Every state in the USA today has its own laws on personal data, and therefore citizens are not protected in any way in the matter of the safety of confidential information. The adoption of a single federal law can solve the problem, experts in this field believe. The closest analogue is the General Data Protection Regulation (GDPR), which operates in the European Union.According to Wirecutter, at the moment the situation with personal data in the United States is as follows:
- in most states, companies can use, distribute and sell any data about users without notifying them about it in any way;none of the national laws sets standards on when a company should notify a user that his data has been hacked or unauthorized transferred to third parties;
- if the company transfers the user’s data, including confidential information about his health and location, to third parties (for example, data brokers), they can freely sell and share them without notifying about it.
- Today, only California, Virginia and Colorado have uniform and comprehensive personal data protection laws.
They, of course, apply only to residents of these three states and do not apply to the whole country.
The strictest personal data laws apply in California. Citizens even have the opportunity to sue the company for leaking certain confidential information. But the law of the state of Virginia, on the contrary, has many weaknesses — it was adopted under the strong influence of Amazon, and therefore is business-oriented and does not protect the rights of citizens in any way.
Experts believe that the problem can be solved by developing its own analogue of the GDPR — the regulation of the European Union, which came into force in 2018. It requires companies to ask users for permission to use and distribute personal data. At the same time, a person has the right to access them and even demand to delete certain information about himself.
The US does not have the same comprehensive privacy regulation. Instead, the country has a number of disparate federal laws regulating only certain types of data. Among them are the Health Insurance Mobility and Accountability Act (HIPAA), the Electronic Communications Privacy Act (ECPA), the Children’s Online Privacy Protection Act (COPPA) and others.
At the same time, most American citizens do not know what is hidden behind all these abbreviations. Due to the lack of transparency and the lack of a unified system, people simply do not understand exactly what rights they have regarding the safety of their data.
That is why the experts interviewed by Wirecutter talk about the need to adopt a unified federal law on personal data protection. “Consumers should clearly understand the rights they have with respect to their data,” says Whitney Merrill, a specialist in personal information protection.
Now various experts, activists and individual officials are trying to lobby for such a law. However, so far its adoption has not been discussed at the highest level.