EU urges Washington to adopt its privacy laws

The European Union's top privacy official has called on the United States government to adopt a European style of tough new privacy law as a precursor to broader talks between Brussels and Washington on sharing of data by big business.

Vera Jourova, the European commissioner for justice, consumers and gender equality, said that a US privacy law — similar to EU's General Data Protection Regulation, or GDPR — would make the US "perfect partners" for a data flow agreement that would allow US and European businesses to freely share the personal information of their citizens, the Financial Times reported on Sunday.

The GDPR, which took effect on May 25, 2018, aims to give control to individuals over their personal data and to simplify the regulatory regime for international business by unifying the regulation within the EU. It replaces the 1995 Data Protection Direction.

GDPR forces businesses to hold sensitive personal information for the shortest time possible and allows EU citizens to demand to know what information companies have about them and whether it is being shared with third parties.

Under the GDPR, data privacy breaches carry a hefty penalty of up to 4 percent of a company's annual global turnover or 20 million euros ($22 million), depending on whichever is greater.

Jourova, a Czech national, was in Washington early this month meeting US officials and lawmakers to promote data privacy protection.

In a talk at the Brookings Institution on April, she described the GDPR as "working well" and "starting to see positive trend".

"We strongly call to our American allies that it is time to shift up the gear to work together and to become global rule-maker rather than wait on the sidelines and become a rule-taker," she said.

US Commerce Secretary Wilbur Ross condemned the GDPR in an op-ed in the Financial Times just a few days after it took effect, saying it is "likely to create barriers to trade". But in August, David Redl, an assistant secretary at the department, indicated the US government plans to work on data privacy issues.

Some US states have since stepped up legislation. Last June, California signed into law the California Consumer Privacy Act, viewed as a stringent data privacy law more like GDPR. Other states, such as Alabama, Vermont, Virginia, Oregon and Louisiana, have also taken some measures.

Facebook founder Mark Zuckerberg and Apple's CEO Tim Cook have also called on the US to adopt strict privacy protections like those in Europe, while some tech groups want a relatively lax privacy standard.

Jourova welcomed steps to adopt a federal law that would significantly upgrade digital privacy protections for US citizens.