Europe began regulating social media and technology companies last month when the General Data Protection Regulation (GDPR) took effect, and there are a few policies that the U.S. may want to consider importing.
On May 25, the European Union implemented what is essentially a set of rules that technology companies must follow. The intent of these new laws is to give citizens more control over the data that these companies collect on them.
So while the GDPR is much more comprehensive, here are three regulations that the U.S. could use and are easy enough for us all to understand.
Take only what you need
Why does an app that keeps track of your calories need to know your marital status?
Apps can collect data on anything about you. But much of that information is not needed to make the app function; rather it’s used by the app developer to sell to a third party.
Part of Europe’s new regulations includes a provision that any online service that needs personal data in order to function must collect the minimum amount of data necessary for that purpose.
Let’s use a weather app as an example. The app is going to need to know your location in order to work. That would be the only information it could collect on you, though. Having access, for example, to your contacts is not necessary for the app to perform. Therefore, it will not be allowed to obtain that from you.
Notify in less than 72 hours
Yahoo, Facebook, Uber — these are just a few American companies that were hacked and did not make that fact public until months or even years later.
In Europe now, the turnaround time to make a hack known is less than 72 hours.
While this might be a public relations nightmare for these companies, it’s a major win for users. No longer will Europeans be using a service only to find out that it was unsafe to do so for the last year.
Can you imagine if an amusement park had a ride they knew was unsafe and let the public ride it for over a year before making it known? That’s what has been happening with our personal information.
Do it right or pay the price
A loud bark is scary, but if a dog has no teeth, you might be more willing to get that ball in the neighbor’s yard. Regulations need to have strict enforcement, and Europe’s new laws give teeth to its authorities.
Companies that do not comply with the laws will be fined accordingly. It’s not small change either. According to Vox, fines can top out at 4 percent of a company’s global annual revenue for the preceding year, or €20 million (about $24.5 million), whichever is greater.
This means that our government needs to properly staff investigators, attorneys, and other employees to find and enforce misdeeds.
Of course if we do this in the U.S., that’s where we have to decide if the price of your data is worth your tax dollars going toward protecting it. Maybe the more important question, however, is what is the price of letting data piracy reach chronic levels?
Regulation does not mean a government takeover
There are not too many Americans that want to scrap the drunk driving laws. There are probably few Americans who believe companies should not follow a set of environmental standards. Yet, not too long along, these regulations were not in place.
Many regulations improved safety on the roads and protected our health and environment. The government did not take these industries over; instead it made sure there was a proper balance for the consumers and the companies.
One day we’ll look back on this time and be shocked that companies could be so loose with our information. It seems Europe has already figured that out.
So let’s take some of Europe’s best ideas and then improve them. It’s time to realize Europe might have some good ideas to offer us besides how to properly vacation, make wine, and insert whatever stereotype you have.
Adam Chiara is an assistant professor of communication at the University of Hartford. He has worked as a legislative aide in the Connecticut General Assembly and as a journalist. Follow him on Twitter: @AdamChiara