The general data protection regulations (GDPR) were put in place back in May 2018 and gave more protections to individuals’ personal data. These protections extend to holding companies liable for any mishandling or breach of user data, including companies to which they lend/sell that data, data to classifying personal information data across the board in the EU, to further ensure privacy when data is collected. In this case analysis, I will argue that the United States should follow the EU’s footsteps and adopt similar data protection laws to that of the GDPR, which are inherently very Kantian, by giving respect to User’s data and holding those that abuse or misuse that data responsible for their actions and their partner’s actions.

Zimmerman mentions two theories regarding how people view privacy, the Harm-based theory which states that privacy is not violated till it harms, and the other theory which is one the European Union seems to be following is the dignity-based theory, where when once an individual loses control over their privacy is when privacy is breached not when harm is done, which is a very Kantian approach to data protection, and what the GDPR is fighting for. The GDPR is very strict on data collection and handling user data and gives more power back to users, and significantly increases the liability of the companies in case they fail to comply with the GDPR and in the case, in which the company is found at fault for a breach.

Zimmerman also brings up topics related to Personally Identifiable Information (PII). PII is generally known as any information that can be used to identify someone, however, Zimmerman mentions that it is entirely difficult to decide what is personally identifiable information. The GDPR helps identify and classify information that is personal and protects it like address pictures names and even IP addresses. This makes every company that operates in the EU or works with companies that operate in the EU, operate on the same level of compliance, respect, and responsibility for users’ data.

The Zimmerman reading gives a perfect example of when companies, in this case, a group of researchers straight circumvent privacy settings and are incompetent with the data they handle and the liability of these actions. The researchers claim the data they collect was visible and available to everyone already on Facebook, however, that is not entirely true as they used research students at Harvard to collect the data, this circumvented Facebook’s privacy setting of who can view their profile, I believe the options are, Open, Friends of Friends, just friends. The data set they released included profiles that were set to not open and were not available to everyone. This also shows their incompetence to not ensure that the data they released was entirely public information, and they had no direct contact with the subjects so their permission was not given nor not given. This violates the respect of one free will that Kantianism stands for, and the GDPR in a Major fine of 10 million or 4% with a direct violation of data subjects’ rights. In this example, the researchers were the data controllers and processors because they were deciding what to do with the data and the ones handling and using the data for their purpose. This fine will also be a major deterrent for small unethical companies that collect data and sell it to whoever will buy it in order to just generate money off its users, and significantly reduce the selling of data to either incompetent or unethical buyers. This fine forces companies to become more honorable and companies previously unhonorable are now struggling to find buyers to sellers of data.

The new regulations that the EU has introduced are very Kantian in itself, giving control back to the people and increasing transparency between user and company, here in the US, it is nearly impossible to tell what companies are taking what data and when, and it is entirely up to the companies to decide their level of transparency and if they lose that data, they hide behind any claims that that data was already “Public” and face minimal repercussions

Buchanan’s reading talks about the change of human subject to data subject and if those people have rights. The classification of a data subject is vague and currently does not extend the same rights that of a human test subject.  Buchanan touches on Begini’s idea of being able to consent to either marking use of data or intelligence use of data, and as Buchanan states that is nearly impossible in the US, it is difficult to locate every single device, program, and services you use to find the opt-out or stop using. The GDPR forces companies to give send out notifications that remind them they collect their data, and what data, and give them the option to back out of the data collection. The article does point out that some companies are already doing this by sending out periodic emails with detailed information bout how, why, and what data they collect. Buchanan at the end of the reading, asks the question “Do data subjects have rights” and according to the regulations made by the EU, yes they do. The GDPR gives any data collected by any company operating in the EU inherent rights, and any company that does not comply with the rights given to the data will be severely punished. Another right that the GDPR gives to individuals is the right, to see what data is being collected and how it is used, and always with an option to back out of data collection. This is exactly what it means to treat everyone with the respect they deserve and to not use people or their data without permission or informing them. That is another reason why I believe that the GDPR is Kantian in itself.

The EU’s new regulations surrounding data protection are respectful to users and treat everyone fairly, the US should follow suit in the Kantian way and adopt similar data protection laws to help give control and options back to the users and to increase transparency and honesty. These new regulations do disrupt a lot of business models of various companies and services, especially free services that require data collection, and if these new regulations drive up the operating cost significantly, free services might remain free for a long. The punishments for violating the regulations are somewhat harsh for smaller companies with the minimum fine being 10 million euros. The new regulations from the EU are not trying to stop data collection, it does understand the benefits that can come from data collection, such as intelligence and research, however, it allows it to happen in a more honorable way, a more Kantian way, and the United States should follow the EU’s lead.

The United States’s laws surrounding user data collection are severely outdated and give lots of power and access to organizations, companies, and researchers. Currently, once a company has your data, they can pretty much do whatever they want with it as long as they do not get caught, which is not hard. The European Union has recognized this and has come up with the GDPR, a very strict and regulatory piece of legislation that severely limits the capabilities of organizations with their collection use, and selling of user data. The abuse of social media and user data is obscene and must be handled in the United States. As stated before the GDPR would ruin a lot of small free services, that use data collection and selling to keep the product, but would not be impossible due to the selling of data not being prohibited, the company selling the data would just have to be more careful and chose more respectable buyers because they are still responsible for any violations of the GDPR, and will be fined severely.