Under the GDPR, EU citizens can require companies to disclose and delete information about them and regulators may impose fines of up to €20m, or four percent of annual revenues, on companies that violate the regulations, among many other things.
In the U.S., the bills are due: Commerce Committee Chairman John Thune (R-SD) plans to introduce some type of privacy legislation early in 2019. Senators Ron Wyden (D-OR) and Mark Warner (D-VA) also plan to introduce legislation. How closely these or other bills introduced in the 116th Congress will resemble the GDPR, if at all, remains to be seen.
Tech leaders called on Congress to introduce new federal privacy legislation last month before a Senate committee, a sharp turn from their previous position of self-regulation. The hearing highlighted concerns among tech that the patchwork of global and even state privacy laws and regulations could be increasing.
Outlook: While the Trump administration has frequently expressed concern over various aspects of the GDPR, last week the White House invited the EU to comment on how GDPR has been implemented as it considers a U.S. approach. Meanwhile, the November elections cast a smokescreen over any current predictions of what may develop legislatively.