A month into the European Union’s implementation of the General Data Protection Regulation (GDPR), the White House has begun exploring a federal approach to online privacy data standards.
Gail Slater, the Dublin-born attorney whom President Trump appointed in a tech advisory role with the White House National Economic Council back in February, has become the de facto point person for the effort. Last week, Slater met to discuss the topic with the Business Roundtable, a committee consisting of the CEOs from the top companies in the United States that collectively employ 16 million people. Earlier, Slater had a conversation on GDPR implementation and privacy with Dean Garfield, CEO of the Information Technology Industry Council, the trade association that represents tech giants like Google, Microsoft, and Facebook.
Before her appointment to the National Economic Council, Slater was general counsel at the Internet Association, which represents companies like Amazon, Dropbox, Google, Netflix, Reddit, and Twitter and regards itself as “the unified voice of the internet economy.” Slater also previously served more than a decade in an advisory role at the Federal Trade Commission (FTC) under the Obama-appointed commissioner Julie Brill.
The economic impact for implementing data protection standards is considerable. A study published in October by the specialist policy and economics consultancy London Economics found that profits in the U.K. data analytics industry could fall by as much as £41 million, while profits associated with lead generation for new customers could drop by as much as £114. A survey that informed the study found that among marketing professionals, there is a lot of uncertainty in terms of what the economic impact of data protection.
What the outcome of these discussions and the effort to set privacy standards will be remains a bit unclear. We can almost certainly expect Slate and her colleagues to use the GDPR to provide at least some kind of framework to the discussions, if not an exact model to build from. There is already some speculation that the ultimate outcome could be the establishment of data privacy initiative not unlike the one President Obama created for cybersecurity in 2013. There could also be an executive order directing an organization like the National Institute of Standards and Technology (NIST), a division of the Commerce Department, to work with corporations to establish workable data protection guidelines.
This initiative comes off a bit surprising, considering that this administration has made it a priority to cutt red tape for corporate entities, even to the detriment of consumers. This much is clear based on the recently published observations of Ann Baddour, the former chairwoman of the Consumer Financial Protection Bureau, about the way that the organization she used to lead is “being gutted from the inside out.”
At the very least, it is encouraging to see that the discussion is happening both among people among independent (or at least, bipartisan) appointments as well as with industry experts who understand the complexity of the privacy protection landscape.
On the other hand, there was a period of more than two years between the GDPR being agreed-upon (which took several months to draft) and when it was finally implemented. Considering that these discussions are only just starting now, it could be years before a U.S. federally mandated data protection standard goes into effect, assuming it follows a similar timeline as GDPR.
Note: An earlier version of this article misidentified Dean Garfield as the CEO of the National Institute of Standards and Technology (NIST). He is, in fact, the CEO of the Information Technology Industry Council, as this article now reflects.