Exterro's E-Discovery & Privacy Breakdown

The world of E-Discovery & Privacy is constantly changing – let us break it down for you with a weekly dose of News, Resources, Case Law, and Humor, all written in a concise and easy to understand format.


Could the US Have Its Own GDPR?

Created on March 23, 2018

E-Discovery Market Analyst at Exterro

Even a couple weeks ago, such an idea might have seemed ridiculous. After all, it often seems like you can’t even say the word “regulation” in domestic politics without prefacing it with “burdensome.” So it’s definitely big news when a sitting US senator says it’s time for a “Privacy Bill of Rights” on national radio—and that’s exactly what happened on NPR’s Morning Edition today.

In the wake of Facebook CEO Mark Zuckerberg’s apology for a “breach of trust” related to Cambridge Analytica’s access to data from 50 million user accounts on CNN, David Green of NPR interviewed Senator Ed Markey (D-MA) this morning. While NPR’s headline focuses on the senator’s call for Zuckerberg to testify (“Facebook’s Zuckerberg Should Testify on Capitol Hill, Sen. Markey Says”), that’s not the most interesting part of the interview from an e-discovery perspective.

In response to a question about Congress’s ability to act on privacy, Senator Markey stepped into positively European territory on government’s role in guaranteeing privacy rights to US citizens. (Emphasis is ours, not Senator Markey's.)

We need rules and regulations that reduce this degradation and debasement of the political process, but of privacy protections for Americans in general. We do need a privacy Bill of Rights that we pass through Congress, and that would guarantee every American would know when information is being gathered about them, know when that information is being reused for purposes other than that which the consumer wanted it to be used, and third and most importantly, they have a right to say no. And we have to enshrine that as the law in our country.

To these ears, Markey’s three points sound an awful lot like the rights of data subjects under GDPR, including:

  • Informed consent to data collection
  • Transparent communication around data processing
  • Right to rectification and erasure

Perhaps I’m projecting, but David Green sounded a little incredulous at this bold call for regulation, asking a follow up question, “That would enforceable? Some sort of Bill of Rights like that, it wouldn’t just be stating, ‘This is what users should know,’ that it would be something enforceable, that Facebook could be punished somehow if they allowed something like this to happen?”

“That is correct,” Markey replied before continuing his explanation. “This is the moment of reckoning. This is the time that has finally arrived where we need a national debate about the values that we’ve had in the real world but not in the online world in terms of protection.”

It’s hard to imagine the Congress implementing 4% of revenue sanctions like the EU did, but with US-based multinationals already responding to the requirements of GDPR, and a sitting US senator calling for action to guarantee US citizens’ data privacy, some big changes in how organizations account for, dispose of, and secure individuals’ data may finally be afoot domestically.

Listen to the full NPR interview here:

If you’re concerned about how GDPR (or some future American equivalent) affects your organization, download Exterro’s white paper Questions About How the GDPR Affects US E-Discovery? We Have the Answers.