A wide-ranging digital privacy law known as GDPR goes into effect in the European Union on Friday. In the works since 2012, the new law fundamentally reshapes how people think about their digital data and reasserts consumers’ rights to information about themselves.
It also sets up a contrast with the U.S., asserting broad, basic rights for EU citizens that Americans, by and large, don’t have in their daily digital media lives. Here are five of those new rights.
1. Privacy as a matter of course
The EU law takes as a given that privacy is “a fundamental right that can trump other interests,” as the California Law Review put it. Indeed, the right to privacy appears on the European Convention of Human Rights.
U.S. citizens have no such broad right to privacy (although the Supreme Court has found that such a right is implicit in the Constitution.) In the states, laws and lawsuits around privacy usually center on the question of harm, and the regulations that do exist are often sector-specific. Information about someone’s health or medical treatment, for example, is considered sensitive, as well as financial information. And children under 13 in the U.S. are generally protected from having their information collected.
A handful of tech CEOs have called for the U.S. to have a broad privacy law, and several states, including California and New Jersey, are considering bills of their own.