As technology continues to innovate at lightning speeds and technology becomes more central to everyday life, personal data must be protected. In 2017, the passage of the General Data Protection Regulation (GDPR) in the European Union set an important precedent in the world of data protection law. Building upon the Data Protection Directive (95/46/EC), the GDPR has taken the fundamental right to privacy and extended it to the transmission of personal data. The United States of America, however, offers no such protection at the federal level – the right to privacy within the U.S. is not absolute. This article will comparatively present the pattern of case law and legislation in the EU that led to the General Data Protection Regulation, and then the pattern of case law and legislation leading to data protection law(s) in the United States of America. The contrasting degrees of protection within the two regimes is a large discrepancy; the collection and transmission of personal data is protected by law in the EU and the US differs to such a degree that companies like Facebook, have had to drastically alter their services in Europe to comply with the stringent requirements of the GDPR. The paper continues on to address how personal data protection is being addressed by lawmakers vis-à-vis competition law and anti-trust regulation in the EU. While it may be difficult for the United States to develop a sweeping, federal-level piece of legislation like the GDPR, the increasing success of laws protecting personal data vis-à-vis competition law points to an area in which the U.S. and the E.U. can more easily harmonize their laws and protections. Finally, the paper offers a comment on the future of the transatlantic relationship and the role data protection law could play in strengthening that relationship.

+Link