Data protection and privacy laws are being introduced or reviewed around the world in an effort to keep pace with technologies and strengthen the protection of personal data and privacy online. It is important to look at how these regulations are being implemented and whether they help consumers exercise their privacy and data protection rights. But how consistent are consumers’ experiences across different markets?
This research examines how aspects of privacy and data protection are working for consumers in two major economic areas – the EU and the US. Both have high levels of digital use, and major online providers offer very similar services in both regions. However, their legal approach to data protection and privacy are very different: while the EU has a general data protection law, the US to-date has not enacted such an all-encompassing law at the federal level.
Three major services providers, Amazon, Netflix and Spotify, were selected to examine to what extent their customers based in the US receive a standard of privacy and data protection comparable to that of their EU customers. This was done through a mixture of mystery shopping, requests for access to personal data made by volunteers, and an analysis of existing EU and US legislation including the General Data Protection Regulation (GDPR) and the e-Privacy Directive (ePD) in the EU, and the California Consumer Privacy Act (CCPA) in the US, which at the time of analysis and publication of this report, has not yet entered into force.