Paper Title

-- By SamuelHorowitz - 04 Apr 2025

Section I

Subsection A

Subsub 1

Subsection B

Subsub 1

Subsub 2

Section II

Subsection A

Subsection B

Data Privacy or Lack Thereof? How the EU and U.S. Differ on Data Protection

The concept of privacy has shaped human behavior since the earliest civilization. In Ancient Mesopotamia, Hammurabi’s Code restricted actions that infringed on people’s personal property, marriage, livelihood, and freedom . Ancient Mesopotamia, Ancient Greece, and all throughout history, homes were built in such a way that inner courtyards and high walls restricted visual access to the goings within each person’s household. Modern civilization is no stranger to this idea either. The very first amendment of the U.S. Constitution is the freedom to speak, believe, and act with a safety of private expression . Yet, ironically, in response to the biggest threat to its citizens privacy since the dawn of time, the U.S. has done nothing. Even worse, Edward Snowden exposed the NSA of using that very threat to violate the privacy of millions of U.S. citizens without a warrant or their knowledge . Snowden reminded the U.S. citizen that we not only need to worry about the lack of protection from technological institutions that are mining and selling our data, but we must also worry about our privacy being invaded by the very country that we inhabit. European citizens, on the other hand, purportedly do not face the same level of systemic surveillance by their government. Robust data privacy protections like the General Data Protection Regulation, the GDPR, provide the EU citizen with stricter oversight of personal data collection and subsequent usage by technology companies . The U.S. and the EU take contrasting approaches to data privacy and protection, with the EU favoring strict regulations like the GDPR, while the U.S. relies on a more fragmented framework. In response to growing concerns over misuse and collection of personal data in the digital era, the EU enacted the GDPR, which would serve as a single, comprehensive framework aimed at protecting individuals’ data privacy and hold technological institutions accountable for misuse and infractions regarding such data privacy. Interestingly, the GDPR does not only pertain to business operating within the jurisdiction of the EU, but also to businesses globally so long as they are processing data of EU citizens. The GDPR establishes a set of rules and procedures that details how organizations collect, process, store, and share individuals’ data. The objective is to protect the individual, not the organization. The underlying principles of the GDPR are fairness and transparency, as it requires organizations to inform individuals about how and when their data is collected and used. Additionally, the GDPR encourages data minimization. Since organizations are limited in their ability to collect and share data, the GDPR is an attempt to reduce the data that organizations collect, encouraging organizations to only collect and share data when it is necessary or useful. Yet, the most unique features of the GDPR allow for citizens to take ownership of their data that has been collected, and the enforcement mechanisms that the GDPR possesses. Firstly, the GDPR grants each citizen of the EU the right to access their own data that has been collected by organizations. Each citizen has the right to access, correct, delete, and restrict their data and the data that has already been processed by others. Secondly, included in the GDPR is an enforcement mechanism that punishes organizations that violate the GDPR. Failure to comply with the GDPR can result is a serious penalty of up to 4% of global annual revenue, or 20 million euros, whichever is higher. As it currently stands, the GDPR is the strictest set of laws regarding data protection in the westernized world. It has set a global standard for data protection for citizens that countries have yet to model itself after. Quite the opposite, the U.S. does not have a singular legal framework that serves to protect its citizens data and data privacy. There are a series of fragmented federal and state laws that lack an overarching, systemic challenge to data privacy concerns widely shared by the U.S. public. A notable federal law that does attempt to curb inappropriate uses and collection of personal data is the FTC Act. Section 5 of the FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce.” Although section 5 is not intended to be used as a protection against data privacy violations, it certainly could cover those violations depending on the circumstances and administration in power. Another notable federal law in this context is the COPPA, Children’s Online Privacy Protection Act, which serves to protect the data of children under the age of 13. Notable State laws that make such attempts are few and minimal. The only noteworthy state law in this regard is the CCPA and CPRA, California Consumer Privacy Act and California Privacy Rights Act respectively. These laws give California residents the right to see, delete, and opt out of the collection and sale of personal data. Although many in both the U.S. and the EU have acknowledged the necessity for overarching data privacy laws for its citizens, the U.S. has failed to even attempt to pass a comprehensive set of laws like the EU’s GDPR. As technology and data collection become more embedded in our daily life, the U.S. is running out of time to meaningful privacy regulation. Many argue that it is already too late – and if so, the question is no longer how to prevent harm stemming from data misuse, but rather how to deal with the damage that has already been done.

• #Set ALLOWTOPICVIEW = TWikiAdminGroup, SamuelHorowitz
• #Set DENYTOPICVIEW = TWikiGuest

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.