The Senate Committee on Commerce is in the midst of conducting its long-awaited hearings on privacy. This might seem long overdue, considering the European Parliament has for several years been trying to ensure that companies respect consumer privacy. Even China has enacted privacy legislation. Here in the United States, however, only a handful of states have thus far tried to address consumer privacy legislatively.
The topic of privacy in China, the country which instituted the world’s first Social Credit System, would require a separate article. Still, we might wonder why the U.S. has lagged behind Europe in the protection of individual privacy. This can be explained partly by considering the relative preoccupations of legislators on either side of the pond. Whereas the European perspective generally assumes that law is primarily intended to protect private citizens against the ill-doings of big companies, the American tradition assumes that federal law exists primarily to delineate and limit the scope of government action — to protect citizens first and foremost against government overreach. Is there a reason to break with this tradition with respect to the issue of privacy? In particular, what should we make of the proposal most touted during the hearings: not an American GDPR, but instead a new privacy and data security bureau at the FTC?