In the article What is GDPR? Everything you need to know about the new general data protection regulations Danny Palmer outlines the details of the General Data Protection Regulation, Europe’s base for digital privacy and related policies. GDPR has jurisdiction to all organizations that reside within the EU or provide service to EU citizens or companies. This is in addition to any company that has to abide by laws within its own residencies jurisdiction. GDPR defines its policies application to two different entities, a processor and a controller. The primary purpose of GDPR is to ensure organizations gather personal data under uncompromising conditions, prevent its exploitation, and “respect the rights of the data owners.” If any of these are not met correctly then the organization will be penalized for its uncooperation. In this case analysis I will provide an ethical argument in favor of the United States adopting a similar regulatory system using the Kantianism tool because individualism and therefore an individual’s consent is integral to Kantianism and American culture. Being responsible with an individual’s personal information is particularly important, and should be expected that any breaches of this information be reported to follow the categorical imperative specified in Kantianism. With individualism being integral to these two individual autonomy is just as crucial, and an organization should be limited to help secure these two culturally and ethically significant characteristics of Kantianism and the United States of America. 

In But the data is already public selection by Michael Zimmer, the distinction of ethically obtained information is made when discussing research projects involving personal data. Zimmer makes the point that just because something may be available through public access does not mean the collection and distribution of that data is consensual. When presenting this information along with the categorical imperative, consent must be expressed and the individual in which consent is required must be presented with contextual information as to the reasons they should consent. Individuals are expected the right to know when their personal data will be used and be able to challenge its collection and distribution. 

Referring to the United States implementation of a regulation system similar to GDPR, this would apply basic requirements for organizations to obtain personal data regardless of their access to it. This is because the handling of personal data will be heavily regulated in order to protect the individual, which is a key position in Kantianism. Individuality being protected by other individuals is represented heavily within Kantianism and therefore applies to the regulation of an individual’s personal data via an organization. An Individual’s consent should be necessary to access their private information regardless if that information is found within any public manner, if consent is not required there can be no respect given to one’s individual autonomy of their information by the organization. The violation of this individualism by modern corporations and organizations within the United States is far beyond the threshold that should be expected. An example of how something was accessible via public access is addresses or birthdates. These are what I would consider personal identifying information vital to me as an individual, these are publicly accessible and directly tied to the individual with that information. Considering this is technically public information, I would expect autonomy over my decisions to allow an organization to obtain or distribute it either in exchange for a service or for a service itself. 

The implementation of a similar regulation to GDPR in the United States would significantly secure individualism. By forcing an organization to receive consent from an individual for their personal information regardless of public access would secure the individual’s right to privacy. By giving the individual a choice in their distribution of their personal information the regulation is securing the individual’s right to privacy and subsequently their individual autonomy. Forcing an organization to report on breaches or loss of personal information pertaining to any individual would give the individual more information regarding their safety and therefore individual autonomy to make decisions based on the information presented. This would further increase the incentive for an organization to improve security of personal information in order to uphold their reputation and keep their organization from taking unnecessary negative consequences. Although the United States has a significantly different culture than the EU, these regulations would perfectly abide by the individualism that is so heavily valued within that culture. If regulations outlining these requirements are implemented for all organizations, then this would abide by the categorical imperative detailed by Immanuel Kant. 

In Buchanan’s Considering the ethics of big data research: A case of Twitter and ISIS/ISIL Buchanan specifies a particular problem with the use of big data and the consent that is used along with it. Buchanan analyzes that users may consent to their information being used for a particular reason presented, but would not consent with another reason. The organization can still use their data in pursuit of that other reason. This is a unique and unexpecting thing to consider when discussing big data and its ethics regarding privacy.

When proposing this key point alongside Kantianism one can improve the systems of GDPR and a similar implementation into the United States legislation. By forcing a company to report its handling of an individual’s personal data, this negates the problem presented by intentional misdirection of the consumer and naivety of the consumer. By giving the individual the correct contextual information regarding the organizations use of their personal data, these regulations are also giving that individual the ability to make choices with valuable information. This would additionally secure an individual’s autonomy over their personal data, which is supported by Kantianism and American identity of individualism. 

The regulations should enforce a policy that requires the organization to detail all possible uses of the individual’s personal information in a highly specific and meticulous manner that would not allow for any confusion by the individual. This would possibly allow an individual to consent to one use of his personal data, but not to another use. This would prevent the problem presented in Buchanans text by possibly giving the individual the ability to consent to specific things rather than a broad and vague use. Requiring an organization to report any breaches in their personal data holdings to the individuals affected would allow for individuals to reevaluate their consent and possibly revoke it. This would give the individual significantly more power over their personal data and its uses, while also giving significant incentive for organizations to properly secure that same personal information. This would assist in the United States taking steps toward a modernized privacy protections system as the internet further develops, ensuring the culture of individualism is protected and Kantianism is implemented into the ethics of the individually affected.

The same principles implemented in GDPR are expected on an individual level. Considering the categorical imperative, each of these regulations would force an organization to respect an individual’s right to privacy and autonomy over their personal information. This is ethically represented by Kantianism. If an organization’s goal is to profit off of exploiting an individual’s personal data, then according to Kant, it is not ethically permissible because the motive is bad therefore the consequence is bad. This is because if you must do something negative to achieve something good, what you wished to achieve cannot be worth the negative action. Therefore anything that violates the individual’s consent, autonomy or individualism in any way shape or form will not be ethical as Kant defines the means to an end as the moral variable, and the end can not be justified by negative means.

In conclusion, it is imperative that the United States follow similar modernized regulations such as GDPR in the EU. This would uphold the American culture of individualism and the Kantianism opinion on ethics. These regulations are not permanent and can be modified as time progresses. Some may argue that the United States has had personal information obtained and distributed far too much for far too long, and that regulating it now would severely impact society within the United States. The significance of social media organizations that heavily involve personal information to profit within their business model would significantly impact the foundation of society and the economy within the United States if heavily restricted by these regulations. I disagree, I believe that strategically implementing these regulations would significantly help the growth of our nation and the security of our people. Technology changes constantly, the United States has yet to implement legislation that successfully adapts to those