Digital Privacy — How GDPR Affects US Companies

Digital privacy entails protecting an end user’s information while using the Internet via a personal computer or other Internet-enabled devices. The concept surfaced during the Internet’s inception and relates to its ability to collect and share user data. As the Internet becomes a more accessible platform for many, protecting individuals’ private information becomes of paramount importance and interest.

The term “digital privacy” became common after early data breaches compromised user accounts. Consequently, individuals became worried about issues such as identity theft.

Areas of digital privacy include cookies, privacy policies, legal warnings, and a user’s right to be forgotten. Cookies track a user’s Internet activity and help identify returning users. Most websites allow users to give permission to cookies or reject them.

Privacy policies inform individuals how websites will use their data. A legal warning spells out a website’s terms and conditions and appears as a privacy policy guideline. Last, a user’s right to be forgotten grants the user the authority to request Internet service providers to delete their data.

Among the benefits, digital privacy helps protect users from fraud, identity theft, and cyberattacks. It also enables individuals to allow only those service providers they’ve given consent to access their data. Besides, it allows companies to tailor specific content such as products and services based on the profile a user creates. Moreover, digital privacy increases public awareness of the importance of protecting personal information.

Various regulations exist and seek to address the concerns around digital privacy. A good example is GDPR (General Data Protection Regulation), a law that requires companies to protect data belonging to citizens in the European Union (EU). The personal information, in this case, includes names, email addresses, credit card information, and other data that can identify a person.

GDPR ensures that data is collected, processed, and stored legally. Organizations ensure legality by disclosing to users why they’re collecting their data, how they will use it, and how they will keep it secure.

GDPR affects any global company that handles data from the EU, including those in the United States. This applies to companies supplying goods and services to EU residents or entities that monitor EU resident behavior within the Union. Non-compliance by US businesses attracts penalties of between $12 million and $23 million, or about four percent of a company’s total annual revenue. Still, companies may receive bans not to process EU subjects’ data.

On the flipside, US GDPR-compliant companies stand to gain a competitive advantage. They can achieve this by boosting their compliance and data privacy image. Consequently, it makes them attractive to customers keen to protect their online data.

Since the EU Parliament passed the law in 2016 and came into effect in 2018, many US companies have taken GDPR-compliant initiatives. As of May 2018, some Fortune 500 companies spent about $7.8 billion on GDPR-related initiatives. 40 percent of these spent over $10 million. Notably, most of these businesses stated that GDPR had a positive impact.

GDPR compliance for US companies came with its share of challenges. Initially, businesses struggled to comply, while others ceased doing business in Europe to escape this law.

The regulation has had such a profound impact that there is potential for a federal law that mirrors it. First, California introduced the California Consumer Privacy Act in 2018 to give users control over the information that businesses collect. Similarly, the Washington Privacy Act is a proposed consumer rights law that seeks to ensure that companies in Washington are transparent about collecting and processing consumer data.