Fragmented U.S. privacy laws leave large data loopholes

By | April 10, 2018

Florian Schaub, an assistant professor at U-M and a privacy expert, notes in a recent article that the patchwork of U. S. laws and regulations that govern data collection and privacy leave loopholes for companies to exploit. For example, Federal laws strictly protect medical, financial, and education-related records. However, online services, apps, and data collection by emerging technologies (such as smart speakers or self-driving cars) is also mostly unregulated.

Europe, by contrast, generally prohibits collecting and using personal data. Its General Data Protection Regulation, which takes effect on May 25, applies to all businesses and government agencies in European Union member countries—including U.S. companies offering services in Europe. Many other countries have adopted comprehensive privacy regulations like the EU’s that broadly regulate how government agencies and private companies use data.

Schaub believes the advantage of comprehensive privacy protections is that they’re consistent across services and industries, even as new technologies emerge. “U.S. companies already follow more comprehensive privacy laws in other countries,” Schaub writes. “But without comparable requirements at home, there’s little reason for them to protect U.S. consumers the same way.”