By Janelle M. Lewis, Attorney and Business Strategist
As the debate around data privacy and the use of TikTok intensifies, I can’t help but think that solution to the controversy lies within the U.S. Congress.
Here are a few questions to consider when discussing the protection of the personal data of U.S. Residents when it is transferred and/or processed outside the U.S.:
- Should Congress develop a comprehensive U.S. data privacy framework to protect the personal data of U.S. residents when their data is transferred outside of the country?
- Should there be bilateral data privacy frameworks with other countries to protect the collection/transter and processing of personal data from U.S. residents that are sent to other countries – similiar to that of the GDPR?
- Should foreign companies that collect the personal data of U.S. residents be held to more stringent data privacy regulations?
So is it all about TikTok?…Maybe It’s Not…
Maybe the heart of the controversy is not about TikTok per se but what happens to American personal data when it is collected and/or transferred to another country. Since there is no comprehensive U.S. data privacy law to protect U.S. data once it leaves the U.S. – how can foreign companies be expected to priortize the protection of the personal data of U.S. residents? Where is the strategic advantage within a marketplace where data is gold? As the debate around data privacy and the use of TikTok intensifies, I can’t help but think that maybe the heart of the controversy is not about TikTok per se but what happens to American personal data when it is collected and/or transfered to another country.
Should Congress develop a comprehensive framework to protect the personal data of U.S. residents when their data is transferred and/or processed outside of the U.S.?
The short answer is YES. Data is an amalgamation of gold and water where it has a lot of value and flows everywhere. The truth is, it is not reasonable from a business sense to expect organizations to enforce data privacy protections if there is no regulatory or compliance framework. This is especially true if self-regulating does not have a net positive increase in their value proposition and/or their competitive position. It is the role of Government to protect its citizens – and in this case their personal data.
Will having a Comprehensive U.S. Privacy Framework solve the “TikTok” controversy?
It depends. I do believe, however, that creating an enforceable, comprehensive U.S. Privacy framework that protects the personal data of U.S. residents that is collected, and/or processed abroad could be a step toward a solution.
Data is an amalgamation of gold and water where it has a lot of value and flows everywhere. The truth is, it is not reasonable from a business sense to expect organizations to enforce data privacy protections if there is no regulatory or compliance framework. This is especially true if self-regulating does not have a net positive increase in their value proposition and/or their competitive position.