Call For Us To Adopt European Style Privacy Regulations 90 Of 9To5Mac Readers In Favor

The WSJ features an interesting debate on whether or not the US should follow Europe’s example in enacting tough privacy regulations requiring individual consent for storing and processing personal data …

Apple has already committed to rolling out the European privacy standard to its customers worldwide, and some 90% of you were in favor of the US having the same rules for all companies.

We outlined the deal with Europe’s General Data Protection Regulation (GDPR) when it came into force last month. The key requirements are:

• There must be a specific, lawful reason to process the data
• Personal data must be encrypted
• You have a right to a copy of your data
• You can ask for your data to be deleted

The first of these requirements is uncompromising.

The WSJ piece has the University of Southern California’s Jonathan Taplin argues that the usa of personal data by large companies has gotten completely out of hand.

When consent is the reason, the law gets very specific. For example, a company can’t add your email address to its database and then rely on offering an unsubscribe link. It must have asked your permission before storing your email. And it can’t pre-check a box and ask you to uncheck it if you want to opt out: everything has to be on an opt-in basis.

The Cato Institute’s Julian Sanchez argues that checkbox fatigue means most people will simply agree when asked to consent.

These developments were proceeding at light speed until the European Union started taking aim at Silicon Valley. The EU’s General Data Protection Regulation is the biggest step yet toward undoing the 20-year regime that has benefited Big Tech. I believe that the U.S. should follow the EU model and impose our own version of GDPR.

In our own poll, 90% of you answered ‘absolutely yes’ to US companies adopting GDPR privacy standards, with a further 5% saying it would be nice. Only 2.5% were opposed.

Like antibiotics, such notices may work when used sparingly, but tend to become ineffective when deployed indiscriminately. To be sure, the GDPR has plenty of other restrictions on how data is used. But when the law demands ritual box-checking even for ubiquitous and, to most of us, unobjectionable uses of data, users are conditioned to speed through the nuisance by simply clicking “agree.”