Even in the United States, there are signs of movement toward embracing higher standards for data protection. The United States offers a program, called Privacy Shield, that enables American companies to certify that their data protection practices meet EU standards (though this program is questioned by privacy purists in the EU). And some of the most trusted US corporations go to great lengths to respect the data rights of people in other countries (see the recent Microsoft case before the Supreme Court). Likewise, individual states establish GDPR-like laws for their citizens (see New York’s recent cybersecurity regulation). The sheer volume of companies that are willingly modifying their data protection practices, at great cost, to become “GDPR compliant” should be evidence enough that there is appetite in the US business community for the certainty of a unified data protection regime.