Data Privacy is a Ticking Bomb for US Congress

Data Privacy is a Ticking Bomb for US Congress

The recent decision by the United States Congress to demand that TikTok divest its US business due to its headquarters in China and the requirement to disclose data to the Chinese government has brought the issue of data privacy to the forefront of national attention. This action highlights the need for robust data privacy legislation in the United States, and the California Privacy Rights Act (CPRA) offers valuable insights into potential alternative remedies available to US legislators.

In today's interconnected digital world, protecting personal data has become a top priority for individuals, businesses, and governments alike. Two ground-breaking pieces of legislation have emerged as beacons of hope in the fight for privacy rights and consumer protection: the European Union's General Data Protection Regulation (GDPR) and California's Consumer Privacy Act (CCPA), which later evolved into the California Privacy Rights Act (CPRA).

As a senior executive, understanding the key differences and similarities between these two laws is crucial for ensuring your organization's compliance and safeguarding your customers' trust.

The GDPR, implemented in 2018, set a new global standard for data protection. It applies to all organizations operating within the EU and the European Economic Area (EEA), as well as those outside the EU that offer goods or services to or monitor the behaviour of EU data subjects. The GDPR defines personal data broadly, covering any information related to an identified or identifiable natural person.

On the other side of the Atlantic, California took a bold step with the introduction of the CCPA in 2020, which was later expanded into the CPRA. These laws apply to for-profit businesses that collect California residents' personal information and meet certain thresholds, such as having annual gross revenues exceeding $25 million or deriving a significant portion of their revenue from selling personal information.

Both the GDPR and CCPA/CPRA grant individuals a set of rights over their personal data. Under the GDPR, data subjects have the right to be informed, access their data, request rectification or erasure, restrict processing, data portability, object to processing, and rights related to automated decision-making. Similarly, the CCPA/CPRA provides California residents with the right to know about the personal information collected about them, delete it, opt out of the sale of their personal information, and not face discrimination for exercising their rights.

Enforcing these laws is a serious matter, with substantial penalties for non-compliance. The GDPR's fines can reach up to €20 million or 4% of a company's total global turnover, whichever is higher. The CCPA/CPRA, enforced by the California Attorney General and the newly established California Privacy Protection Agency (CPPA), can impose fines of up to $7,500 per intentional violation and $2,500 per unintentional violation.

To comply with these laws, organisations must implement appropriate technical and organisational measures to ensure the security of personal data. This includes measures such as pseudonymisation, encryption, and reasonable security procedures and practices appropriate to the nature of the information.

While the GDPR and CCPA/CPRA aim to protect personal data, the GDPR is generally considered more comprehensive and stringent. It has a broader scope of applicability and offers more detailed provisions on data subject rights and organisational obligations. The CCPA/CPRA, though focused on California residents, is a significant step forward for data privacy legislation in the United States.

If US legislators were to adopt provisions similar to those found in the CPRA, they would have several alternative remedies at their disposal when addressing concerns about foreign companies collecting and potentially misusing US citizens' data. These remedies could include:

  1. Requiring companies to provide clear and transparent information about their data collection practices, including the types of data collected, the purposes for which it is used, and any third parties with whom it is shared.
  2. Granting US citizens the right to access, delete, and opt out of the sale of their personal information, empowering them to maintain control over their data.
  3. Imposing strict penalties for non-compliance, including substantial fines for intentional violations, incentivises companies to prioritise data privacy and security.
  4. Establishing a dedicated agency, similar to the CPPA, to enforce data privacy regulations and guide businesses and consumers alike.

By adopting a comprehensive data privacy framework, US legislators could effectively address concerns about foreign companies' handling of US citizens' data without resorting to measures such as forced divestment. Such a framework would protect individuals' rights and foster a more trustworthy and secure digital environment for businesses. More importantly, it would create a framework that would apply to any foreign US business and avoid targeted actions.


要查看或添加评论,请登录

Darryl Carlton的更多文章

  • AI Safety and Regulation

    AI Safety and Regulation

    The development of increasingly powerful AI systems presents tremendous opportunities and risks that must be carefully…

    1 条评论
  • How To Write Prompts for Business

    How To Write Prompts for Business

    When interacting with AI language models like ChatGPT or Claude, the way you formulate your prompts significantly…

  • The Race to Superintelligence: Understanding AI's Exponential Growth

    The Race to Superintelligence: Understanding AI's Exponential Growth

    At the heart of modern AI development lies what's known as the scaling hypothesis - a principle that Anthropic CEO…

  • Inside Anthropic: The Race to Build Safe and Powerful AI

    Inside Anthropic: The Race to Build Safe and Powerful AI

    In a rare series of in-depth interviews with Lex Fridman, Anthropic's leadership team has provided unprecedented…

  • The Irony of Misinformation

    The Irony of Misinformation

    There is a lot of misinformation on social media about the new legislation combatting Misinformation. I know it's…

    1 条评论
  • GET A FREE COPY OF MY LATEST BOOK

    GET A FREE COPY OF MY LATEST BOOK

    Governing AI in Australia: Standards and Regulations Join a groundbreaking study to develop the first comprehensive AI…

    2 条评论
  • AI Governance Maturity Benchmark

    AI Governance Maturity Benchmark

    I am asking everyone to please click on the link, and respond to this survey https://www.surveymonkey.

  • ASIC Finds Critical Gaps in AI Governance

    ASIC Finds Critical Gaps in AI Governance

    The Australian Securities and Investments Commission's (ASIC) Report 798 "Beware the gap: Governance arrangements in…

  • Ai in Recruitment: Skating on Thin Ice

    Ai in Recruitment: Skating on Thin Ice

    Artificial Intelligence (AI) is becoming increasingly prevalent in recruitment, employee engagement, hiring, and…

    1 条评论
  • Governing AI in Australia

    Governing AI in Australia

    My latest book is available NOW on Amazon: Governing AI in Australia - https://amzn.asia/d/i5MFgwN Artificial…

    2 条评论

社区洞察

其他会员也浏览了