Brooklyn Law Review


Recent news articles discuss the flooding of email inboxes with lengthy terms and condition updates, viral videos of Mark Zuckerberg’s public Cambridge Analytica hearing before Congress, and the phenomenon of internet advertisements appearing for items that consumers merely searched for on Google a day prior. Effective as of May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) established a framework that sets legal standards targeted at businesses and other data collectors to dramatically increase data privacy protections for citizens of the EU. Consumers, however, do not seem to appreciate these increased protections, as they rarely read the updated privacy terms and conditions provided via notifications and email notices. Such behavior suggests that consumers would prefer to keep receiving curated and personalized services, like “New Music Friday” Spotify playlists, rather than gaining transparency over how those services are so thoughtfully created. This note argues that the benefits of the GDPR’s increased data privacy are overshadowed by the burdens the GDPR imposes on businesses. As the U.S. moves towards adopting similar data privacy legislation, Congress should create laws with simpler restrictions, clearer guidelines, and more lenient standards, so the consumer benefits of data privacy reform can be achieved without imposing such large hindrances on companies.