GDPR

Opinion: How to design a US data privacy law

Enlarge akinbostanci/Getty Images reader comments 217 Nick Dedeke is an associate teaching professor at Northeastern University, Boston. His research interests include digital transformation strategies, ethics, and privacy. His research has been published in IEEE Management Review, IEEE Spectrum, and the Journal of Business Ethics. He holds a PhD in Industrial Engineering from the University of

General data protection regulation GDPR logo on padlock with blue color background.
Enlarge
akinbostanci/Getty Images

reader comments

217

Nick Dedeke is an associate teaching professor at Northeastern University, Boston. His research interests include digital transformation strategies, ethics, and privacy. His research has been published in IEEE Management Review, IEEE Spectrum, and the Journal of Business Ethics. He holds a PhD in Industrial Engineering from the University of Kaiserslautern-Landau, Germany.

The opinions in this piece do not necessarily reflect the views of Ars Technica.

In an earlier article, I discussed a few of the flaws in Europe’s flagship data privacy law, the General Data Protection Regulation (GDPR). Building on that critique, I would now like to go further, proposing specifications for developing a robust privacy protection regime in the US.

Writers must overcome several hurdles to have a chance at persuading readers about possible flaws in the GDPR. First, some readers are skeptical of any piece criticizing the GDPR because they believe the law is still too young to evaluate. Second, some are suspicious of any piece criticizing the GDPR because they suspect that the authors might be covert supporters of Big Tech’s anti-GDPR agenda. (I can assure readers that I am not, nor have I ever, worked to support any agenda of Big Tech companies.)

In this piece, I will highlight the price of ignoring the GDPR. Then, I will present several conceptual flaws of the GDPR that have been acknowledged by one of the lead architects of the law. Next, I will propose certain characteristics and design requirements that countries like the United States should consider when developing a privacy protection law. Lastly, I provide a few reasons why everyone should care about this project.

The high price of ignoring the GDPR

People sometimes assume that the GDPR is mostly a “bureaucratic headache”—but this perspective is no longer valid. Consider the following actions by administrato

!–>

Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

GDPR

Tech Tuesday: Data privacy and synthetic data generation tools

Data has become simultaneously the most valuable asset most organisations own and the most heavily regulated one. GDPR fines exceeded €4.5 billion cumulatively by early 2026. The EU AI Act’s classification of training data quality as a high-risk system requirement has made data provenance a legal obligation rather than a best practice…

Data has become simultaneously the most valuable asset most organisations own and the most heavily regulated one. GDPR fines exceeded €4.5 billion cumulatively by early 2026. The EU AI Act’s classification of training data quality as a high-risk system requirement has made data provenance a legal obligation rather than a best practice…
Read More

Continue Reading
GDPR

Researcher reveals official White House app is one command away from tracking your precise location every 4.5 minutes – app can also inject code to dodge cookie consent, GDPR banners, and paywalls

White House app contains code to hide cookie options, GDPR banners, and paywalls – and collects extensive user data…

White House app contains code to hide cookie options, GDPR banners, and paywalls – and collects extensive user data…
Read More

Continue Reading
GDPR

Viva la revolución: LinkedIn profile visitor lists belong to the people, says Noyb

GDPR Article 15 doesn’t care if you want to make money by selling users’ data back to them A LinkedIn feature the average non-paying user likely only glances past could end up setting a legal precedent in the EU regarding how companies treat customer data that they’ve processed. …

GDPR Article 15 doesn’t care if you want to make money by selling users’ data back to them A LinkedIn feature the average non-paying user likely only glances past could end up setting a legal precedent in the EU regarding how companies treat customer data that they’ve processed. …
Read More

Continue Reading
GDPR

Estonia is the rare EU country opposing bans on children’s social media use

In short: Estonia and Belgium are the only two EU member states to have declined the Jutland Declaration, an October 2025 pan-European commitment to restrict children’s access to social media. Estonia’s ministers argue that age-based bans are unenforceable, that children will find ways around them, and that the correct approach is to enforce the GDPR against

In short: Estonia and Belgium are the only two EU member states to have declined the Jutland Declaration, an October 2025 pan-European commitment to restrict children’s access to social media. Estonia’s ministers argue that age-based bans are unenforceable, that children will find ways around them, and that the correct approach is to enforce the GDPR against […]
This story continues at The Next Web…
Read More

Continue Reading