USA Currently Stand?

Contrary to Europe, not only does the USA not have such a federal law, but the citizens often fall victims to these identity thefts. Companies are not obliged to report hacks by law. Big companies that have faced these kinds of data breaches, such as Yahoo or Uber, waited months or even years before exposing the scandal.

The closest that this country has ever come to establishing a law that will protect its customers’ online rights was back in 2012, when former president Obama introduced the “Consumer Privacy Bill of Rights”. The bill eventually “died” in Congress. On the other hand, in 2017, the Congress actually voted to eliminate rules that were forbidding Internet Service Providers from selling their users’ browsing history to advertisers without their consent.

One of the latest scandals that shook the country included the current biggest and most used social media network– Facebook. The personal data of around 87 million Facebook users was exposed to the political consulting firm Cambridge Analytica. Apparently, this helped the current president of the US, Donald Trump, to get elected in 2016, by specifically targeting voters. Despite happening a long time ago, the news broke just recently, in March 2018.

The USA Shows Slight Improvements with the California Consumer Privacy Act

Things are not all that bad, and slowly but steadily America will get to where Europe stands today. The new GDPR law apparently had an influence after all.

In June 2018, shortly after the EU regulations came into force, California signed the Consumer Privacy Act of 2018 into law. It’s the first one of its kind in the USA. “The Act” gives consumers four basic rights over their online data:

  • The right to KNOW: what personal information was collected, from where, why, and whether this information is being disclosed or sold and to whom;
  • The right to OPT OUT: of allowing a company to sell this information to third parties;
  • The right to DELETE: on demand, with some exceptions;
  • The right to RECEIVE: equal service & pricing.

As with the GDPR, the whole point of this act is to allow online consumers to control their privacy of sensitive information.

Currently, the USA falls far behind in the race for consumers’ privacy and all of their rights. But it looks like the country is making efforts towards improving their law after all, and giving its citizens the rights they deserve to be given.