During one of the most closely followed congressional hearings of all time, Republican Sen. Lindsey Graham (R-S.C.) looked Facebook CEO Mark Zuckerberg square in the eye and asked him a very simple question: “Do you think the Europeans have it right?”
Graham wasn’t the only legislator to make reference to Europe during their questioning. Sen. Maria Cantwell (D-Wash.) also queried Zuckerberg, “Do you believe the European regulations should be applied here in the U.S.?”
{mosads}We don’t usually turn to the EU to set precedent for how to best regulate our businesses in the United States. Generally, it’s quite the opposite. The U.S. prides itself on being a more business friendly environment — allowing for American innovation to thrive without too much red tape.
However, when it comes to setting a legislative agenda for the digital economy, we’ve fallen behind.
By long relying on big technology companies to self-regulate, we’ve put ourselves in a unique position where Congress is now in a hurry to solve serious data protection problems. Solving problems in a crisis is never easy. The simplest way forward can often mean leaning on others ideas or rules and adapting them as your own. That’s why so many members of Congress are curious about Zuckerberg’s opinions on the EU’s regulatory approach. They are the first to do it.
In fact, the conversations we’re only just beginning to have here in the US — from SESTA to the CLOUD Act to Cambridge Analytica — have been going on for almost five years in Europe.
In 2015, the European Commission announced plans to prioritize and launch a set of regulations known as the “Digital Single Market.” The DSM will provide a single group of laws governing digital policy for all 28 (soon 27) member states. Everything from copyright, to platform regulation, to artificial intelligence, to intermediary liability to consumer protection and hate speech are all on the table, and have been for a while.
It’s no secret that the EU has always taken a different approach to privacy and data protection, but they’re also the only ones who have taken any significant action to craft such extensive rules to govern these issues. The first comprehensive piece of legislation to emerge from the DSM, the General Data Protection Regulation (GDPR), tackles this issue.
Zuckerberg referred to it during the hearing, and to the actions Facebook has already taken to adhere to it. The GDPR comes into force on May 25, and it addresses how companies manage the personally identifiable information of EU citizens when processing data both within and outside of the EU. That means any company in the U.S. that has customers in the EU is liable, from tech giants like Facebook and Google to some of America’s smallest startups. Companies that fail to comply by May 25 may face fines of up to 20 million euros or four percent of their annual turnover.
However much we may have in common with our allies in Europe, let’s be careful not to copy and paste the EU’s solution to this complex problem. In the same way they take a different approach to privacy, we too should take a different approach to regulating it. The months ahead should be an opportunity to learn from companies that implement the GDPR, what works and what doesn’t.
The conversations around data protection and the future of the digital policy in the US will be difficult. They were difficult in the Europe as well. But let’s take the time to hear from all voices affected — whether they’re a three employee startup, or a tech behemoth with 30,000 employees. These rules impact all of us. So it’s vital that we take the time to develop our own approach — one that will provide protection without stifling American innovation that has made Silicon Valley the technology leader around the world.
Melissa Blaustein is the founder and CEO of Allied for Startups, a global network for startups, entrepreneurs, VCs, and advocacy organizations working together to build a worldwide consensus on key public policy issues impacting startups.