Even in the United States, there are signs of movement toward embracing higher standards for data protection. The United States offers a program, called Privacy Shield, that enables American companies to certify that their data protection practices meet EU standards (though this program is questioned by privacy purists in the EU). And some of the most trusted US corporations go to great lengths to respect the data rights of people in other countries (see the recent Microsoft case before the Supreme Court). Likewise, individual states establish GDPR-like laws for their citizens (see New York’s recent cybersecurity regulation). The sheer volume of companies that are willingly modifying their data protection practices, at great cost, to become “GDPR compliant” should be evidence enough that there is appetite in the US business community for the certainty of a unified data protection regime.
Despite the growing power of the EU position, however, several powerful forces sustain the position of those who would trade freely in personal data. First, many of America’s corporate powers are not eager to see systemic change. The economic power of America’s data giants—Facebook, Google, Amazon—is built on individuals freely exchanging their data for “free” services. As noted by the New York Times, “any attempt to curb the use of consumer data would put the business model of the ad-supported internet at risk.”Second, lawmakers at the national level are too embroiled in partisan warfare to pass any sort of general data protection regulation. There simply isn’t enough popular pressure to force a wholesale revision of US policy.