General Data Protection Regulation (GDPR) was introduced throughout Europe in 2018. It is essentially a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Despite being EU law, its impact has traveled far beyond that. The regulations examine the collection and processing of personal data belonging to EU residents. If a company is based in the United States but has European customers, GDPR comes into play.
This article will examine the impact of GDPR and other examples of data collection.
iGaming – A case study
One example where GDPR has been implemented is in the iGaming sector. Correct data is needed to obtain a gambling license in most parts of the world. At a basic level, providers will clearly state their GDPR policy and display it in a clear and prominent place.
What about the actual policies though? The likes of Paddy Power Games, for example, have a clear policy with data collection. They state that they collect information about new customers during the registration process for their gambling and gaming services. This information could include name, key contact information, and postal address. Other details might be requested for the registration and the continued use of a company’s services.
Data privacy and the United States
Even though it brought challenges across different industries, experts have argued that clever organizations used their GDPR responsibilities to take a more critical look at how to manage customer and client data. It’s also allowed others to become more creative in capturing customer data.
There’s also the argument that the data captured is more genuine. To sign up for a Mailing List, a customer needs to opt in. The other main benefit is how it formalized data collection legislation and privacy. European businesses know exactly where they stand. That doesn’t happen in the United States.
What’s interesting is that the US has never really had a single policy that covers data privacy. The New York Times explained that data collected by the services and products used by the population doesn’t have regulations behind it. Since there are no federal privacy laws, companies are technically free to do what they want with data. That’s unless the state of the organization has its own data privacy law.
There has been a lot of research examining data collection policies across the United States. The Varonis blog looks into what it describes as an ever-changing web of laws governing data privacy across the United States. Does this need to be more formalized?
Does the United States need GDPR?
An interesting article in Forbes examined that there are many weaknesses to GDPR. It also explains why the United States government was perhaps wise to implement the European approach to data protection.
The article provides an analysis from The Uniform Law Commission. They are a national, non-partisan, non-profit containing commissioners appointed by the different States. They have developed model legislation to bring clarity and stability to state and federal laws that appear to be in conflict.
When it comes to the future of data collection in the United States, it might turn out to be non-profits that develop future regulations relating to data privacy.
