White House Reportedly Interested in Developing 'Counter-Weight' to Europe's GDPR Privacy Laws

MacRumors

macrumors bot
Original poster
Apr 12, 2001
49,688
11,006



Last month, Europe implemented its General Data Protection Regulation in an effort to protect the data of all individuals within the European Union, with some aspects affecting users worldwide. According to a new report by Axios, the White House is "in the early stages" of figuring out what a federal approach to online data privacy would look like in the United States.

So far, special assistant to President Trump on tech, telecom, and cyber policy Gail Slater has met with industry groups about the issue. Discussions include possible "guardrails" for the use of personal data online, according to a few sources familiar with the talks. Furthermore, Slater has talked about the implementation of GDPR with Dean Garfield, CEO of the Information Technology Industry Council, which represents tech companies like Apple and Google.

Image via Wikimedia Commons


Slater and the Trump administration have reportedly referred to the U.S. proposal as a "counter-weight to GDPR," aimed at ensuring that the European law doesn't become the global standard of online privacy, sources said. Still, Slater also stated that there is no desire to create a "U.S. clone" of the European rules.

Axios theorized that one possible outcome from the conversations could be an executive order that leads to the development of a privacy framework for U.S. citizens.
One option is an executive order directing one or more agencies to develop a privacy framework. That could direct the National Institute of Standards and Technology, an arm of the Commerce Department, to work with industry and other experts to come up with guidelines, according to two sources.

An executive order could also kick off a public-private partnership to lay out voluntary privacy best practices, which could become de-facto standards, according to sources.
News about the potential new privacy practices comes as "pressure" is being placed on lawmakers in the U.S., following high-profile data breaches like the Facebook/Cambridge Analytica scandal. Beginning with reports in March, it was discovered that Facebook was connected with consulting firm Cambridge Analytica, which itself was tied to Trump's 2016 presidential campaign. Using a survey app called "This Is Your Digital Life," the firm secretly amassed data from millions of Facebook users that targeted and attempted to sway votes in the election.

Slater claimed that "giving consumers more control over their data" and "more access to their data" are high marks of the GDPR, suggesting these aspects would be emphasized in the U.S. law.
"We're talking through what, if anything, the administration could and should be doing" on privacy, Slater said at a conference hosted last month by the National Venture Capital Association
In the wake of GDPR, Apple itself launched a new Data & Privacy website that lets users download all of the data associated with their Apple ID. While the feature was limited to Apple accounts registered in the European Union, Iceland, Liechtenstein, Norway, and Switzerland at launch, Apple said it will roll out the service worldwide "in the coming months."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: White House Reportedly Interested in Developing 'Counter-Weight' to Europe's GDPR Privacy Laws
 

JRobinsonJr

macrumors 6502a
Aug 20, 2015
646
1,143
Arlington, Texas
While it's easy and reasonable to disagree on the details, the idea of a core, globally applicable set of individual privacy standards would make the underlying security processes far easier... and thus more effective. Too often companies have to implement different sets of controls for each region, making such development more difficult and prone to error.

Now... who should set that standard? Good question. It's going to have to come from a combination of industry leadership - both technology and consumer - and governments. Many people will balk at government involvement - and I don't generally disagree with the premise - but the reality is that without such participation there will be no mandate or enforcement.

GDPR is actually a great start and could, IMO, be leveraged. After all, most companies are already taking requisite measures... so there is little to no additional cost with significant benefit to the rest of the world.
 

wizard

macrumors 68040
May 29, 2003
3,854
571
Trump's privacy policy will include free access to all information, no encryption, and of course a consent form to release custody of your children to the government*.

*Kidding... Obviously they won't ask for permission.
That is pretty ignorant considering how much the current administration has been impacted by the lack of a respect for privacy. In any event i trust government here more than i trust corporate America, especially the likes of Facebook, Googoe and similar platforms hell bent on censorship, political manipulation and general manipulation of thier users.

At least with government regulation you can yell at your Congressman. The CEO's at some of these companies are absolutly hostile to their users and the idea that they have opinions.
 

alphaod

macrumors Core
Feb 9, 2008
22,177
1,231
NYC
Trump's privacy policy will include free access to all information, no encryption, and of course a consent form to release custody of your children to the government*.

*Kidding... Obviously they won't ask for permission.
No we'll have encryption. Just all companies must furnish the FBI with a copy of the private keys because "let's think of the children!"
 

SnarkyBear

macrumors regular
Apr 24, 2014
168
219
That is pretty ignorant considering how much the current administration has been impacted by the lack of a respect for privacy. In any event i trust government here more than i trust corporate America, especially the likes of Facebook, Googoe and similar platforms hell bent on censorship, political manipulation and general manipulation of thier users.

At least with government regulation you can yell at your Congressman. The CEO's at some of these companies are absolutly hostile to their users and the idea that they have opinions.
And I trust the government less than corporations...at least I can choose to NOT interact with Google, Apple, etc. The government can pretty much force you to do its bidding, like it or not. And I have little doubt that my 1 voiced of the millions of people represented by my congressman will have any impact.

[Edit] saying I trust the government less than corporations doesn't mean I have any trust with the corporations. I don't have much trust with either one.
 

chown33

Moderator
Staff member
Aug 9, 2009
8,826
5,246
vertical
It will still come down to enforcement.

Even the best and most thoughtful laws or rules will be worthless if there aren't meaningful consequences that happen in a timely and predictable way. If the consequences are just a minor cost of doing business selling data, then they'll be irrelevant.
 

chucker23n1

macrumors 601
Dec 7, 2014
4,419
5,593
And I trust the government less than corporations...at least I can choose to NOT interact with Google, Apple, etc.
But you cannot elect their leadership.

Also, how much choice do you have with your Internet provider? Do you choose not to have Internet?
 
  • Like
Reactions: ssgbryan

centauratlas

macrumors 65816
Jan 29, 2003
1,246
1,932
Florida
Trump's privacy policy will include free access to all information, no encryption, and of course a consent form to release custody of your children to the government*.

*Kidding... Obviously they won't ask for permission.
Copying the Obama policy and following the law in Flores vs Reno (Clinton AG, 9th US Circuit Ct of Appeals). But the uninformed miss that.
 
  • Like
Reactions: Huck

KazKam

macrumors 6502
Oct 25, 2011
490
1,649
I'm all for data privacy. However, to me, when it comes to GDPR, it seems ludicrous, and quite illegal, that any business in any country outside the EU should be beholden to any policy passed by the EU. EU law should have ZERO legitimacy outside of the EU. Otherwise, what's to stop any country/countries from setting international law all on their own. Crazy.

IMO, if EU citizens want to use services operated or hosted outside the EU that collect data, they do so at their own risk and without the protections or guarantees of GDPR. Simple as that.
 

macduke

macrumors G4
Jun 27, 2007
11,044
14,859
Central U.S.
I'm certain this will somehow either strengthen legal backing for corporations to collect our data or enable corporations to collect more data than ever before. And in typical fashion they will say that this law is the opposite of what it really is and tout it as privacy for all!
 
  • Like
Reactions: ssgbryan

chucker23n1

macrumors 601
Dec 7, 2014
4,419
5,593
I'm all for data privacy. However, to me, when it comes to GDPR, it seems ludicrous, and quite illegal, that any business in any country outside the EU should be beholden to any policy passed by the EU. EU law should have ZERO legitimacy outside of the EU. Otherwise, what's to stop any country/countries from setting international law all on their own. Crazy.
Companies can feel free not to do business with EU citizens and processors.

IMO, if EU citizens want to use services operated or hosted outside the EU that collect data, they do so at their own risk and without the protections or guarantees of GDPR. Simple as that.
That may be your opinion, but it's not the law.
 

vipergts2207

macrumors 68020
Apr 7, 2009
2,204
3,575
Columbus, OH
I'm all for data privacy. However, to me, when it comes to GDPR, it seems ludicrous, and quite illegal, that any business in any country outside the EU should be beholden to any policy passed by the EU. EU law should have ZERO legitimacy outside of the EU. Otherwise, what's to stop any country/countries from setting international law all on their own. Crazy.

IMO, if EU citizens want to use services operated or hosted outside the EU that collect data, they do so at their own risk and without the protections or guarantees of GDPR. Simple as that.
If you want to do business in a country then you follow their rules. Doesn't matter if it's a foreign-based company or not. The alternative choice is to not do business in that country, and obviously these companies have chosen not to do that because quite frankly that would be a financially stupid decision. Conversely, foreign-based companies operating in the U.S. also have to follow U.S. law. This isn't a new concept so I'm not sure why you're acting as such.
 

jimothyGator

macrumors 6502
Jun 12, 2008
281
916
Atlanta, GA
If you want to do business in a country then you follow their rules. Doesn't matter if it's a foreign-based company or not. The alternative choice is to not do business in that country, and obviously these companies have chosen not to do that because quite frankly that would be a financially stupid decision. Conversely, foreign-based companies operating in the U.S. also have to follow U.S. law. This isn't a new concept so I'm not sure why you're acting as such.
That sounds reasonable, but it’s not so simple. You could be running a one person shop on the web, say selling handmade goods. Most of your customers, and all of your marketing, may be US based. If a European customer happens upon your site, you’re now doing business in the EU. You’re not a lawyer, an EU regulation expert, or a software development expert. You’re just an artist with something to sell. And now you’ve found yourself in violation of laws in place you don’t live or even think about.
 

ApfelKuchen

macrumors 68040
Aug 28, 2012
3,770
2,345
Between the coasts
I'm all for data privacy. However, to me, when it comes to GDPR, it seems ludicrous, and quite illegal, that any business in any country outside the EU should be beholden to any policy passed by the EU. EU law should have ZERO legitimacy outside of the EU. Otherwise, what's to stop any country/countries from setting international law all on their own. Crazy.

IMO, if EU citizens want to use services operated or hosted outside the EU that collect data, they do so at their own risk and without the protections or guarantees of GDPR. Simple as that.
What you're referring to is the notion of physical nexus - that if something is beyond the physical border of a nation, that it's beyond the reach of that nation's laws. This could be considered "playground logic" - perfectly fine for a game of tag, but not at all practical in today's world. We can't force governments to operate as if it was still the 12th Century in the face of 21st Century realities.

Do countries have a right to govern the properties of physical goods sold within their borders (safety, content labeling, standards compliance, import duties, etc.)? Clearly, they do. Why, then, would they lack authority for other types of goods and services consumed within their borders?

The US has a variety of laws governing what companies and individuals can do on the Internet (such as COPA, the Child Online Protection Act), and plenty of web sites headquartered beyond the US borders comply with those terms in order to reach US citizens. Those companies are not obligated to extend COPA rules to citizens of other nations, but they often do, as its easier and cheaper to do so (and may even seem politic). GDPR is no different.

The Internet is by its very name international. To think a worldwide phenomenon can only be governed by a single nation's laws or values (or operate entirely beyond the reach of law) is naive.
 

vipergts2207

macrumors 68020
Apr 7, 2009
2,204
3,575
Columbus, OH
That sounds reasonable, but it’s not so simple. You could be running a one person shop on the web, say selling handmade goods. Most of your customers, and all of your marketing, may be US based. If a European customer happens upon your site, you’re now doing business in the EU. You’re not a lawyer, an EU regulation expert, or a software development expert. You’re just an artist with something to sell. And now you’ve found yourself in violation of laws in place you don’t live or even think about.
Again, this isn't a new thing, things have worked this way for a long time.

In any case, if a small one-person shop unwittingly commits some violation, unless it's particularly egregious it's most likely going to go unnoticed simply because nobody will be paying attention to it. And if someone were to notice, they don't have any assets in the country where they committed the violation. This means they would be exceedingly unlikely to face any real repercussions from the violation; it's not like they're going to have an extradition order enforced against them for something likely to be so trivial.
 

ActionableMango

macrumors G3
Sep 21, 2010
9,555
6,820
Post-GDPR, Marcel Freinbichler tested the effect of going to the USA Today page as if he were from the EU and again as if he were from the USA.

When he went to USA Today's main page from the EU:
  • All the tracking scripts and ads are removed
  • The size is about 0.5MB
  • It loads in about 3 seconds
  • There are 0 Javascript
  • There are 34 HTTP requests
When he went to USA Today's main page from the USA:
  • The size is about 5.2MB (uses 10x more data from your data plan)
  • It loads in about 45 seconds (15x longer load time)
  • There are 124 Javascripts (these use the CPU, slowing down your device and using up your battery)
  • There are 500 HTTP requests
I don't like trackers and ads--I sort of begrudgingly accept them. But I think we mostly assume there are a couple of trackers and a couple of ads and it's no big deal. But HUNDREDS? 466 more HTTP requests and 124 Javascripts??? They are using up your battery and your data plan.

At least USA Today works. I've been to some websites loaded down with so much crap that the page just becomes literally unusable.
 
Last edited:

trusso

macrumors 6502
Oct 4, 2003
455
1,110
Slater and the Trump administration have reportedly referred to the U.S. proposal as a "counter-weight to GDPR," aimed at ensuring that the European law doesn't become the global standard of online privacy, sources said. Still, Slater also stated that there is no desire to create a "U.S. clone" of the European rules.
Counter-weight? Or complement? Those two words imply very different ideas.

Vocabulary is important, kids. ;)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.