Jayne Chorpash



This note examines the General Data Protection Regulation implemented in the EU in 2018. The GDPR was the result of a long history of data privacy laws that have been met with varying levels of success. While the GDPR has retained many characteristics that have made past privacy laws successful, it has also made some important changes. Most notably, the GDPR gives generous rights to consumers to guard and protect their data, which is of growing concern in light of how easy it is to share information in our modern age. Additionally, the GDPR has a much broader territorial scope, covering data processing activities related to either the offering of goods or services to EU data subjects or the monitoring of their behaviors within the EU. As a result, the hefty fines imposed for violating the GDPR have forced many companies to comply quickly. This note continues by comparing the GDPR’s regulations with those of the United States and concludes that, although there may be more upfront barriers and costs to adopt regulations as stringent as the GDPR, overall, the GDPR is superior to privacy laws in the United States. Finally, this note concludes by briefly examining the future of the GDPR, as well as the potential for GDPR-like regulations to be adopted in the United States.