White House explores voluntary US alternative to GDPR, but don’t expect major changes from regulation-averse Trump admin

The White House has begun talking to industry groups about federal policy changes that could help protect consumers’ digital privacy, but such steps from the Trump administration — which prides itself in reducing regulation — are not likely to go nearly as far as the EU’s GDPR.

Note: OWI Labs research “Trust Safety & Compliance: A Survivor’s Guide to GDPR-mageddon” is now available.

Citing unnamed sources, Axios reported on Wednesday that the White House has begun to explore data privacy best practices in the wake of Europe’s General Data Protection Regulation.

But while GDPR is the law of the land in the EU, and it comes with considerable teeth in the form of fines, it’s unlikely that the Trump administration would take that approach. Instead, officials have been talking with tech industry groups about implementing a “counter-weight to GDPR so it is not the de-facto global standard,” the report said.

If the Trump administration does pursue the efforts, Axios sources indicated the White House could take a few different approaches, including directing the National Institute of Standards Technology to develop guidelines, or issuing an executive order to develop voluntary privacy best practices via a public-private partnership.

In looking to create the yin to GDPR’s yang, Gail Slater — special assistant to President Trump for tech, telecom and cyber policy at the White House National Economic Council — has reportedly praised aspects of the EU law that give consumers control and access over their data. But she also cautioned that some portions, such as the so-called “right to be forgotten,” may not be possible in the U.S.

Interest from the executive branch comes in the wake of a number of high-profile data breaches, including the Cambridge Analytica scandal, in which improper access to data was used in an attempt to influence the outcome of U.S. elections. That culminated in Facebook Chief Executive Mark Zuckerberg testifying before Congress about what his company has and has not done to protect sensitive personal data from the likes of Cambridge Analytica.

OWI Insight from Ross Nodurft, OWI Vice President, Risk Management Leader, and former head of the White House Office of Management and Budget cybersecurity team: “The administration is unlikely to do anything at this time that would increase data privacy regulations. While I am glad that the National Economic Council is engaged in these discussions, the Trump administration continues to roll back regulations of all types, making it hard to imagine that they promulgate new regulations — especially ones that would be as difficult to balance with all interested stakeholders.”