As Europe has been on a regulatory binge over the last few years, debating a vast array of new internet and data-related legislation, it is important to remember that one of its most signature data-related pieces of legislation, GDPR, has actually substantially weakened privacy protections for European Union citizens. It turns out that US companies are also exploiting another provision within GDPR: the fact that it does not apply to US companies that don’t have a direct business connection to the EU, enabling them to mass harvest, repackage and resell the data of EU citizens who visit the US.
While touted as a major privacy breakthrough, the reality is that GDPR has backfired quite spectacularly, rolling back many of the most sacrosanct privacy protections that European citizens previously enjoyed.
Most famously, after years of previous regulations prohibiting facial recognition, GDPR finally granted Facebook the right to roll out its facial recognition algorithms across the entire EU. Previous laws prohibited Facebook from deploying its vaunted facial recognition systems in the EU, but GDPR rolled back all of these protections, allowing the company to finally deploy its tools unfettered across the EU.