Derek Hawkins of The Wall Street Journal‘s “Cybersecurity 202” argues that although there is no reason the United States couldn’t enact privacy standards similar to the EU’s new General Data Protection Regulation, and many are calling for it, it’s unlikely to happen. He cites three reasons:
1. There’s no agency to carry it out.
EU member states have their own data privacy authorities to enforce the GDPR. The closest US equivalent is the Federal Trade Commission, but its powers are thin compared to its European counterparts, and it has little to no oversight over a range of businesses and industries.
2. Congress won’t go for it.
It’s challenging enough to pass simple legislation in a gridlocked Congress. Privacy legislation far less sweeping has stalled over and over in recent years, and rallying support around those measures and others would be a struggle.
3. There’s probably not enough public demand.
The Cambridge Analytica scandal has spurred a national debate about data privacy and brought federal law enforcement investigations. But change such as this takes a kind of shock akin to the 2008 financial collapse to make it happen.
