2. The EU privacy law's track record
Today, most users know the EU's General Data Protection Regulation chiefly through the pain of having to click a box about cookie policies on every new website they visit.
Yes, but: Privacy experts say the EU's rules governing how corporations manage people's online data have had deeper impacts in three areas: company behavior, people's expectations and knowledge of how their data will be treated, and adoption by other nations and regions, Axios' Ashley Gold reports.
1. GDPR has changed the way businesses think about and handle user data.
- GDPR has spread the message that companies need to map, inventory and account for their customer data, with processes in place to manage and store it.
- American companies adopted GDPR as their standard "in order to have one single compliance program worldwide," said Cameron Kerry, distinguished fellow at the Brookings Institution Center for Technology Innovation.
2. Consumers in the U.S. now have higher expectations about online privacy, as American companies adopted GDPR standards.
- Americans have noticed that Europeans have privacy rights they do not. But they don't necessarily feel more protected with GDPR in the world.
- The Pew Research Center found in 2019 that six in 10 U.S. adults feel like they're being tracked constantly.
3. GDPR inspired copycat legislation and bills both globally in countries like Brazil, India and China and in U.S. states including California and Washington.
- It also caused new headaches for companies that must exchange data across borders.
The big picture: "From a policy impact perspective, GDPR succeeded in becoming sort of the lingua franca of privacy and data protection around the world," said Omer Tene, vice president of the International Association of Privacy Professionals.
The other side: Critics have viewed GDPR as an exercise in compliance and "box-checking," with not enough focus on outcomes. Small business in Europe are struggling to comply with it. And it may already be outdated, thanks to changes in how companies track users.