Trump administration U-turn fuels plan for American GDPR

DataIQ News

US President Donald Trump is set for yet another U-turn amid reports that his administration is working to develop consumer data privacy policies, 15 months after Trump signed legislation repealing privacy rules approved during the Obama administration requiring Internet service providers to do more to protect customers’ privacy.

According to reports, the Commerce Department is meeting with tech giants including Facebook, Comcast and Google in an effort to create a US version of GDPR.

David Redl, a senior US Commerce Department official who oversees the National Telecommunications and Information Administration, said in a speech late last week that the administration recently "began holding stakeholder meetings to identify common ground and formulate core, high-level principles on data privacy".

White House spokeswoman Lindsay Walters said the administration "aims to craft a consumer privacy protection policy that is the appropriate balance between privacy and prosperity. ... We look forward to working with Congress on a legislative solution consistent with our overarching policy".

Redl said a government survey showed that three-quarters of American households using the Internet have "significant concerns" about privacy and security risks and that the administration plans to publish "high-level principles" and seek public comment as it seeks to develop a nationwide data privacy plan.

The Information Technology Industry Council, which represents major tech companies, said in a statement: "The US has an opportunity to create a new, best-in-class privacy paradigm for the digital economy as well as avoid the creation of a patchwork of laws that would impede innovation."

In June, California Governor Jerry Brown signed data privacy legislation aimed at giving consumers more control over how companies collect and manage their personal information, although the rules are not as stringent as GDPR.

Under the law, which will come in force in 2020, large companies which hold data on more than 50,000 customers, would be required to let consumers view the data they have collected on them, request deletion of data, and opt out of having the data sold to third parties.