Deep Dive: GDPR And What A US Equivalent Would Look Like

GDPR was signed into law in 2016, and since then it has been a point of debate for regulators, businesses, banks and industry professionals in the European Union and around the globe. Data privacy, online advertisements and digital payments are causing some countries to consider a GDPR-like regulation, while other countries, like South Africa, are creating open banking ecosystems, despite having yet to pass any regulations similar to GDPR.

In the U.S., there is mounting support for a regulation similar to GDPR, even from technology companies like Google and Apple, both of which recently urged federal lawmakers to consider a new privacy legislation. Marc Rotenberg, the president of the Electronic Privacy Information Center, is also in favor, especially considering that U.S. firms must comply with GDPR if they operate in European markets.

While the U.S. is still debating the necessity of a regulation the size and scope of GDPR, consumers’ increased utilization of online payments and services, the rising number of data breaches and social media’s use of data in 2017 and 2018 have all contributed to a call for more consumer protections. Most in the data privacy industry and government agree that there is a need for more data protections.

Social media and its impact on data privacy

How social media platforms are using customer data has become more of a concern for U.S. consumers and lawmakers over the last few years. Facebook’s Cambridge Analytica scandal had a particularly far-reaching impact, prompting questions about how third parties are accessing data shared and stored on social media sites. American lawmakers were exposed to an online system of data mining and sharing that had been previously undiscovered by the public.

Scandals such as this one burst into public consciousness when GDPR was on the rise in Europe — it had just become effective for businesses and retailers in the EU. American consumers, who were discovering that Facebook had allowed third-party providers like banks and Netflix to access their private messages, were watching as residents of the EU were given the right to request or delete their data.

Consumers and businesses became aware that data transparency could solve a range of problems including customer authentication, payment information security and improving online consumers’ connected experiences. Soon after the Cambridge Analytica news broke, some U.S. lawmakers moved forward with their GDPR-like plans. Legislators in California passed a regulation, set to become effective in 2020, allowing Californians to request and delete their personal data from third-party providers.

The Californian law may be one of the reasons a federal regulation is now up for debate. If each U.S. state enacted their own regulations, technology companies would have to comply with 50 separate data regulations. A federal law would cover the entire country.

GDPR, technology and the future of data

Regulators won’t only have to determine the need, scope and potential applications of a new data privacy law, but they will also have to consider the infrastructure necessary. The EU had already implemented faster payments and other important facets for open banking, but the U.S. payment ecosystem is still catching up.

Today’s payments ecosystem now supports open banking and data transparency, which would presumably be required under a GDPR-like law. U.S. banks and other businesses would need to consider new technologies, given how far behind they are when it comes to faster payments. APIs are becoming a larger part of the payments landscape in the EU and should a similar regulation pass in the U.S., banks will need to make use of them as well.

Of course, this all depends on where lawmakers and consumers land when it comes to the future of data and online connectivity. It’s still not clear whether the U.S. will implement something with the same scope of GDPR, but new data infrastructure is necessary if the country wants to support consumers’ and businesses’ overwhelming call for data privacy.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.