inadequate federal privacy regulations leave us startups lagging behind europe
It appears unlikely that many businesses included a new data privacy law on their wishlists this past holiday season. Managing digital privacy requires significant investment, and many small and medium-sized businesses (SMBs) simply lack the necessary resources.
However, for 2021, I contend that startups within the United States should actively encourage legislators to enact a comprehensive federal privacy law. Indeed, they should welcome regulation.
With each day that passes without established federal data standards, these companies experience a diminishing competitive advantage compared to their global counterparts. The opportunity to regain lost ground may soon be lost.
Businesses should not perceive privacy and trust infrastructure requirements as obstacles. Instead, they should recognize them as tools to unlock the full potential of their data. They should shift their focus from viewing privacy as merely a matter of compliance to understanding it as a means of strengthening customer relationships. The benefits resulting from this strengthened connection are substantial. The U.S. federal government is uniquely positioned to facilitate these gains.
Consider Europe as an illustration. The General Data Protection Regulation (GDPR) was not the culmination of EU data policy, but rather its starting point. While Europe’s data regulations can be challenging—think of the ubiquitous cookie banners—they have established a clear standard for citizen protection and fostered greater confidence in internet infrastructure.
For instance, a Deloitte study revealed that 44% of consumers felt organizations demonstrated increased concern for their privacy following the implementation of GDPR. With a foundational standard in place—akin to seatbelts in all vehicles—Europe is now concentrating on enhancing data utilization.
EU legislators have recently presented plans for “A Europe fit for the Digital Age.” According to Internal Market Commissioner Thierry Breton, the objective is to establish Europe as “the most data-empowered continent in the world.”
Here are key components of this plan. As you review them, envision yourself as the leader of a U.S.-based health technology startup. Consider the disadvantage you would face against a comparable European company if these initiatives were realized:
- A regulatory structure governing data administration, access, and utilization among businesses, between businesses and government entities, and within administrations, designed to incentivize data sharing.
- Efforts to broaden the availability of public-sector data by opening up “high-value datasets” to encourage innovation.
- Investment in cloud infrastructure, platforms, and systems to support data reuse objectives, with a focus on European high-impact projects related to European data spaces and dependable, energy-efficient cloud infrastructures.
- Sector-specific initiatives to develop European data spaces concentrating on areas such as industrial production, the Green New Deal, transportation, or healthcare.
Governments have numerous avenues to assist businesses in maximizing the value of their data in ways that benefit society. However, the American public currently lacks confidence in this approach. They do not trust the internet.
They expect to see figures like Mark Zuckerberg and Jeff Bezos facing scrutiny during Senate Committee hearings. Until we have faith in our leaders to safeguard fundamental online rights, broad-based data empowerment initiatives will remain politically unfeasible.
In Europe, the situation is markedly different. GDPR served as the foundation for a European data strategy, not its conclusion.
While the EU progresses, America’s ability to enact federal privacy reform is hindered by two uniquely American concerns:
- The right of individuals to directly sue businesses for privacy violations.
- Whether individual states can enact additional privacy protections beyond a federal law, or if the federal law will serve as a national standard.
These are crucial questions rooted in our nation’s distinct cultural and political history. Currently, however, they represent obstacles that impede American industry while the EU, with safety measures in place, accelerates its progress in the data landscape.
A clear illustration of how this disparity is already affecting American businesses is the aftermath of the ECJ’s Schrems II decision last summer. Europe’s highest court invalidated a key agreement used to transfer EU data to the U.S., primarily because there is no federal law to guarantee the protection of EU citizens’ data once it reaches American soil.
The legal challenges continue, but the decision’s impact was significant enough that Facebook considered withdrawing from European operations if the Schrems II ruling were enforced.
While the challenges faced by smaller businesses may not receive as much attention, I have observed firsthand how many SMBs have experienced significant disruption to their data operations. In essence, the global competition for a data-driven business advantage is already underway, and we are falling behind.
In summary, the United States is increasingly in an unprecedented position since the inception of the internet: a follower. American technology companies continue to innovate at a remarkable pace, but the nation’s inability to align private sector practices with evolving public expectations poses a growing threat to the economy.
The response to the COVID-19 pandemic was inadequate compared to other nations’ efforts. While the costs of failing to protect data privacy are less immediately apparent, they escalate dramatically in financial terms with each passing day.
The technology exists to treat users with respect in a cost-effective manner. Public support is present.
Businesses are willing to adapt. The legislative capacity is available.
Therefore, I believe that America’s startup community should urge federal lawmakers to follow the recent lead of Europe, India, New Zealand, Brazil, South Africa, and Canada. They must introduce federally guaranteed, modern data privacy protections as quickly as possible.