Is the US About to Launch a GDPR Equivalent?

August 19, 2022
5:00 min read
Laura Browne
Is the US About to Launch a GDPR Equivalent?
resource hero

The Federal Trade Commission has announced it is exploring rules to crack down on commercial surveillance and lax data security in the United States. It describes “commercial surveillance” as the business of collecting, analyzing, and profiting from information about people. Sound familiar? This is the US’ first national foray into its own version of the European data protection law known as GDPR. Historically it has been conspicuously silent on data protection issues, apart from Mark Zuckerberg’s visits to Capitol Hill to talk about Facebook’s approach to data privacy. This lax approach has resulted in some companies collecting and exploiting people’s personal data for commercial gain. Note, this is not the same as gathering trend data for marketing measurement, as it’s primary concern is the collection of personal data (“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” said FTC Chair Lina M. Khan).

The FTC is seeking public comment on the potential harm that can result from “commercial surveillance” and will explore whether new rules are needed to protect people’s privacy and information. “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent. Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices and what those rules should potentially look like”, continues Khan.

This news coincides with increasing numbers of European countries who are banning the use of Google Analytics. Italy just joined Holland, France and Austria in legislating that Google Analytics falls foul of data privacy laws, specifically GDPR. Some are allowing limited use of the tool, but in reality the announcements make its practical use impossible.

What Is the Purpose of The Rules?

GDPR and the potential rules resulting from the FTC Public Forum are not as concerned with data proactively provided by the general public, usually via form fills (“first party data”), the focus is on third party data collected indirectly through tools such as cookies. US companies can currently legally gather an array of online activity, including networks, browsing and purchase histories, location and physical movement. The rules aim to prevent companies from selling consumer data, or using it for underhand commercial gain. They also focus on making it easier for people to opt out of “commercial surveillance” without penalty. According to the FTC “some companies require people to sign up for surveillance as a condition for service. Consumers who do not wish to have their personal information shared with other parties may be denied service– or required to pay a premium to keep their personal information private”.

What Does this Mean Practically?

If you approach marketing from a context of trust and integrity, these rules can only be a good thing. Focus on designing marketing programs that encourage users to tell you when they are ready to engage: valuable content is the way forward to get form fills.

Gather overall effectiveness trends, rather than personal data. If your intention is to give people more of what they find useful, as opposed to gathering their personal information for your gain, your marketing will be more authentic, and therefore more impactful.

If you are worried about the potential implications, then drop us a line and we can talk you through your options. Alternatively follow us on LinkedIn and sign up for The Science of Marketing e-magazine to keep up to date on all topics related to data privacy, monitoring and measurement.