Apple, Cisco, Call for an American Version of the GDPR Laws Drew Wilson | February 8, 2019 While GDPR is changing the face of Europe’s privacy environment, Apple and Cisco are hoping that the US could have something similar. Europe’s General Data Protection Regulation (GDPR) is changing the legal landscape surrounding people’s personal privacy. Now, it seems Apple and Cisco want America to follow suit and join a sort of privacy revolution. From Beta News Apple’s Tim Cook has already voiced his support for GDPR and said that the rest of the world should implement similar regulation. Now he has been joined by Cisco in calling for data laws to be embraced by the US as they have been in Europe. Acknowledging the increasing worldwide interest in privacy, Cisco’s chief legal officer, Mark Chandler, expressed his belief that the US would benefit from its own GDPR-style laws. Speaking to the Financial Times, he said: “We believe that the GDPR has worked well, and that with a few differences, that is what should be brought in in the US as well”. While there have been calls from various quarters for the US to adopt some form of regulation for user data, there are concerns that Europe’s GDPR is too broad. There have also been warnings that any US version of GDPR needs to take into account how US businesses work — hence Chandler’s mentioning of “a few differences”. Now, we’ve been following the GDPR laws for quite some time now. So, we thought we’d share our observations of what has happened with the laws and what it’s all about. Back in June of last year, the GDPR laws came into force across the continent. One of the major aspects is the fact that it carries fines to the tune of a percentage of a companies annual turnover. Because of this, if a company violates the privacy of its users or is negligent, then fines will scale according to the size of the organization. Another aspect that might be attractive to American’s is the fact that if a company detects a breach in their system, that organization has 72 hours to report the breach to authorities. Otherwise, they risk fines under the law as well. Now, notifying users or authorities has long been a problem in the world of security. This is because, without the risk of fines, some companies are actually financially motivated to cover up the fact that they’ve been breached in the first place. There’s that risk of share values dropping and a drop in customer trust. On top of it all, they might have to invest money in further securing their networks as well which is just an added cost to some. So, the 72 hour window is designed to put an end to hiding breaches from authorities and the public. Another benefit American’s have is the fact that they now have had the opportunity to watch another jurisdiction try out these laws to see how it all worked out. In January, GDPR regulators saw 95,000 complaints roll in since the laws were introduced. That statistic followed another one seen back in December where data breach whistle-blowing rose 165%. So, people certainly have no problem using the laws to shine the light on security problems in organizations whether they are on the outside or inside. As for businesses, they’ve been somewhat lagging behind the laws. Earlier this month, only 30% of businesses bothered with encryption at all. So, the laws by no means changed absolutely everything overnight. Many would say that there is plenty of room for improvement there. As for the regulatory side of things, regulators are currently dealing with 59,000 breaches. Unfortunately, under 100 fines have been handed out. While this is low, the people gathering the statistics suggest that it’s not that they aren’t willing to hand out fines, but rather, regulators are stretched to the limit handling such a high volume of problems. So, with such laws being in place, the task ahead is going to be huge. Perhaps keeping in mind manpower is going to be something to consider if America decides to follow suit with such a law. There are, of course, going to be differing opinions on how the law is portrayed and what needs to be improved on. Some people even say the GDPR law is terrible altogether and should be done away with. Other observers, notably in Europe, say that the laws have ushered in a new era of respect for privacy. Now, it’s unclear just how far the calls will go with the current administration in office. Still, it does show that there is now an apatite for the US to follow Europe’s lead in privacy protecting laws. Drew Wilson on Twitter: @icecube85 and Google+.