Can Silicon Valley expect European-style regulation here at home?

Can Silicon Valley expect European-style regulation here at home?
© Getty

During one of the most closely followed congressional hearings of all time, Republican Sen. Lindsey GrahamLindsey Olin GrahamPost peace talks, Afghan elections are the best way forward Trump walks tightrope on gun control Pompeo doubles down on blaming Iran for oil attacks: 'This was a state-on-state act of war' MORE (R-S.C.) looked Facebook CEO Mark ZuckerbergMark Elliot ZuckerbergFacebook announces tens of thousands of app suspensions after internal audit On The Money: Trump downplays urgency of China trade talks | Chinese negotiators cut US trip short in new setback | Trump sanctions Iran's national bank | Survey finds Pennsylvania, Wisconsin lost the most factory jobs in past year Hillicon Valley: Lawmakers say Zuckerberg to 'cooperate' on antitrust probes | Dems see victory after McConnell backs election security funds | Twitter takes down fake pro-Saudi accounts MORE square in the eye and asked him a very simple question: “Do you think the Europeans have it right?”     

Graham wasn’t the only legislator to make reference to Europe during their questioning. Sen. Maria CantwellMaria Elaine CantwellHillicon Valley: Zuckerberg courts critics on Capitol Hill | Amazon makes climate pledge | Senate panel approves 0M for state election security Zuckerberg woos Washington critics during visit Zuckerberg to meet with lawmakers to discuss 'future internet regulation' MORE (D-Wash.) also queried Zuckerberg, “Do you believe the European regulations should be applied here in the U.S.?”


We don’t usually turn to the EU to set precedent for how to best regulate our businesses in the United States. Generally, it’s quite the opposite. The U.S. prides itself on being a more business friendly environment — allowing for American innovation to thrive without too much red tape.


However, when it comes to setting a legislative agenda for the digital economy, we’ve fallen behind.

By long relying on big technology companies to self-regulate, we’ve put ourselves in a unique position where Congress is now in a hurry to solve serious data protection problems. Solving problems in a crisis is never easy. The simplest way forward can often mean leaning on others ideas or rules and adapting them as your own. That’s why so many members of Congress are curious about Zuckerberg’s opinions on the EU’s regulatory approach. They are the first to do it.

In fact, the conversations we’re only just beginning to have here in the US — from SESTA to the CLOUD Act to Cambridge Analytica — have been going on for almost five years in Europe.

In 2015, the European Commission announced plans to prioritize and launch a set of regulations known as the “Digital Single Market.” The DSM will provide a single group of laws governing digital policy for all 28 (soon 27) member states. Everything from copyright, to platform regulation, to artificial intelligence, to intermediary liability to consumer protection and hate speech are all on the table, and have been for a while.

It’s no secret that the EU has always taken a different approach to privacy and data protection, but they’re also the only ones who have taken any significant action to craft such extensive rules to govern these issues. The first comprehensive piece of legislation to emerge from the DSM, the General Data Protection Regulation (GDPR), tackles this issue.

Zuckerberg referred to it during the hearing, and to the actions Facebook has already taken to adhere to it. The GDPR comes into force on May 25, and it addresses how companies manage the personally identifiable information of EU citizens when processing data both within and outside of the EU. That means any company in the U.S. that has customers in the EU is liable, from tech giants like Facebook and Google to some of America’s smallest startups. Companies that fail to comply by May 25 may face fines of up to 20 million euros or four percent of their annual turnover.

However much we may have in common with our allies in Europe, let’s be careful not to copy and paste the EU’s solution to this complex problem. In the same way they take a different approach to privacy, we too should take a different approach to regulating it. The months ahead should be an opportunity to learn from companies that implement the GDPR, what works and what doesn’t.

The conversations around data protection and the future of the digital policy in the US will be difficult. They were difficult in the Europe as well. But let’s take the time to hear from all voices affected — whether they’re a three employee startup, or a tech behemoth with 30,000 employees. These rules impact all of us. So it’s vital that we take the time to develop our own approach — one that will provide protection without stifling American innovation that has made Silicon Valley the technology leader around the world.

Melissa Blaustein is the founder and CEO of Allied for Startups, a global network for startups, entrepreneurs, VCs, and advocacy organizations working together to build a worldwide consensus on key public policy issues impacting startups.