51 US companies are calling for a uniform data protection law at the federal level. This emerges from the published letter of the 51 corporations. In addition to network operators, financial institutions and car manufacturers, this letter has also been signed by companies such as Amazon.com, Dell, IBM, Motorola, Qualcomm, Salesforce and SAP. The authors are worried about the trust of customers and urge the legislature to hurry.
The reason is that consumers can not be expected to be able to understand the rules that can change depending on which state they live in, from which state they go to the Internet, and in which state the entrepreneur is located. In addition, the fragmentation into individual state laws threatens the “innovation and global competitiveness of the USA”.
The “Frame for Consumer Privacy Legislation” has been created to explain their ideas for data protection. This frame clearly reflects the interests of the corporations. They want to cut costs and make exceptions for small businesses. It is also demanded that data flow freely across international borders. There are no consequences for non-compliance with data protection laws.
The aim is to regain consumer confidence and the US should be seen as a pioneer in privacy protection.
The corporations also note that those affected should have no right to go to court to claim damages in case of a privacy breach and are not entitled to complain at the Federal Trade Commission (FTC).
The low data protection effect of the FTC is reflected in the Child Data Protection Act COPPA. It is around 20 years old but is largely ignored. Last year, an investigation found that 75% of all children’s apps in Google’s Play Store do not care for data protection. As far as known, the FTC has prosecuted just four companies since then: Musical.ly (TikTok) had to pay 5.7 million dollar penalty, YouTube 170 million dollar. One website got away with a fine of $ 35,000, another with the promise to improve data protection. In addition, three dating apps have been removed from Play Store.
If the USA can really play a pioneering role in the area of data protection has to be questioned. It is clear that the requested data protection differs fom the GDPR. Instead of strengthening the data subject rights, the US companies try to soften existing rules. For example, California has followed European guidelines in the design of the CCPA (Californian Consumer Privacy Act). If the US-companies can enforce their demands, then the new Federal Data Protection Act will make the CCPA obsolete and massively reduce the data subjects’ rights (see GDPR Article 12ff) for Californian people.