New EU Law Will Tell US What Can Be Said -- And Built -- On the Internet

[Commentary] Americans have long been ignoring European data protection law, but it has not been ignoring us. Now a new EU-wide regulation is nearly final, and it will set the rules for these and other data protection questions for years to come. It’s time to pay attention.

The new law is the General Data Protection Regulation (GDPR). It does a lot of good things for Internet users -- giving us the right to extract our data from one service to migrate to a competing one, for example. And it does a lot of things that -- like the “right to be forgotten” -- seem odd to Americans but align with the general European perspective on privacy and government regulation. The sad truth is that it is probably too late to change many of the GDPR’s problems. There may be room for improvement at the margins, but even that won’t happen unless affected Internet users, technologists, companies, industry associations and civil society groups raise a fuss. Soon.

[Daphne Keller is the director of intermediary liability at the Stanford Center for Internet and Society]