[chronotis]

Ten years or so ago, I was participating in a small business roundtable discussion with one of our state senators. At the time, I ran a consumer research agency and would often have multinational projects involving consumer data collection in both the US and EU; this is before GDPR had become ratified, but Safe Harbor was failing and there was ambiguity about what the future state would look like.

Of the 15 or 20 business owners in the room, I was the only "pro privacy" voice. People were very focused on what would be the perceived additional cost of complying with any GDPR-style rules in the US, and weren't yet thinking about the negative effects of having different privacy rules in different markets. "Different markets have different rules all the time," in short.

I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved. There will always be capitalism leeches that drain money through arbitrage between the policy gaps, yes, but it would help.

(Also: there is zero chance this gets through the current US Senate. Would never clear filibuster.)

[pessimizer]

> Would never clear filibuster.

A filibuster by who? Neither party would support any privacy rules that placed any undue importance on privacy.

[chronotis]

I'm mostly just projecting based on the current 48+2+50 state of the Senate where virtually everything gets held up. If the Democrats brought it forward, I would expect the Republicans to filibuster just on principle.

[KerrAvon]

Slight historical aside here: for those too young to have been politically aware before the Obama era, the filibuster (a) is in the modern form a relatively recent invention (b) was rarely used prior to the Mitch McConnell era. McConnell and the Fox News generation of the Republican Party turned what was meant to be a tool for a last-resort veto into a sledgehammer continuously used to bludgeon the other side.

[rt4mn]

I would be interested to hear why you think it has no chance in Senate.

[legitster]

> I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved.

I think this is a bit naive. As someone who has had to dwell a lot on the specific nuances of German privacy laws vs GDPR or South Korea's, I have come to the conclusion that conflicting privacy laws are a designed feature.

I think lawmakers certainly have consumer protection as one of their goals, most privacy legislation has many features intended to benefit domestic industries at the expense of foreign ones. Or to benefit national security in some way (such as requirements for certain types of data to be stored on servers inside the country).

Even if the US was to homogenize with GDPR in some way, I wouldn't doubt that the EU would fast follow with a slightly different spin on it just to give US tech companies an extra set of hoops to jump through.

In a way, this is already how safety regulations work in the automobile industry.

[chronotis]

I agree that we're not going to see a US privacy framework that's identical to GDPR and where all players have the same obligations and enforcement mechanisms. What is extremely problematic, IMHO, is the US having _no_ privacy framework to speak of while the rest of the world does. Beyond HIPPA and COPPA (and CCPA if you happen to live in Cali), there's really not much recourse for US citizens besides their collection of company-paid credit monitoring after each security breach.

If one outcome of GDPR is that 10-15 years later, the US adopts some sort of national privacy framework that motivates industry to reevaluate their data monetization business models, that's a good outcome.