There are many reasonable proposals in the article but they are only wishful thinking: there is no way the USA passes a law similar to GDPR, no matter what people want and how many similar articles appear.
As for GDPR: at least in Germany it's problematic. Our system typically relies on competitors to enforce law abidance in companies (so called "Abmahnungen" based on the "Gesetz gegen den unlauteren Wettbewerb", UWG for short, a set of laws regarding unlawful competition). One court recently ruled that GDPR violations don't fall under those laws (https://www.datenschutzbeauftragter-info.de/landgericht-stut...).
That leaves us with:
- reporting violations to the officials. They are chronically understaffed, have little technical expertise and it takes months to years for them to act. They are very hesitant to hand out fines, but theoretically can.
- individual citizens suing a company to force them to abide by the law. This is rare because the citizen will have to cough up the money to go to court, and even if he wins, the company will only be forced to abide by the laws regarding this citizen, not in general.
- publicly shaming companies into compliance.
A higher court might have different opinions, and I very much hope they will, because GDPR quickly becomes meaningless without enforcement.
Edit: I have literally no idea why this is downvoted. Unless it's just because you personally don't like me, please leave a comment explaining what is incorrect.
Unless the site is only available to German users, you should be able to file a complain with any of EU member state regulators, and not all are so timid as that.
NOYB, the non-profit org founded by Max Schrems, has already been filing complaints with the French, Austrian, Belgian and German authorities: https://noyb.eu/
> Unless the site is only available to German users, you should be able to file a complain with any of EU member state regulators, and not all are so timid as that.
You can, but they will forward that to the applicable authority, which will be the local German one for German sites.
For very large companies that do business in many countries regulators have various concerns (power of the company relative to the country, jurisdiction shopping via choice of headquarters location, etc) that don't apply for the typical case of a German company with a German audience.
On filing complaints and being informed that they were forwarded to the local authority that has jurisdiction.
https://gdpr.eu/article-55-supervisory-authority-competence/ also states Each supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State, and article 56 adds to that.
Well, we'll see what CCPA looks like by the end. If someone else makes a different law then a federal law will come so as to harmonize the requirements. If no one else makes a different law, CCPA will become a de facto federal law because you ignore California to your own detriment.
